Validates pull requests against regulatory, security, and organizational compliance requirements. Ensures changes meet GDPR, HIPAA, PCI-DSS, and other compliance frameworks.
This skill performs automated compliance validation on pull requests, ensuring changes adhere to regulatory requirements, security standards, and organizational policies.
gdpr_checks:
- rule: "data_processing_inventory"
description: "Verify data processing activities are documented"
severity: "high"
- rule: "lawful_basis"
description: "Ensure lawful basis for data processing"
severity: "critical"
- rule: "data_subject_rights"
description: "Implement data subject access and deletion rights"
severity: "high"
- rule: "breach_notification"
description: "Verify 72-hour breach notification capability"
severity: "critical"
hipaa_checks:
- rule: "access_controls"
description: "Technical access controls for ePHI"
severity: "critical"
- rule: "audit_controls"
description: "Audit logs for ePHI access and modifications"
severity: "high"
- rule: "integrity_protection"
description: "Data integrity and authentication mechanisms"
severity: "high"
- rule: "transmission_security"
description: "Secure transmission of ePHI"
severity: "critical"
pci_dss_checks:
- rule: "cardholder_data_protection"
description: "Never store sensitive authentication data"
severity: "critical"
- rule: "encryption_standards"
description: "Use strong cryptography and security protocols"
severity: "high"
- rule: "access_control_measures"
description: "Restrict access to cardholder data"
severity: "critical"
- rule: "network_security"
description: "Implement network segmentation and firewalls"
severity: "high"