Compliance & Standards Checks
These recipes do not certify compliance and are not legal advice. They produce structured evidence and gaps for a compliance owner, auditor, or security reviewer to map against the current framework version.
Use these prompts when a team needs a bounded, read-only check that turns repository evidence, workflow evidence, or policy-as-code into an audit-ready packet. Each recipe names stop conditions, avoids code changes, and requires a human owner for any final control mapping.
Catalogue
SOC 2 change-management evidence check
developmentRead-only recipe for mapping repository changes, reviews, and agent runs to SOC 2 change-management evidence.
ISO 27001 secure-development evidence check
developmentRead-only recipe for collecting ISO 27001 secure-development, configuration, supplier, and access-control evidence from a repository.
PCI DSS CDE and agent boundary check
developmentRead-only recipe for checking whether agents, CI, logs, and repositories cross cardholder-data environment boundaries.
NIST SSDF repository evidence check
developmentRead-only recipe for mapping repository evidence to NIST SSDF practices and producing a secure-development gap report.
CIS Controls safeguard implementation check
developmentRead-only recipe for checking repository and workflow evidence against CIS Controls safeguard themes.
SLSA provenance evidence check
developmentRead-only recipe for checking build provenance, artifact integrity, and supply-chain evidence against SLSA expectations.
AI governance oversight evidence check
developmentRead-only recipe for collecting human oversight, model-provider, logging, and risk-classification evidence for AI-enabled workflows.