A curated directory of Cloud Security Alliance plugins for Claude Code.
Warning: Make sure you trust a plugin before installing, updating, or using it. CSA does not control what MCP servers, files, or other software are included in external plugins and cannot verify that they will work as intended or that they won't change. See each plugin's homepage for more information.
/plugins- Internal plugins developed and maintained by CSA/external_plugins- Third-party plugins from partners and the community
| Plugin | Description | Install |
|---|---|---|
| incident-analysis | Comprehensive security incident analysis with OSINT collection, source cross-referencing, confidence classification, and deep analysis. | /plugin install incident-analysis@csa-plugins-official |
| cwe-analysis | CWE assignment and vulnerability chain analysis for CNAs, security researchers, and vendors. | /plugin install cwe-analysis@csa-plugins-official |
| security-knowledge-ingestion | Ingest security knowledge documents into structured data with reproducible recipes and SecID integration. | /plugin install security-knowledge-ingestion@csa-plugins-official |
| nist-ir-8477-mapping | Map relationships between security knowledge sources using NIST IR 8477 — four relationship styles, use case documentation, cross-model validation. | /plugin install nist-ir-8477-mapping@csa-plugins-official |
| secid | SecID — resolve CVEs, CWEs, ATT&CK techniques, NIST controls, and 700+ security knowledge sources. Local MCP server with internal resolver support. | /plugin install secid@csa-plugins-official |
First, add the CSA marketplace:
/plugin marketplace add CloudSecurityAlliance/csa-plugins-official
Then install any plugin:
/plugin install {plugin-name}@csa-plugins-official
Or browse for plugins in /plugin > Discover
Internal plugins are developed by CSA team members.
To be decided. External plugin submissions will require an automated review and approval process.
Each plugin follows a standard structure:
plugin-name/
├── .claude-plugin/
│ └── plugin.json # Plugin metadata (required)
├── .mcp.json # MCP server configuration (optional)
├── commands/ # Slash commands (optional)
├── agents/ # Agent definitions (optional)
├── skills/ # Skill definitions (optional)
└── README.md # Documentation
Please see each linked plugin for the relevant LICENSE file.