Installation

Open Claude Code and run this command:

/plugin install security-audit-reporter@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Generate comprehensive security audit reports with vulnerability assessments, compliance status, and remediation roadmaps.

Features

Executive Summaries - High-level security posture for leadership
Technical Details - In-depth vulnerability analysis for security teams
Compliance Tracking - OWASP, GDPR, HIPAA, PCI-DSS, SOC2 status
Remediation Roadmaps - Prioritized action plans
Multiple Formats - PDF, HTML, JSON, Markdown
Trend Analysis - Security metrics over time

Skills (1)

generating-security-audit-reports SKILL.md View full skill →

Generate comprehensive security audit reports for applications and systems.

ReadWriteEditGrepGlobBash(security-scan:*)Bash(report-gen:*)

Generating Security Audit Reports

Overview

Aggregate vulnerability scan results, configuration analyses, and compliance assessments into a structured, auditor-ready security report. Map every finding to a CVSS severity, applicable compliance control (PCI-DSS, HIPAA, SOC 2, GDPR), and a prioritized remediation timeline.

Prerequisites

Vulnerability scanner outputs (Nmap, Nessus, OpenVAS, OWASP ZAP) available in ${CLAUDESKILLDIR}/security/
Application and infrastructure configuration files accessible
SAST/DAST tool results (e.g., Semgrep, Snyk, Trivy, Bandit)
Applicable compliance framework documentation identified (PCI-DSS v4.0, HIPAA Security Rule, SOC 2 TSC, GDPR)
Write permissions for report output directory ${CLAUDESKILLDIR}/reports/

Instructions

Inventory all available security data sources by scanning ${CLAUDESKILLDIR}/security/ for scanner outputs, log files, and configuration exports.
Parse vulnerability findings and normalize severity using CVSS 3.1 base scores: Critical (9.0-10.0), High (7.0-8.9), Medium (4.0-6.9), Low (0.1-3.9).
Cross-reference each finding against applicable compliance controls. Map to specific PCI-DSS requirements (e.g., Req 6.5 for injection flaws), HIPAA safeguards, or SOC 2 Common Criteria.
Deduplicate findings across scanners and merge related vulnerabilities into consolidated entries with all affected assets listed.
Classify access control weaknesses, encryption gaps, and authentication deficiencies into separate report sections.
Generate an executive summary including total findings by severity, overall risk score, and top-5 critical remediation priorities.
Build a detailed findings table: finding ID, CWE number, affected component, CVSS score, compliance mapping, remediation steps, and evidence links.
Produce a compliance status matrix showing pass/fail/partial for each applicable standard requirement.
Create remediation recommendations with effort estimates (hours), priority ranking, and suggested timelines.
Format the final report as Markdown to ${CLAUDESKILLDIR}/reports/security-audit-YYYYMMDD.md. Optionally produce JSON for Jira/ServiceNow import.

See ${CLAUDESKILLDIR}/references/implementation.md for the detailed four-phase implementation workflow.

Output

Audit Report: ${CLAUDESKILLDIR}/reports/security-audit-YYYYMMDD.md containing executive summary, detailed findings, compliance matrix, and remediation plan
Findings JSON: Machine-readable findings for ticketing system import
Compliance Matrix: Per-requirement pass/fail/partial status for each applicable framework
Remediat

How It Works

/audit-report /auditreport

Ready to use security-audit-reporter?

Related Plugins

access-control-auditor

Audit access control implementations

authentication-validator

Validate authentication implementations

compliance-report-generator

Generate compliance reports

cors-policy-validator

Validate CORS policies

csrf-protection-validator

Validate CSRF protection

data-privacy-scanner

Scan for data privacy issues

Tags
securitycomplianceauditing