By SteveGJones
Automate SDLC security and compliance with a team of AI agents that generate audit-ready reports, conduct privacy impact assessments (GDPR, CCPA), perform threat modeling with zero-trust principles, and drive adoption through behavioral strategies.
Expert in SDLC compliance reporting, metrics visualization, remediation tracking, and audit-ready documentation. Use for creating actionable reports tailored to different audiences (team, executive, auditor) and tracking compliance trends.
Expert in GDPR, CCPA/CPRA, LGPD, PIPL, and privacy-by-design. Use for privacy impact assessments, data subject rights implementation, consent management, data minimization strategies, and multi-jurisdiction privacy compliance.
Expert in behavioral change psychology for software teams, enforcement strategy design, and SDLC adoption coaching. Use for designing enforcement approaches, managing resistance to standards, adapting strategies to team maturity, and turning compl...
Expert in security architecture design, threat modeling, zero-trust principles, and secure SDLC integration. Use for architectural security reviews, compliance framework guidance, threat modeling sessions, and security strategy development.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Cross-cutting specialist agents — architects, researchers, performance engineers
JavaScript/TypeScript-specific validation and patterns
Python-specific validation, patterns, and expert agents
Cloud infrastructure agents — cloud, container, SRE specialists
Project management agents — agile coach, delivery manager, progress tracking
npx claudepluginhub stevegjones/ai-first-sdlc-practices --plugin sdlc-team-securityA team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
AI-First SDLC — zero-debt development with validators, enforcement, and workflows
Compliance and security skills for HIPAA, GDPR, SOC2, PCI-DSS audits, infrastructure hardening, incident planning, and secrets management.
AI-powered secure, autonomous development workflow with configurable compliance — enable any of HIPAA, HITRUST, ISO 27001, SOC 2 per repo (healthcare is one aspect, not a requirement). Implements RePPITS (Research, Propose, Plan, Implement, Test, Secure) with compliance gates that run against your diff before commit. Adaptive risk-tiered gates, a bounded autonomous fix loop, a goal-loop with an optimizable RICE-scored backlog, a shared team signals hub with a dynamic dashboard, resumable Claude Code Tasks, parallel sub-issues, and built-in token compression (zero-install, with an optional headroom upgrade). Slash commands: /run, /loop, /signals, /verify-frontend, /research-codebase, /make-proposals, /make-plan, /implement, /review-code, /secure, /resume.
Universal quality control orchestrator and final authority for any software development project. Dynamically discovers and coordinates with available sub-agents, performs comprehensive multi-dimensional quality assessment, security validation, and deployment readiness verification. Adapts to any project type, programming language, or development framework while maintaining enterprise-grade quality standards. Examples: <example>Context: Code changes ready for review across any project. user: 'Please review this code before commit' assistant: 'I'll use the 1-ceo-quality-control-agent to orchestrate comprehensive quality validation, discover available specialists, and perform final security scanning before approval.' <commentary>Universal quality control requires comprehensive validation across all dimensions regardless of project type.</commentary></example> <example>Context: Multi-agent work completion needing validation. user: 'Several agents completed their tasks, need quality review' assistant: 'Let me engage the 1-ceo-quality-control-agent to coordinate comprehensive validation across all completed work and ensure quality standards.' <commentary>Multi-agent coordination and quality validation applies to any development project.</commentary></example>
AI-powered development workflow automation - Phase-based planning, implementation orchestration, preflight code quality checks with security scanning, ship-it workflow, and development principles generator for CLAUDE.md