prowler-compliance-review_skill

This skill reviews and validates compliance framework PRs, ensuring JSON integrity, metadata completeness, and dashboard alignment.
  • Python

12.8k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill prowler-cloud/prowler --skill prowler-compliance-review

  • SKILL.md5.7 KB

Overview

This skill reviews Pull Requests that add or modify compliance frameworks for Prowler. It automates the review workflow by validating JSON structure, checking references to implemented checks, ensuring unique IDs, and confirming ancillary files like CHANGELOG and dashboard entries. The goal is to produce clear PASS / FAIL / REQUEST CHANGES outcomes for maintainers and contributors.

How this skill works

When triggered on PRs that touch prowler/compliance/, the skill runs JSON syntax validation and a dedicated validation script to detect missing checks and duplicate requirement IDs. It then verifies the presence and format of a corresponding dashboard file, checks for a CHANGELOG entry under the correct version, and confirms framework metadata and assessment-status consistency. Finally it outputs a decision according to the decision tree: approve, request changes, or fail with concrete remediation steps.

When to use it

  • Review PRs that add new compliance frameworks (CIS/NIST/PCI-DSS, etc.).
  • Review PRs that modify existing framework JSON files under prowler/compliance/{provider}/.
  • Validate compliance JSON structure and attributes before merge.
  • Check that listed Checks map to implemented check functions in the codebase.
  • Verify dashboard and CHANGELOG updates accompany framework changes.

Best practices

  • Run python3 -m json.tool on the JSON file first to catch syntax errors quickly.
  • Execute the provided validate_compliance.py script to detect missing checks and duplicate IDs.
  • Ensure AssessmentStatus matches the presence of Checks: Automated must have checks, otherwise use Manual.
  • Add or update a CHANGELOG entry under the correct version before requesting approval.
  • Create or update dashboard/compliance/{framework}.py following the exact pattern to avoid UI regressions.

Example use cases

  • A contributor opens a PR adding CIS benchmark JSON for a new provider — validate JSON, run the script, and ensure dashboard/CHANGELOG are present.
  • A PR modifies requirement IDs — detect duplicates and request fixes before merge.
  • A framework lists checks that aren’t implemented — fail the PR and point to missing check names.
  • Quick smoke test: confirm framework appears in prowler-cli --list-compliance and run a single-check scan with --check to validate runtime behavior.

FAQ

Invalid JSON syntax, missing referenced checks in the codebase, or duplicate requirement IDs cause an immediate FAIL.

When do I REQUEST CHANGES instead of FAIL?

Request changes for missing CHANGELOG entries, dashboard files that don’t follow the pattern, or incomplete framework metadata—these are remediable without code changes.

How do I quickly validate a framework locally?

Use python3 -m json.tool for syntax, run the validate_compliance.py script, then run prowler-cli with --list-compliance and a single --check test.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
prowler-compliance-review skill by prowler-cloud/prowler | VeilStrat