Show HN: Open-source agent skill that automates SOC 2 audit prep
github.comHi HN,
SOC 2 audit prep costs 20K/year, so I wrote a Agent skill to automate most of it. It goes beyond policy generation from templates by leveraging the abilities to access your codebase:
- asks contextual questions about your company and specifics about each policy - scans your source code - uses aws, azure-cli, gcp to check your cloud infra - writes shell scripts to fetch configs from your SaaS: Okta, Datadog, PagerDuty, Jira etc.
As a result you get:
- A set of policy documentation tailored to your company - All evidences are automatically versioned with your repo - Automatic evidence collection through Github Workflow Actions - Leverage Claude Code to add new integration scripts easily - No secrets leave your environment
This is targeted at small companies and startups who’d rather spend an afternoon with an agent than $20K/year on a compliance platform. It doesn’t replace the auditor and various aspects of compliance platforms, but handles a good trunk of the grunt work for free.
Some design choices I made: Each evidence collection script is a readable shell you can run locally: make it easy to unit test each script rather than relying on runtime agents. Organize frameworks & integrations so it’s easy to add new ones. Progressive Disclosure: only load context when needed
Repo: https://github.com/screenata/compliance-automation
Demo Video: https://www.youtube.com/shorts/EevpE6bKwhA
I'd love your feedback on:
If you’ve been through SOC 2, what controls were hardest to evidence?
PRs with new frameworks, evidence collection scripts with your SaaS tools
What would you like to see next
No comments yet.