ICDEV™ is an open-source platform that eliminates the gap between engineering and compliance. We pioneered agentic engineering — AI systems that autonomously build, test, and certify applications with deterministic reliability and full compliance traceability.
In traditional development, engineers write code. Compliance officers write paperwork. The two groups work in parallel but rarely coordinate.
When an auditor asks a question, engineering stops. When a STIG check fails, tickets pile up. When code changes break compliance documentation, nobody notices until the next assessment.
ICDEV™ eliminates this gap. We treat compliance as a natural output of engineering. When our platform builds a system, it generates the SSP at the same time. It maps NIST 800-53 controls, collects evidence, produces the SBOM, and creates the complete ATO package.
6-layer architecture separating AI orchestration from deterministic execution. Goals, Orchestration, Tools, Context, Hard prompts, Args. Reproducible, auditable, never probabilistic.
Executable build process: Architect, Trace, Link, Assemble, Stress-test. AI agents follow it autonomously, producing architecture, traceability, code, and compliance in one flow.
Domain-specific agents for orchestration, architecture, building, compliance, security, infrastructure, MBSE, requirements, supply chain, simulation, DevSecOps, and more. Collaborating via A2A protocol.
One NIST 800-53 control maps to FedRAMP, CMMC, CJIS, HIPAA, PCI DSS, SOC 2, ISO 27001, and more via our dual-hub crosswalk engine. Implement once, satisfy many.
OSCAL-formatted evidence streamed continuously. Every commit triggers evidence collection. Documentation stays current, complete, and audit-ready at all times.
Always-on daemon with 13 autonomous reflexes. Scans CVEs, audits code quality, generates tests, refreshes compliance evidence. Your platform improves while you sleep.
SSP, POAM, STIG, SBOM, CUI marking, control mapping, FedRAMP/CMMC assessment, OSCAL export, classification management. All deterministic. All audit-ready.
SAST, dependency audit, secret detection, container scanning, prompt injection defense, AI telemetry, MITRE ATLAS, OWASP LLM Top 10, agentic trust scoring.
Pipeline security, policy-as-code (Kyverno/OPA), service mesh (Istio/Linkerd), NIST 800-207 ZTA maturity across 7 pillars, 5 maturity levels.
SysML import, DOORS NG ReqIF, digital thread with N:M linking, model-to-code generation, conversational intake, SAFe decomposition, boundary impact analysis.
AI should amplify human expertise, not replace human judgment. Every AI decision is traceable. Every AI action is auditable. Every AI output can be explained.
Routine tasks: compliance export, narrative generation, document processing. Zero cloud API calls. Air-gap safe.
Local models draft. Cloud models review. Cuts API usage 40% while maintaining quality.
Most capable models for architecture, requirements intake, and stakeholder content.
Cut ATO timelines from months to weeks with automated evidence.
Build for DoD at IL4+. NIST, CMMC, Zero Trust — automated.
Explore agentic AI engineering. Systems that build systems.
Secure CI/CD with policy-as-code and continuous compliance.
Connect SysML models to code, tests, and controls via digital thread.
The tools for building secure, compliant software should be accessible to everyone — not locked behind enterprise licenses only the largest contractors can afford.
We welcome contributions from engineers, compliance professionals, and security researchers.
View on GitHub Get in Touch