checking-infrastructure-compliance
Execute use when you need to work with compliance checking. This skill provides compliance monitoring and validation with comprehensive guidance and automation. Trigger with phrases like "check compliance", "validate policies", or "audit compliance".
Best use case
checking-infrastructure-compliance is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Execute use when you need to work with compliance checking. This skill provides compliance monitoring and validation with comprehensive guidance and automation. Trigger with phrases like "check compliance", "validate policies", or "audit compliance".
Teams using checking-infrastructure-compliance should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/checking-infrastructure-compliance/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How checking-infrastructure-compliance Compares
| Feature / Agent | checking-infrastructure-compliance | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Execute use when you need to work with compliance checking. This skill provides compliance monitoring and validation with comprehensive guidance and automation. Trigger with phrases like "check compliance", "validate policies", or "audit compliance".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Checking Infrastructure Compliance ## Overview Audit infrastructure configurations against compliance frameworks (CIS Benchmarks, SOC 2, HIPAA, PCI-DSS, GDPR) using policy-as-code tools like Open Policy Agent (OPA), Checkov, and tfsec. Generate compliance reports, identify violations, and produce remediation plans for Terraform, Kubernetes, and cloud provider configurations. ## Prerequisites - Policy-as-code tool installed: `checkov`, `tfsec`, `opa`, or `kube-bench` - Infrastructure-as-code files (Terraform, CloudFormation, Kubernetes manifests) in the project - Cloud provider CLI authenticated with read access to resources - Compliance framework requirements documented (CIS, SOC 2, HIPAA, PCI-DSS) - `jq` for parsing JSON policy outputs ## Instructions 1. Identify the applicable compliance framework(s) based on industry and data classification 2. Scan Terraform files with `checkov -d .` or `tfsec .` to detect misconfigurations 3. Scan Kubernetes manifests for security issues: missing resource limits, privileged containers, missing network policies 4. Validate IAM policies for least-privilege violations using cloud-native tools (`aws iam access-analyzer`) 5. Check encryption at rest and in transit: verify S3 bucket encryption, database TLS, and EBS volume encryption 6. Audit logging configurations: confirm CloudTrail/Cloud Audit Logs are enabled and sent to immutable storage 7. Generate a compliance report mapping each finding to the relevant control (e.g., CIS AWS 2.1.1) 8. Produce remediation Terraform/YAML patches for each violation with severity ranking (Critical, High, Medium, Low) 9. Set up CI/CD integration so compliance checks block merges on Critical/High violations ## Output - Compliance scan results in JSON/SARIF format for CI integration - Markdown compliance report with control mappings and pass/fail status - Remediation code patches (Terraform diffs, Kubernetes manifest updates) - OPA/Rego policy files for custom organizational rules - CI/CD pipeline step configuration for automated compliance gating ## Error Handling | Error | Cause | Solution | |-------|-------|---------| | `checkov: no Terraform files found` | Scanner run from wrong directory | Specify path explicitly with `-d path/to/terraform/` | | `tfsec: failed to parse HCL` | Syntax error in Terraform files | Run `terraform validate` first to fix HCL syntax before compliance scan | | `False positive on compliance check` | Rule too broad for the specific use case | Add inline skip comments (`#checkov:skip=CKV_AWS_18:Reason`) or create a `.checkov.yml` skip list | | `OPA policy evaluation error` | Rego syntax error or missing input data | Test policies with `opa eval -d policy.rego -i input.json` and validate Rego syntax | | `Scan timeout on large codebase` | Too many files or complex module references | Use `--compact` mode, scan directories individually, or increase timeout limits | ## Examples - "Run a CIS Benchmark compliance check against all Terraform files and generate a report with remediation steps for Critical findings." - "Create OPA policies that enforce: all S3 buckets must have encryption, all EC2 instances must have IMDSv2, and all security groups must not allow 0.0.0.0/0 ingress." - "Scan Kubernetes manifests for PCI-DSS compliance: verify no privileged containers, all pods have resource limits, and network policies exist for every namespace." ## Resources - Checkov: https://www.checkov.io/ - tfsec: https://aquasecurity.github.io/tfsec/ - Open Policy Agent: https://www.openpolicyagent.org/docs/latest/ - CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks - kube-bench (CIS for Kubernetes): https://github.com/aquasecurity/kube-bench
Related Skills
soc2-compliance-checker
Soc2 Compliance Checker - Auto-activating skill for Security Advanced. Triggers on: soc2 compliance checker, soc2 compliance checker Part of the Security Advanced skill category.
checking-session-security
This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin. Activates when you request "checking session security" functionality.
