A serious codebase audit (for compliance, customer due diligence, an acquisition, or a system you just inherited) usually costs a fortune and drags on for months: read-only access, weeks of interviews and manual review, and a report that's stale the day it lands. The Zenable Assessment runs in an afternoon, is perfectly tuned to your preferences and tradeoffs, and most importantly, finds the specific types of findings you're looking for. It's a guided skill for your coding agent that interviews you about the codebase and who the report is for, proposes strawman requirements per framework (security, SOC 2, HIPAA, PCI-DSS, ISO 27001, FedRAMP, NIST SSDF, and your own domain concerns) that you keep, drop, or reshape, then scans in two passes (a deterministic zenable check and a dual AI review against the same requirements) and merges the results. Your total workload: an interview, some keep/drop calls, and a walkthrough of the finished report.
The output looks like it came from a boutique consultancy, because that's the bar we set: an interactive risk matrix, an OWASP SAMM maturity chart, trust-boundary diagrams with demonstrated attack paths, dark mode, one-click PDF export. And you can store the assessment in the Zenable portal to share with teammates, governed by the platform's built-in granular permissions and role-based access control.
The critical differentiator: you don't just get a list of findings, you get the automation to reproduce every single one of them, so there's no room for AI-generated slop or misunderstandings. Nothing is hand-typed, severities come from likelihood and impact rather than vibes, and an adversarial pass re-checks every factual claim before delivery.
Plus, every requirement you co-author during the interview is persisted through our CLI and MCP server as durable scopes and guardrails in your tenant (you literally don't even need to log in to the UI), so the standards you just assessed against are enforced on every future change. The deliverable is a report; the byproduct is a governed codebase.
The skill is coming soon. Want to run one early? Email hello@zenable.io and we'll set you up. In the meantime, the code assessment use case covers what's possible today.