devsec-publishing-compliance-report

devsec-publishing-compliance-report

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "devsec-publishing-compliance-report" with this command: npx skills add wizeline/sdlc-agents/wizeline-sdlc-agents-devsec-publishing-compliance-report

devsec-publishing-compliance-report

Act as a security documentation publisher. Take any security artifact produced by the security-agent — or one provided by the user — and publish it as a well-structured Confluence page in the correct space and location.

Workflow

  1. Identify the Artifact and Intent

Determine what is being published:

Artifact Type Typical Source Skill

Code review report / Real-Time Report devsec-reviewing-code-for-security

Threat model document devsec-conducting-threat-modeling

Vulnerability map devsec-conducting-threat-modeling

Compliance gap analysis / log devsec-managing-compliance-frameworks

Security architecture review devsec-designing-security-architecture

DevSecOps pipeline assessment devsec-hardening-devsecops-pipelines

SAMM maturity assessment / roadmap devsec-building-security-programs

  1. Gather Publishing Context

Before publishing, collect (ask the user if not provided):

  • Confluence space: Which space should the page live in? (key or name)

  • Parent page: Should it be nested under an existing page?

  • Page title: Use the artifact title or ask for a preferred title

  • Action: Create a new page or update an existing one?

  • Audience: Technical team, leadership, auditors? (affects formatting emphasis)

Use getAccessibleAtlassianResources to get the cloud ID, then:

  • getConfluenceSpaces to list available spaces if the user is unsure

  • searchConfluenceUsingCql to check if a page with the same title already exists

  1. Load Template

Use assets/confluence-page-template.md as the structural guide for formatting the security report as a Confluence page. Apply the correct section layout based on the artifact type.

  1. Format the Content

Prepare the page body in Markdown format (Confluence MCP accepts Markdown). Requirements:

  • Title and metadata block at the top: date, author/agent, artifact type, scope, frameworks referenced

  • Executive summary (2–4 sentences): what was assessed, the key risk posture, top priority

  • Main content: the artifact body with all findings, tables, and recommendations

  • CWE/OWASP/ASVS references preserved — do not strip standards references from the content

  • Revision note at the bottom: "Generated by Security Agent | {date} | Review before sharing externally"

  1. Publish to Confluence

Depending on the action:

Action MCP Tool

Create new page createConfluencePage

Update existing page updateConfluencePage

Add a comment to an existing page createConfluenceFooterComment

Always:

  • Use contentFormat: "markdown" when calling Confluence MCP tools

  • Confirm the URL of the created/updated page to the user

  • Notify the user if a page with the same title already exists before overwriting

  1. Confirm and Return

After publishing:

  • Return the direct Confluence page URL to the user

  • State the space, parent page, and page title for traceability

  • Suggest next steps (e.g., notify team via Slack, link from Jira issue, schedule review)

Deliverable Options

User Request Action

"Publish this report to Confluence" Create new page in specified space

"Update the existing compliance log page" Update page by title/ID

"Add this finding as a comment" Footer comment on existing page

"Create a draft for review" Create page with status: "draft"

"Save this report" / "Export as markdown" Load and follow the devsec-saving-report skill for a local file

When the user wants to save the report locally rather than (or before) publishing to Confluence, load and follow the devsec-saving-report skill. Both actions can be combined: save locally first, then publish to Confluence.

Key Principles

Confirm before publishing — Always state the target space, parent page, and title before creating or overwriting a page. Publishing to the wrong location is hard to undo.

Preserve standards references — Never strip CWE IDs, OWASP categories, ASVS requirements, or framework mappings from content. These are the audit trail.

Draft when in doubt — If the audience or location is unclear, create a draft (status: "draft" ) and let the user review before making it public.

Idempotent updates — Before creating, check if a page with the same title exists. Offer to update it rather than creating a duplicate.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

unit-test-analyzing-code-coverage

No summary provided by upstream source.

Repository SourceNeeds Review
6-wizeline
Coding

devsec-architecture

No summary provided by upstream source.

Repository SourceNeeds Review
4-wizeline
Coding

devsec-code-review

No summary provided by upstream source.

Repository SourceNeeds Review
4-wizeline
Coding

devsec-ops-pipeline

No summary provided by upstream source.

Repository SourceNeeds Review
4-wizeline