afiqiqmal

afiqiqmal / claude-security-audit

Public

Claude Code slash command for white-box security auditing with OWASP Top 10:2025 and NIST CSF 2.0 mapping

10
3
100% credibility
Found Mar 05, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

A set of instructions and files that enable AI coding assistants to perform detailed security audits on software projects, mapping issues to standards like OWASP Top 10:2025, CWE, NIST CSF 2.0, and various compliance frameworks.

How It Works

1
🔍 Discover the tool

You hear about a handy way to have your AI coding helper check your project for security weak spots, covering top risks like broken access and injections.

2
📥 Run easy setup

You grab the simple installer and run it once to add the security checking ability to your AI assistant, choosing your preferred coding tool.

3
💬 Start the audit

In your project's AI chat, you type a quick command like 'security audit' to kick off the check on your code.

4
AI reviews your code

Your AI helper scans files for issues, using checklists for common vulnerabilities and compliance rules, picking the best mode like full or quick scan.

5
📊 Receive the report

A clear report appears in your project folder, color-coded by danger level with descriptions, impacts, and optional fix suggestions.

6
🔧 Review and improve

You read the findings, triage them, apply fixes, and recheck to confirm improvements.

🛡️ Secure project ready

Your code is now audited against top security standards, safer for users and compliant with rules like OWASP and NIST.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is claude-security-audit?

This Shell-based installer deploys slash commands and prompts for AI coding tools like Claude Code, Cursor, GitHub Copilot, Windsurf, and OpenAI Codex, enabling white-box security audits on your projects. Run `/security-audit` or `@security-audit` to scan code against OWASP Top 10:2025, NIST CSF 2.0, CWE, and more, generating reports in Markdown, PDF, SARIF, or JSON with findings mapped to compliance frameworks like PCI DSS and ISO 27001. It solves manual security reviews by automating checks for 475+ attack vectors, diff scans for PRs, and CI gating via claude github actions.

Why is it gaining traction?

Unlike basic linters, it integrates directly into claude code cli workflows with modes like `diff:main` for PR code reviews, `--lite` for low-token scans, and `--pack hipaa` for compliance-specific checks across 12 frameworks. Developers grab it via one-line claude code install (curl | bash), supporting claude code windows and claude github copilot for seamless audits without extra tools. Baseline tracking and triage modes track fixes over time, making claude code security audit repeatable and actionable.

Who should use this?

Backend teams building APIs in Laravel, Next.js, or FastAPI who need OWASP Top 10:2025 coverage for PRs. Security engineers in regulated spaces like fintech or SaaS handling GDPR/SOC 2 via claude github integration. Solo devs wanting quick claude code skills boosts for gray-box tests without full SAST setups.

Verdict

Worth a claude code download for AI-assisted audits—docs are thorough, install is dead simple (even kostenlos), but with 10 stars and 1.0% credibility score, it's early-stage; test on non-prod first. Pairs well with claude github plugin for code review, but pair with established scanners for production gates.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.