| Hi HN, SOC 2 audit prep costs 20K/year, so I wrote a Agent skill to automate most of it. It goes beyond policy generation from templates by leveraging the abilities to access your codebase: - asks contextual questions about your company and specifics about each policy
- scans your source code
- uses aws, azure-cli, gcp to check your cloud infra
- writes shell scripts to fetch configs from your SaaS: Okta, Datadog, PagerDuty, Jira etc. As a result you get: - A set of policy documentation tailored to your company
- All evidences are automatically versioned with your repo
- Automatic evidence collection through Github Workflow Actions
- Leverage Claude Code to add new integration scripts easily
- No secrets leave your environment This is targeted at small companies and startups who’d rather spend an afternoon with an agent than $20K/year on a compliance platform. It doesn’t replace the auditor and various aspects of compliance platforms, but handles a good trunk of the grunt work for free. Some design choices I made: Each evidence collection script is a readable shell you can run locally: make it easy to unit test each script rather than relying on runtime agents. Organize frameworks & integrations so it’s easy to add new ones. Progressive Disclosure: only load context when needed Repo: https://github.com/screenata/compliance-automation Demo Video: https://www.youtube.com/shorts/EevpE6bKwhA I'd love your feedback on: If you’ve been through SOC 2, what controls were hardest to evidence? PRs with new frameworks, evidence collection scripts with your SaaS tools What would you like to see next |