Home
Enterprise DevSecOps Plugin for Claude Code — Multi-Agent AI Security Team
| Metric | Value |
|---|---|
| AI Agents | 18 (Orchestrators 3 + Specialists 7 + Experts 4 + Core Team 4) |
| Skills | 16 slash commands (7 scanning + 9 orchestration/assessment) |
| Security Tools | 11 open-source in Docker (Semgrep, ZAP, Nuclei, Grype, Trivy, Checkov, GitLeaks, Syft, TruffleHog, kube-bench, Nuclei-GraphQL) |
| MCP Tools | 10 composable (scan, normalize, results, triage, enrich, compare, compliance_status, suggest_fix, history, pipeline) |
| CWE Mappings | 488 total (OWASP 122 + NIST 100 + MITRE 93 + NCSA 62 + PDPA 30 + SOC 2 40 + ISO 27001 41) |
| OWASP Top 10 | 10/10 coverage — dual-version 2021+2025 mapping |
| Custom Rules | 84 Semgrep rules (OWASP A01-A10 + K8s + GraphQL) |
| Output Formats | 8 (JSON, SARIF, Markdown, HTML, PDF, CSV, VEX, Dashboard) |
| Tests | 1,302+ checks across 42 suites |
| QA Rounds | 13 rounds, 75/75 latest (cumulative 1,300+ checks) |
| ROI | 10,222% (133x speed multiplier) |
+------------------------------------------------------------------------+
| Claude Code CLI |
| |
| User: "/sast-scan --target ./src" |
| | |
| v |
| +-------------+ +--------------+ +--------------------+ |
| | SKILL.md |--->| Agent |--->| Reference File | |
| | (16 skills)| | (18 agents) | | (19 files) | |
| +-------------+ +------+-------+ +--------------------+ |
| | |
| v |
| +--------------------------------------------------------------------+ |
| | Sidecar Runner (Docker) | |
| | +--------+ +-----+ +--------+ +-------+ +-------+ +-----------+ | |
| | |Semgrep | | ZAP | |Nuclei | | Grype | | Trivy | | Checkov | | |
| | | SAST | |DAST | |DAST/GQL| | SCA | |Contain| | IaC | | |
| | +--------+ +-----+ +--------+ +-------+ +-------+ +-----------+ | |
| | +----------+ +------+ +------------+ +------------+ | |
| | | GitLeaks | | Syft | | TruffleHog | | kube-bench | | |
| | | Secrets | | SBOM | | Secrets | | K8s CIS | | |
| | +----------+ +------+ +------------+ +------------+ | |
| +------------------------+-------------------------------------------+ |
| | |
| v |
| +--------------------------------------------------------------------+ |
| | Output: SARIF | JSON | MD | HTML | PDF | CSV | VEX | Dashboard | |
| | Mappings: OWASP | NIST | MITRE | NCSA | PDPA | SOC2 | ISO27001 | |
| | (488 CWE mappings across 7 frameworks) | |
| +--------------------------------------------------------------------+ |
+------------------------------------------------------------------------+
| Page | Description |
|---|---|
| Architecture | System architecture, three layers, DAG pipeline engine, decision loop model |
| Skills-Reference | 16 skills — SAST, DAST, SCA, Container, IaC, Secrets, SBOM, K8s, GraphQL, Compliance, IR |
| Agents | 18 agents across 4 groups (Orchestrators, Specialists, Experts, Core Team) |
| Tools | 11 Docker-based security tools with pipeline flow diagram |
| OWASP-Coverage | OWASP Top 10 coverage matrix (10/10) with tools and detection methods |
| NCSA-Validation | NCSA Website Security Standard v1.0 validation (7 categories) |
| CWE-Mappings | 488 CWE mappings across 7 frameworks (OWASP, NIST, MITRE, NCSA, PDPA, SOC 2, ISO 27001) |
| Test-Results | 1,302+ tests across 42 suites — QA round history |
| Installation | Installation, prerequisites, Docker images, and MCP setup |
| Use-Cases | Deployment scenarios (Dev, Security, Compliance, CI/CD, DAST) |
| ROI | Business value — 10,222% ROI, 3-Year TCO analysis |
| Comparison | Feature comparison vs GitHub Advanced Security, Snyk, SonarQube |
| Changelog | Release history (v1.0.0 → v3.0.4) |
# Via Claude Code marketplace
claude plugin marketplace add pitimon/devsecops-ai-team
claude plugin install devsecops-ai-team@pitimon-devsecops
# Manual
git clone https://github.com/pitimon/devsecops-ai-team.git| Version | Date | Highlights |
|---|---|---|
| v3.0.4 | 2026-03-03 | Dashboard injection fix (#69), OWASP enrichment + compliance snapshots (#70) |
| v3.0.2 | 2026-03-03 | GraphQL test depth, README badge sync |
| v3.0.1 | 2026-03-03 | GraphQL OWASP dual-tag + CWE-770 fix |
| v3.0.0 | 2026-03-03 | DAG pipeline engine, SQLite scan history, security dashboard, K8s + GraphQL scanning |
| v2.8.0 | 2026-03-03 | SLSA assessment, VEX output, SOC 2 + ISO 27001, TruffleHog, A06-A08 rules |
| v2.7.0 | 2026-03-02 | OWASP 2025 migration, Nuclei DAST, PDPA mapping, NCSA v1.0 review |
| v2.6.0 | 2026-03-02 | CI/CD integration, MCP bundling fix, version bump automation |
| v2.5.0 | 2026-03-02 | PDF/CSV formatters, compare/suggest_fix MCP tools, A01-A03 rules |
| v2.4.0 | 2026-03-02 | A09 detection (7 rules), ZAP multi-mode, NCSA validator |
| v2.3.0 | 2026-03-02 | Auto-fix skill, NCSA compliance (62 CWEs), DAST/MCP integration |
| v2.0.0 | 2026-03-01 | MCP server (5 tools), cross-tool dedup, agent orchestration |
| v1.0.0 | 2026-03-01 | Initial release — 18 agents, 12 skills, 7 tools |