Back to Cookbook

Audit Armor

Generate SOC2 evidence in minutes, not weeks

Runs infrastructure compliance checks using open-source tools (checkov, tfsec, kube-bench, prowler) and generates formatted evidence mapped to compliance framework controls. Turns weeks of screenshot-taking into an automated evidence package.

House RecipeWork5 min

INGREDIENTS

🐙GitHub💬Slack

PROMPT

Create a skill called "Audit Armor". Run compliance checks and generate audit evidence: 1. Run infrastructure scanning tools: - `checkov -d .` on Terraform code - `tfsec .` for Terraform security - `prowler` for AWS CIS benchmarks - `kube-bench` for Kubernetes CIS benchmarks 2. Map findings to compliance framework controls (SOC2, HIPAA, PCI, or CIS — ask me which) 3. For each control, document: - Control description - Evidence gathered (command output, config snippets) - Pass/Fail status - Remediation steps if failing 4. Generate a gap analysis summary: % passing, top failing controls, prioritized remediation plan 5. Export as a structured report I can share with auditors Focus on actionable output — auditors want specific evidence, not summaries.

How It Works

Compliance audits demand evidence that specific controls are in place —

encryption at rest, logging enabled, access controls configured. This

skill gathers that evidence programmatically from your infrastructure.

What You Get

  • Infrastructure scanning via checkov, tfsec, prowler, and kube-bench
  • Findings mapped to compliance framework controls (SOC2, HIPAA, PCI-DSS, CIS)
  • Evidence package: formatted documentation of each control with proof
  • Gap analysis: what's passing, what's failing, what's not covered
  • Remediation plans for failing controls with IaC code snippets
  • Exportable report for auditors

Setup Steps

  1. Tell your Claw which compliance framework you're targeting
  2. Provide access to your Terraform code and/or cloud CLIs
  3. Run the scan and review the gap analysis
  4. Follow remediation steps for failing controls
  5. Export the evidence package for your auditor

Tips

  • Start with CIS benchmarks — they map to most compliance frameworks
  • prowler covers AWS-specific checks that general tools miss
  • kube-bench checks Kubernetes CIS benchmarks specifically
  • Run before the audit, not during — give yourself time to remediate
  • Keep the evidence package in version control for audit trail
Tags:#compliance#security#audit#devops