validating-pci-dss-compliance
This skill uses the pci-dss-validator plugin to assess codebases and infrastructure configurations for compliance with the Payment Card Industry Data Security Standard (PCI DSS). It identifies potential vulnerabilities and deviations from PCI DSS requirements. Use this skill when the user requests to "validate PCI compliance", "check PCI DSS", "assess PCI security", or "review PCI standards" for a given project or configuration. It helps ensure that systems handling cardholder data meet the necessary security controls.
checking-owasp-compliance
This skill uses the owasp-compliance-checker plugin to automatically identify potential security vulnerabilities based on the OWASP Top 10 (2021) list. It helps ensure your application adheres to industry-standard security practices by providing a detailed analysis of compliance gaps and offering remediation guidance. Use this skill when you need to audit your code for OWASP compliance, identify and fix vulnerabilities, or generate a compliance report. Trigger this skill by asking to "check OWASP compliance", "scan for OWASP vulnerabilities", or using the `/owasp` shortcut.
license-compliance-scanner
License Compliance Scanner - Auto-activating skill for Security Fundamentals. Triggers on: license compliance scanner, license compliance scanner Part of the Security Fundamentals skill category.
collecting-infrastructure-metrics
This skill enables Claude to collect comprehensive infrastructure performance metrics across compute, storage, network, containers, load balancers, and databases. It is triggered when the user requests "collect infrastructure metrics", "monitor server performance", "set up performance dashboards", or needs to analyze system resource utilization. The skill configures metrics collection, sets up aggregation, and helps create infrastructure dashboards for health monitoring and capacity tracking. It supports configuration for Prometheus, Datadog, and CloudWatch.
detecting-infrastructure-drift
This skill enables Claude to detect infrastructure drift from a desired state. It uses the `drift-detect` command to identify discrepancies between the current infrastructure configuration and the intended configuration, as defined in infrastructure-as-code tools like Terraform. Use this skill when the user asks to check for infrastructure drift, identify configuration changes, or ensure that the current infrastructure matches the desired state. It is particularly useful in DevOps workflows for maintaining infrastructure consistency and preventing configuration errors. Trigger this skill when the user mentions "drift detection," "infrastructure changes," "configuration drift," or requests a "drift report."
generating-infrastructure-as-code
This skill enables Claude to generate Infrastructure as Code (IaC) configurations. It uses the infrastructure-as-code-generator plugin to create production-ready IaC for Terraform, CloudFormation, Pulumi, ARM Templates, and CDK. Use this skill when the user requests IaC configurations for cloud infrastructure, specifying the platform (e.g., Terraform, CloudFormation) and cloud provider (e.g., AWS, Azure, GCP), or when the user needs help automating infrastructure deployment. Trigger terms include: "generate IaC", "create Terraform", "CloudFormation template", "Pulumi program", "infrastructure code".
checking-hipaa-compliance
This skill enables Claude to automatically check for HIPAA (Health Insurance Portability and Accountability Act) compliance issues in codebases, infrastructure configurations, and documentation. It leverages the hipaa-compliance-checker plugin to identify potential violations related to data privacy, security, and access controls. Use this skill when the user explicitly requests to "check HIPAA compliance", "scan for HIPAA violations", "assess HIPAA readiness", or similar phrases related to HIPAA audits and security best practices. It is useful for projects handling protected health information (PHI) and requiring adherence to HIPAA regulations.
scanning-for-gdpr-compliance
This skill enables Claude to scan applications and data systems for GDPR compliance issues. It identifies potential violations related to data protection, privacy rights, consent management, and other regulatory requirements. Use this skill when the user asks to "scan for GDPR compliance", check "GDPR compliance", or audit for "data privacy". The skill leverages the `gdpr-compliance-scanner` plugin to perform a comprehensive assessment and generate a detailed report.
cursor-compliance-audit
Compliance and security auditing for Cursor IDE usage: SOC 2, GDPR, HIPAA assessment, evidence collection, and remediation. Triggers on "cursor compliance", "cursor audit", "cursor security review", "cursor soc2", "cursor gdpr", "cursor data governance".
generating-compliance-reports
This skill enables Claude to generate compliance reports based on various security standards and frameworks. It leverages the compliance-report-generator plugin to automate the report creation process. Use this skill when a user requests a "compliance report", "security audit report", or needs documentation for "regulatory compliance". The skill is particularly useful for generating reports related to standards like PCI DSS, HIPAA, SOC 2, or ISO 27001. It can also assist with documenting adherence to specific security policies. Activates when you request "generating compliance reports" functionality.