MCP SSDLC Security Toolkit
Enables orchestrating secure software development pipelines with domain-specific compliance (HIPAA, PCI-DSS, etc.), generating pseudocode, threat models, and CI/CD from user stories via natural language.
README
MCP SSDLC Security Toolkit v2.0
An intelligent, domain-aware Security Software Development Life Cycle (SSDLC) toolkit powered by the Model Context Protocol (MCP). It helps Tech Leads, Security Engineers, and Developers orchestrate secure software design, generate pseudocode, and manage compliance.
π Key Features
- Domain-Agnostic Core: Built-in support for Healthcare (HIPAA), Fintech (PCI-DSS), Blockchain, Secure Communications, and 12+ more domains. Easily extensible to ANY domain via YAML plugins.
- Tech Lead Automation: Generates Pseudocode (Python, TS, Java, Go, C#, C++, Rust), Architecture Diagrams (Mermaid), DFD/ERD, and Module Breakdowns from user stories.
- Full Pipeline Orchestration: One command to run BA β Tech Design β Threat Modeling β QA Strategy β CI/CD Planning β ADR Generation.
- Multi-format Export: Output to JSON, YAML, Markdown, or professional SRS documents.
π Table of Contents
- Getting Started
- Installation
- Configuration
- Available Tools
- Domains
- Docker
- Documentation
- Contributing
- Roadmap
- License
π Getting Started
Prerequisites
- Node.js v18+
- pnpm (recommended) or npm
Installation
# Clone the repository
git clone https://github.com/vuongdat67/mcp_ssdlc
cd mcp-ssdlc-security-toolkit
# Install dependencies
pnpm install
# Build the project
pnpm build
π» Configuration
Claude Desktop App
Add to your Claude Desktop configuration:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"ssdlc-toolkit": {
"command": "node",
"args": ["path/to/mcp-ssdlc-security-toolkit/dist/index.js"]
}
}
}
VS Code
The project includes .vscode/mcp.json for automatic configuration.
Docker
# Build and run with Docker
docker build -t mcp-ssdlc-toolkit .
docker run -it mcp-ssdlc-toolkit
# Or use docker-compose
docker-compose up ssdlc
π οΈ Available Tools
| Tool | Description |
|---|---|
list_domains |
List all available domain plugins |
load_domain |
Load a specific domain |
detect_domain |
Auto-detect domain from description |
ba_analyze_requirements |
Generate user stories and security requirements |
techlead_design |
Generate technical design and pseudocode |
security_threat_model |
Generate STRIDE threat model |
qa_design_test_strategy |
Generate test strategy |
devops_design_cicd |
Generate CI/CD pipeline |
orchestrate_ssdlc_pipeline |
Run complete SSDLC pipeline |
π Domains
Built-in Domains
| Domain | Compliance | Use Case |
|---|---|---|
healthcare |
HIPAA | Patient records, telemedicine |
fintech |
PCI-DSS | Payments, banking |
blockchain |
- | Smart contracts, DeFi |
secure_comm |
GDPR | E2EE messaging |
appsec |
OWASP | Security tooling |
ml_ai |
- | ML model security |
malware_analysis |
- | Malware research |
| And 10+ more... |
Custom Domains
Create custom domains by adding YAML files to domains/custom/:
# domains/custom/ecommerce/domain.yaml
name: "ecommerce"
keywords: ["shop", "cart", "checkout"]
stakeholders:
- name: "Shopper"
type: "end_user"
sensitiveData:
- type: "Payment Data"
level: "critical"
π³ Docker
# Development mode
docker-compose up ssdlc-dev
# Production mode
docker-compose up ssdlc
# Run tests
docker-compose run test
π Documentation
Full documentation available in the docs/ directory:
- Getting Started
- Installation Guide
- Configuration
- Architecture
- API Reference
- Domain System
- Creating Custom Domains
π€ Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
# Run tests
pnpm test
# Run with coverage
pnpm test:coverage
# Lint
pnpm lint
πΊοΈ Roadmap
See ROADMAP.md for planned features:
- v2.1: AI Integration, Interactive CLI, Domain Marketplace
- v2.5: Real-time Collaboration, Version Control, Third-party Integrations
- v3.0: Visual Domain Designer, SBOM, Threat Intelligence Feeds
π οΈ Tech Stack
| Feature | Supported Options |
|---|---|
| Pseudocode Language | Python, TypeScript, Java, Go, C#, C++, Rust |
| Cloud Target | Kubernetes, AWS, Azure, GCP, Docker |
| Repo Platform | GitHub, GitLab, Bitbucket |
| Export Formats | JSON, YAML, Markdown, SRS |
π€ Orchestration Example
Ask your AI assistant:
"Design a secure E-wallet system for fintech. Use TypeScript and deploy to AWS. Run the full SSDLC pipeline."
The agent will call orchestrate_ssdlc_pipeline and generate:
- User stories and security requirements
- Technical design with pseudocode
- STRIDE threat model
- Test strategy
- CI/CD pipeline
- Architecture Decision Records (ADRs)
- Project plan with cost estimation
π License
This project is licensed under the MIT License - see the LICENSE file for details.
Made with β€οΈ by the MCP SSDLC team
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.