ワンクリックで
secure-development-lifecycle
Comprehensive SDLC security practices with DevSecOps automation, OWASP Top 10, supply chain security (OSSF/SLSA)
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Comprehensive SDLC security practices with DevSecOps automation, OWASP Top 10, supply chain security (OSSF/SLSA)
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
C4 architecture model, security architecture, Mermaid diagrams, SECURITY_ARCHITECTURE.md, and comprehensive documentation per Hack23 Secure Development Policy
AI-augmented development controls, GitHub Copilot governance, LLM security, AI-generated code review per Hack23 Secure Development Policy
EU AI Act compliance, OWASP LLM security, responsible AI practices for parliamentary data and MCP server applications
Enforce code quality with ESLint, TypeScript strict mode, Knip unused detection, and quality gates for MCP servers
ISO 27001, NIST CSF 2.0, CIS Controls v8.1, EU CRA compliance mapping, multi-standard alignment per Hack23 ISMS policies
Contribution process with PR workflow, code review standards, commit conventions, and open source best practices
SOC 職業分類に基づく
| name | secure-development-lifecycle |
| description | Comprehensive SDLC security practices with DevSecOps automation, OWASP Top 10, supply chain security (OSSF/SLSA) |
| license | Apache-2.0 |
Implement secure development practices across all SDLC phases for TypeScript/Node.js MCP server development, from requirements through deployment.
// Security controls in code
import { z } from 'zod';
// Input validation
const schema = z.object({
id: z.number().int().positive(),
query: z.string().min(1).max(500),
});
// Error handling (no information leakage)
try {
const result = await apiCall();
} catch (error) {
logger.error('API call failed', { error });
throw new Error('Request failed'); // Generic message
}
| Control | Implementation |
|---|---|
| OSSF Scorecard | Automated scoring of security practices |
| SLSA Level | Build provenance and supply chain integrity |
| SBOM | CycloneDX software bill of materials |
| Dependency pinning | package-lock.json committed |
| Signed commits | GPG-signed git commits |
Core SDLC policies:
Supporting policies: