Skip to main content
Glama
vuongdat67

MCP SSDLC Security Toolkit

by vuongdat67

MCP SSDLC Security Toolkit v2.0

CI License: MIT Node.js TypeScript

An intelligent, domain-aware Security Software Development Life Cycle (SSDLC) toolkit powered by the Model Context Protocol (MCP). It helps Tech Leads, Security Engineers, and Developers orchestrate secure software design, generate pseudocode, and manage compliance.

🌟 Key Features

  • Domain-Agnostic Core: Built-in support for Healthcare (HIPAA), Fintech (PCI-DSS), Blockchain, Secure Communications, and 12+ more domains. Easily extensible to ANY domain via YAML plugins.

  • Tech Lead Automation: Generates Pseudocode (Python, TS, Java, Go, C#, C++, Rust), Architecture Diagrams (Mermaid), DFD/ERD, and Module Breakdowns from user stories.

  • Full Pipeline Orchestration: One command to run BA β†’ Tech Design β†’ Threat Modeling β†’ QA Strategy β†’ CI/CD Planning β†’ ADR Generation.

  • Multi-format Export: Output to JSON, YAML, Markdown, or professional SRS documents.

Related MCP server: Phantom MCP

πŸ“‹ Table of Contents

πŸš€ Getting Started

Prerequisites

  • Node.js v18+

  • pnpm (recommended) or npm

Installation

# Clone the repository
git clone https://github.com/vuongdat67/mcp_ssdlc
cd mcp-ssdlc-security-toolkit

# Install dependencies
pnpm install

# Build the project
pnpm build

πŸ’» Configuration

Claude Desktop App

Add to your Claude Desktop configuration:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "ssdlc-toolkit": {
      "command": "node",
      "args": ["path/to/mcp-ssdlc-security-toolkit/dist/index.js"]
    }
  }
}

VS Code

The project includes .vscode/mcp.json for automatic configuration.

Docker

# Build and run with Docker
docker build -t mcp-ssdlc-toolkit .
docker run -it mcp-ssdlc-toolkit

# Or use docker-compose
docker-compose up ssdlc

πŸ› οΈ Available Tools

Tool

Description

list_domains

List all available domain plugins

load_domain

Load a specific domain

detect_domain

Auto-detect domain from description

ba_analyze_requirements

Generate user stories and security requirements

techlead_design

Generate technical design and pseudocode

security_threat_model

Generate STRIDE threat model

qa_design_test_strategy

Generate test strategy

devops_design_cicd

Generate CI/CD pipeline

orchestrate_ssdlc_pipeline

Run complete SSDLC pipeline

🌍 Domains

Built-in Domains

Domain

Compliance

Use Case

healthcare

HIPAA

Patient records, telemedicine

fintech

PCI-DSS

Payments, banking

blockchain

-

Smart contracts, DeFi

secure_comm

GDPR

E2EE messaging

appsec

OWASP

Security tooling

ml_ai

-

ML model security

malware_analysis

-

Malware research

And 10+ more...

Custom Domains

Create custom domains by adding YAML files to domains/custom/:

# domains/custom/ecommerce/domain.yaml
name: "ecommerce"
keywords: ["shop", "cart", "checkout"]
stakeholders:
  - name: "Shopper"
    type: "end_user"
sensitiveData:
  - type: "Payment Data"
    level: "critical"

🐳 Docker

# Development mode
docker-compose up ssdlc-dev

# Production mode
docker-compose up ssdlc

# Run tests
docker-compose run test

πŸ“š Documentation

Full documentation available in the docs/ directory:

🀝 Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

# Run tests
pnpm test

# Run with coverage
pnpm test:coverage

# Lint
pnpm lint

πŸ—ΊοΈ Roadmap

See ROADMAP.md for planned features:

  • v2.1: AI Integration, Interactive CLI, Domain Marketplace

  • v2.5: Real-time Collaboration, Version Control, Third-party Integrations

  • v3.0: Visual Domain Designer, SBOM, Threat Intelligence Feeds

πŸ› οΈ Tech Stack

Feature

Supported Options

Pseudocode Language

Python, TypeScript, Java, Go, C#, C++, Rust

Cloud Target

Kubernetes, AWS, Azure, GCP, Docker

Repo Platform

GitHub, GitLab, Bitbucket

Export Formats

JSON, YAML, Markdown, SRS

πŸ€– Orchestration Example

Ask your AI assistant:

"Design a secure E-wallet system for fintech. Use TypeScript and deploy to AWS. Run the full SSDLC pipeline."

The agent will call orchestrate_ssdlc_pipeline and generate:

  • User stories and security requirements

  • Technical design with pseudocode

  • STRIDE threat model

  • Test strategy

  • CI/CD pipeline

  • Architecture Decision Records (ADRs)

  • Project plan with cost estimation

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.


Made with ❀️ by the MCP SSDLC team

Install Server
A
license - permissive license
B
quality
D
maintenance

Maintenance

–Maintainers
–Response time
–Release cycle
–Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/vuongdat67/mcp_ssdlc'

If you have feedback or need assistance with the MCP directory API, please join our Discord server