MCP SSDLC Security Toolkit
Generates CI/CD pipeline designs with Docker as a deployment target, including containerization.
Provides tools for designing Git workflows, including branching strategies and commit policies.
Generates CI/CD pipeline designs for GitHub Actions, including security scanning stages and deployment strategies.
Generates CI/CD pipeline designs for GitLab CI, including security scanning stages and deployment strategies.
Selects Jest as a testing framework in generated test strategies, with risk-based coverage levels.
Generates CI/CD pipeline designs with Kubernetes as a deployment target, including blue-green and canary strategies.
Generates Mermaid diagrams for architecture visualization, including component diagrams, data flow diagrams, and trust boundaries.
Maps security threats to OWASP Top 10 and provides OWASP-based mitigation recommendations.
Selects pytest as a testing framework in generated test strategies, with risk-based coverage levels.
Generates CI/CD pipeline designs with Serverless as a deployment target.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP SSDLC Security ToolkitPlan security for an e-commerce payment system"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP SSDLC Security Toolkit
Automate 85-95% of SSDLC planning phase through multi-role AI orchestration.
๐ฏ Achievement: 90.75% coverage | 99.9% time savings | 45% token efficiency
๐ Quick Start
Installation
# Clone repository
git clone https://github.com/vuongdat67/mcp-ssdlc-security-toolkit
cd mcp-ssdlc-security-toolkit
# Install dependencies
pnpm install
# Build packages
cd packages/security-kb && pnpm build
cd ../ssdlc-planner && pnpm buildConfigure Claude Desktop
# Windows - Edit configuration file
notepad %APPDATA%\Claude\claude_desktop_config.jsonAdd:
{
"mcpServers": {
"ssdlc-planner": {
"command": "node",
"args": ["C:\\path\\to\\packages\\ssdlc-planner\\dist\\index.js"]
}
}
}Restart Claude Desktop โ Ready to use!
Test Installation
# Run demo
cd packages/ssdlc-planner
pnpm tsx scripts/demo-simple.tsSee: CLAUDE-DESKTOP-SETUP.md for detailed instructions
Related MCP server: DevSecOps MCP Server
Project Structure
packages/
โโโ core/ # Shared types, utilities, validators
โโโ ssdlc-planner/ # Main MCP server with role-based tools
โโโ security-kb/ # CVE/CWE/OWASP knowledge base
โโโ test-strategy/ # Test planning tools
โโโ git-workflow/ # Git workflow design tools๐ Documentation
Getting Started
QUICKSTART.md - Installation, usage examples, troubleshooting
CLAUDE-DESKTOP-SETUP.md - Step-by-step MCP configuration
PHASE-9-11-COMPLETE.md - Implementation details & metrics
Technical Reference
packages/ssdlc-planner/README.md - API documentation
.github/copilot-instructions.md - AI agent development guide
docs/plan.md - Original design (Vietnamese)
๐ ๏ธ Features
Phase 9-11: SSDLC Planning Orchestration โ
Multi-Role Intelligence:
Business Analyst (Phase 9A): Requirements โ user stories, abuse cases, NFRs, data classification
Tech Lead (Phase 9B): Architecture โ components, trust boundaries, data flows, Mermaid diagrams
Security Engineer (Phase 10): STRIDE threats โ CWE/OWASP/CVE mapping, mitigations
QA Engineer (Phase 11): Test strategy โ 18+ security test cases, penetration test plan
Phase 8: Production SAST Engine โ
Code review with CWE/CVE/OWASP intelligence
Risk scoring (0-10) with exploited-in-wild flags
AI-powered explanations and remediation guidance
Workflow Example
User: "Plan security for e-commerce with payment processing"
โ
BA Tool โ User stories + Abuse cases (AB-1: Card theft)
โ
Tech Lead Tool โ Architecture + Trust boundaries
โ
Security Tool โ STRIDE: 12 threats (3 critical, 5 high)
โ
QA Tool โ 18 test cases (83% automated)
โ
Result: Complete SSDLC artifacts in 60 seconds๐ฏ Coverage Metrics
Phase | Component | Target | Achieved | Status |
9A | BA Requirements | 90-95% | 95% | โ |
9B | Tech Lead Architecture | 85-90% | 90% | โ |
10 | Security Threat Model | 85-95% | 90% | โ |
11 | QA Test Strategy | 85-90% | 88% | โ |
Overall | SSDLC Planning | 85-95% | 90.75% | โ |
Performance:
โก 99.9% time savings (11-16 hours โ 60 seconds)
๐ฏ 45% token efficiency vs. prompt chains
๐๏ธ 120.56 KB build output in 27ms
๐ง MCP Tools
Phase 9-11 (Complete)
ba_analyze_requirements_security- Business AnalystInput: project description, users, goals, compliance
Output: User stories, abuse cases, NFRs, data classification
techlead_design_architecture- Tech LeadInput: user stories, tech constraints, scale expectations
Output: Components, trust boundaries, data flows, Mermaid diagrams
security_threat_model- Security EngineerInput: components, data flows, trust boundaries
Output: STRIDE threats with CWE/OWASP/CVE mapping
