Software Development Lifecycle standards and requirements for project quality, security, and compliance
Initialize a new project with SDLC-compliant structure. Creates required files, configures build system, sets up CI/CD, and establishes quality tooling.
Run SDLC compliance check against the current project. Validates build system, code quality, testing, CI/CD, security, documentation, VCS, and release configurations.
CI/CD pipeline architect specializing in workflow configuration, job orchestration, and pipeline optimization. Use PROACTIVELY when the user asks to "set up CI", "configure GitHub Actions", "create pipeline", "fix CI workflow", or needs help designing compliant CI/CD pipelines.
Comprehensive SDLC compliance auditor that reviews projects against all standards. Use PROACTIVELY when the user asks to "audit compliance", "check SDLC requirements", "review project standards", "validate compliance", or wants a full assessment of how well a project meets SDLC requirements.
Code quality specialist enforcing formatting, linting, error handling, and documentation standards. Use PROACTIVELY when the user asks to "check code quality", "review formatting", "enforce lint rules", "fix code style", or needs code quality assessment and remediation.
Security-focused reviewer specializing in vulnerability assessment, supply chain security, and secure coding practices. Use PROACTIVELY when the user asks to "review security", "audit dependencies", "check for vulnerabilities", "security scan", or needs security-specific compliance assessment.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Software Development Lifecycle standards and requirements plugin for AI coding assistants.
Plugin Name:
sdlc
This plugin provides comprehensive SDLC standards guidance that works with any AI coding assistant (Claude, Gemini, Codex, Copilot, OpenCode, etc.). It codifies project quality requirements across the entire software development lifecycle.
This repository provides SDLC skills that work with multiple AI coding assistants:
| Interface | Use Case | Installation |
|---|---|---|
| GitHub Copilot | Automated skill enforcement via coding agent | Skills auto-loaded from .github/skills/ |
| Claude Code Plugin | Interactive skill guidance & commands | claude plugins add |
| GitHub Action | CI/CD enforcement without AI agent | uses: zircote/sdlc-quality@v1 |
Recommended: Use GitHub Copilot coding agent with these skills for AI-powered SDLC compliance.
Install the SDLC skills in your project for GitHub Copilot coding agent:
# Clone the skills into your project
git clone --depth 1 https://github.com/zircote/sdlc-quality.git /tmp/sdlc
cp -r /tmp/sdlc/.github/skills .github/skills
rm -rf /tmp/sdlc
Or add as a git submodule:
git submodule add https://github.com/zircote/sdlc-quality.git .github/sdlc-quality
ln -s sdlc-quality/.github/skills .github/skills
Once installed, GitHub Copilot coding agent will automatically use these skills when running SDLC audits in your workflows.
Workflow example:
# .github/workflows/sdlc-audit.yml
name: SDLC Audit
on:
issues:
types: [assigned]
jobs:
audit:
if: contains(github.event.issue.labels.*.name, 'sdlc-audit')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Copilot coding agent uses .github/skills/ automatically
Assign the sdlc-audit label to an issue and Copilot will run the compliance audit using these skills.
For CI/CD enforcement without Copilot:
# .github/workflows/sdlc.yml
name: SDLC Compliance
on: [pull_request, push]
jobs:
compliance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: zircote/sdlc-quality@v1
with:
domains: "all"
fail-on-error: "true"
See GitHub Actions Integration for full documentation.
Install for interactive SDLC guidance:
claude plugins add github:zircote/sdlc-quality
Use slash commands:
/sdlc:check # Run compliance check with remediation help
/sdlc:init # Initialize SDLC-compliant project structure
# Run comprehensive compliance check
/sdlc:check
Output:
SDLC Compliance Report
npx claudepluginhub zircote-plugins/sdlc-qualitySignal Intelligence - Comprehensive market research toolkit with report generation, GitHub issue creation, and trend-based analysis using three-valued logic
Multi-agent orchestration for Claude Code. Coordinate teams of agents with shared tasks, messaging, and 7 proven patterns including RLM for large-file analysis beyond context limits.
Complete lifecycle management for Architectural Decision Records (ADRs): create, update, supersede, search, audit compliance, and export
Verify and enforce use of latest stable library and package versions using live documentation lookups. Prevents outdated version recommendations, security vulnerabilities from stale dependencies, and deprecated API usage across 13+ package ecosystems.
Comprehensive documentation management: review, create, update, and maintain high-quality documentation with Diataxis framework support
Security agents — security, compliance, privacy specialists
Universal quality control orchestrator and final authority for any software development project. Dynamically discovers and coordinates with available sub-agents, performs comprehensive multi-dimensional quality assessment, security validation, and deployment readiness verification. Adapts to any project type, programming language, or development framework while maintaining enterprise-grade quality standards. Examples: <example>Context: Code changes ready for review across any project. user: 'Please review this code before commit' assistant: 'I'll use the 1-ceo-quality-control-agent to orchestrate comprehensive quality validation, discover available specialists, and perform final security scanning before approval.' <commentary>Universal quality control requires comprehensive validation across all dimensions regardless of project type.</commentary></example> <example>Context: Multi-agent work completion needing validation. user: 'Several agents completed their tasks, need quality review' assistant: 'Let me engage the 1-ceo-quality-control-agent to coordinate comprehensive validation across all completed work and ensure quality standards.' <commentary>Multi-agent coordination and quality validation applies to any development project.</commentary></example>
SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
Skills for development standards: commit messages, code review, testing, documentation, and more. Supports 25 comprehensive skills for the full development lifecycle.
Code quality enforcement, architecture skills, structural code graph, and impact-aware reviews.