MCP SSDLC Security Toolkit
Generates CI/CD pipeline configurations for Bitbucket repositories, enabling automated builds and deployments.
Generates Dockerfile and docker-compose configurations for containerized deployment of the designed system.
Generates CI/CD pipeline configurations for GitHub Actions, enabling automated testing and deployment workflows.
Generates CI/CD pipeline configurations for GitLab CI, enabling automated builds and deployments.
Generates Kubernetes deployment manifests (e.g., Deployments, Services) for orchestrating containerized applications.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP SSDLC Security Toolkitorchestrate SSDLC pipeline for HIPAA-compliant app"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP SSDLC Security Toolkit v2.0
An intelligent, domain-aware Security Software Development Life Cycle (SSDLC) toolkit powered by the Model Context Protocol (MCP). It helps Tech Leads, Security Engineers, and Developers orchestrate secure software design, generate pseudocode, and manage compliance.
π Key Features
Domain-Agnostic Core: Built-in support for Healthcare (HIPAA), Fintech (PCI-DSS), Blockchain, Secure Communications, and 12+ more domains. Easily extensible to ANY domain via YAML plugins.
Tech Lead Automation: Generates Pseudocode (Python, TS, Java, Go, C#, C++, Rust), Architecture Diagrams (Mermaid), DFD/ERD, and Module Breakdowns from user stories.
Full Pipeline Orchestration: One command to run BA β Tech Design β Threat Modeling β QA Strategy β CI/CD Planning β ADR Generation.
Multi-format Export: Output to JSON, YAML, Markdown, or professional SRS documents.
Related MCP server: Phantom MCP
π Table of Contents
π Getting Started
Prerequisites
Node.js v18+
pnpm (recommended) or npm
Installation
# Clone the repository
git clone https://github.com/vuongdat67/mcp_ssdlc
cd mcp-ssdlc-security-toolkit
# Install dependencies
pnpm install
# Build the project
pnpm buildπ» Configuration
Claude Desktop App
Add to your Claude Desktop configuration:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"ssdlc-toolkit": {
"command": "node",
"args": ["path/to/mcp-ssdlc-security-toolkit/dist/index.js"]
}
}
}VS Code
The project includes .vscode/mcp.json for automatic configuration.
Docker
# Build and run with Docker
docker build -t mcp-ssdlc-toolkit .
docker run -it mcp-ssdlc-toolkit
# Or use docker-compose
docker-compose up ssdlcπ οΈ Available Tools
Tool | Description |
| List all available domain plugins |
| Load a specific domain |
| Auto-detect domain from description |
| Generate user stories and security requirements |
| Generate technical design and pseudocode |
| Generate STRIDE threat model |
| Generate test strategy |
| Generate CI/CD pipeline |
| Run complete SSDLC pipeline |
π Domains
Built-in Domains
Domain | Compliance | Use Case |
| HIPAA | Patient records, telemedicine |
| PCI-DSS | Payments, banking |
| - | Smart contracts, DeFi |
| GDPR | E2EE messaging |
| OWASP | Security tooling |
| - | ML model security |
| - | Malware research |
And 10+ more... |
Custom Domains
Create custom domains by adding YAML files to domains/custom/:
# domains/custom/ecommerce/domain.yaml
name: "ecommerce"
keywords: ["shop", "cart", "checkout"]
stakeholders:
- name: "Shopper"
type: "end_user"
sensitiveData:
- type: "Payment Data"
level: "critical"π³ Docker
# Development mode
docker-compose up ssdlc-dev
# Production mode
docker-compose up ssdlc
# Run tests
docker-compose run testπ Documentation
Full documentation available in the docs/ directory:
π€ Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
# Run tests
pnpm test
# Run with coverage
pnpm test:coverage
# Lint
pnpm lintπΊοΈ Roadmap
See ROADMAP.md for planned features:
v2.1: AI Integration, Interactive CLI, Domain Marketplace
v2.5: Real-time Collaboration, Version Control, Third-party Integrations
v3.0: Visual Domain Designer, SBOM, Threat Intelligence Feeds
π οΈ Tech Stack
Feature | Supported Options |
Pseudocode Language | Python, TypeScript, Java, Go, C#, C++, Rust |
Cloud Target | Kubernetes, AWS, Azure, GCP, Docker |
Repo Platform | GitHub, GitLab, Bitbucket |
Export Formats | JSON, YAML, Markdown, SRS |
π€ Orchestration Example
Ask your AI assistant:
"Design a secure E-wallet system for fintech. Use TypeScript and deploy to AWS. Run the full SSDLC pipeline."
The agent will call orchestrate_ssdlc_pipeline and generate:
User stories and security requirements
Technical design with pseudocode
STRIDE threat model
Test strategy
CI/CD pipeline
Architecture Decision Records (ADRs)
Project plan with cost estimation
π License
This project is licensed under the MIT License - see the LICENSE file for details.
Made with β€οΈ by the MCP SSDLC team
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/vuongdat67/mcp_ssdlc'
If you have feedback or need assistance with the MCP directory API, please join our Discord server