qa_design_test_strategy- QA EngineerInput: threats, abuse cases, compliance requirements
Output: Security test cases, penetration test plan
security_review_code- Security (Phase 8)Input: language, code snippet
Output: Vulnerabilities with remediation guidance
Roadmap
Phase 12: PM sprint planning tool
Phase 12: DevOps CI/CD pipeline design
Orchestration: Auto-sequence all phases in one call
๐ฆ Project Structure
mcp-ssdlc-security-toolkit/
โโโ packages/
โ โโโ core/ # Shared types, utilities, validators
โ โโโ ssdlc-planner/ # Main MCP server
โ โ โโโ src/
โ โ โ โโโ tools/
โ โ โ โ โโโ business-analyst/
โ โ โ โ โ โโโ analyze-requirements.ts (240 lines)
โ โ โ โ โโโ tech-lead/
โ โ โ โ โ โโโ design-architecture.ts (280 lines)
โ โ โ โ โโโ security/
โ โ โ โ โ โโโ threat-model.ts (320 lines)
โ โ โ โ โ โโโ security-review-tool.ts (Phase 8)
โ โ โ โ โโโ qa/
โ โ โ โ โโโ design-test-strategy.ts (360 lines)
โ โ โ โโโ index.ts # MCP server entry point
โ โ โโโ scripts/
โ โ โ โโโ demo-simple.ts # E-commerce demo
โ โ โโโ dist/ # Build output (120.56 KB)
โ โโโ security-kb/ # CVE/CWE/OWASP knowledge base
โ โโโ src/
โ โ โโโ db/ # SQLite database (969 CWEs, OWASP mappings)
โ โ โโโ intelligence/ # Security intelligence engine
โ โ โโโ report-generator.ts
โ โโโ dist/ # Build output (118.51 KB)
โโโ docs/ # Planning documents (Vietnamese)
โโโ QUICKSTART.md # Installation & usage guide
โโโ CLAUDE-DESKTOP-SETUP.md # MCP configuration guide
โโโ PHASE-9-11-COMPLETE.md # Implementation reportSecurity Engineer: Threat modeling (STRIDE), automated security code review
QA Engineer: Comprehensive test strategy design, test case generation
DevOps Engineer: CI/CD pipeline design with security scanning (GitHub Actions, Kubernetes)
Project Manager: Sprint planning with task breakdown and timeline (Gantt charts)
Phase 2 Features โ
Security Knowledge Base (@mcp-ssdlc/security-kb):
CVE vulnerability database with severity scores
CWE common weakness enumeration
OWASP Top 10 (2021 edition)
Secure coding patterns for Python, JavaScript, Go, C#
Enhanced Pseudocode Generation:
Language-specific templates (Python, JS, TS, Go, C#)
Security annotations and best practices
Integration with security KB for pattern recommendations
Related function dependencies and test requirements
CI/CD Pipeline Design:
Platform support: GitHub Actions, GitLab CI, Azure DevOps
Deployment targets: Kubernetes, Docker, VM, Serverless
Security stages: SAST, SCA, DAST, container scanning
Automated deployment strategies (blue-green, canary)
Sprint Planning:
Velocity-based backlog selection
Task breakdown (design, development, testing, security)
Timeline generation with Gantt charts
Risk analysis and capacity planning
Phase 3 Features โ (NEW!)
๐ Full Pipeline Orchestration (orchestrate_ssdlc_pipeline):
Complete SSDLC automation: BA โ Tech Lead โ Security โ QA โ PM โ DevOps
Single-command planning: Generate all artifacts in one invocation
Coverage validation: Automatic 85-95% target verification
7-tool workflow: Chains all role-based tools with context preservation
Comprehensive reports: JSON artifacts + Markdown documentation
๐งช Test Strategy Design (qa_design_test_strategy):
6 test levels: Unit, integration, system, acceptance, performance, security
Framework selection: Automatic based on tech stack (Jest, pytest, JUnit, etc.)
Risk-based coverage: Critical (90%), High (85%), Medium (80%), Low (75%)
Automation strategy: CI/CD integration, priority areas, tools matrix
5-phase timeline: Strategy, environment, development, execution, validation
๐ Security Code Review (security_review_code):
10+ security rules: SQL injection, XSS, hardcoded secrets, weak crypto
CWE/OWASP mapping: Links findings to industry standards
Risk scoring: 0-100 scale based on severity (Critical: 40, High: 20, Medium: 5, Low: 1)
Secure patterns: KB-backed recommendations for remediation
Compliance notes: OWASP Top 10, penetration testing, logging
Coverage Metrics (Automated)
Metric | Target | Calculation |
Requirements | 90-95% | Complete user stories with acceptance criteria |
Security | 85-95% | Threats with defined mitigations |
Testing | 85-90% | Test cases vs expected (3 per story) |
Architecture | 85-90% | Components with defined interfaces |
Overall | 85-95% | Weighted average (Req: 25%, Sec: 30%, Test: 25%, Arch: 20%) |
Sprint Planning:
Velocity-based backlog selection
Task breakdown (design, development, testing, security)
Timeline generation with Gantt charts
Risk analysis and capacity planning
See PHASE2-SUMMARY.md for complete documentation.
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vuongdat67/mcp-ssdlc-security-toolkit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server