# Concordance > SDLC intelligence platform that scores engineering practices across 50 open protocols. > Connects to GitHub, GitLab, Bitbucket, Jira, and Linear. Reads metadata only — no code access. > Turns post-mortems into predictive signals by continuously grading the same practices that appear in every major outage autopsy. ## What Concordance Does Concordance observes how software is built — not what is built. It connects to your existing toolchain (SCM, issue tracker, CI/CD) and scores your engineering practices against 50 protocols across 6 SDLC phases: Requirements, Design, Development, Testing, Release, and Operations. Each protocol is scored 1–5 (Reactive → Optimizing) using evidence from real artifacts: commits, pull requests, issues, pipelines, and incident data. When AI tools are detected in the workflow (Copilot, Cursor, Claude Code, Windsurf, Devin, etc.), AI Sentinel activates and applies additional scoring to the 10 protocols most likely to degrade under AI-accelerated development. ## AI Sentinel (Velocity Governance) AI Sentinel monitors the 10 highest-risk protocols when AI acceleration is detected: Architecture Decision Records, Dependency Management, Branch Protection, PR Review Quality, Code Ownership, Secrets Management, CI Pipeline Exists, Security Analysis, Rollback Capability, Feature Flagging. It detects AI tool adoption automatically, tracks probability signals per team, and surfaces gaps before they compound. AI Sentinel is the governance layer for AI-augmented and autonomous engineering workflows. ## 50 SDLC Protocols (6 Phases) Phase 1 — Requirements: Issue Tracking Linkage, Acceptance Criteria, Ticket Description Quality, Estimation Practice, Backlog Health, Priority Classification, Sprint Discipline, Requirement Traceability. Phase 2 — Design: Design Discussion, Architecture Decision Records, Technical Documentation, API Contract Definition, Dependency Management, Design Review Workflow. Phase 3 — Development: Branch Protection, PR Review Quality, PR Size Discipline, Review Turnaround, Approval Rigor, Code Ownership, Commit Convention, Linting Enforcement, Secrets Management, Repository Documentation, Technical Debt Management. Phase 4 — Testing: CI Pipeline Exists, CI Gating, Test Coverage, Test Reliability, Test Categorization, Security Analysis, Dependency Scanning, Build Reproducibility, Environment Parity. Phase 5 — Release: Build Artifacts, Release Cadence, Lead Time, Release Approval, Changelog Practice, Semantic Versioning, Rollback Capability, Feature Flagging. Phase 6 — Operations: Incident Response, Postmortem Practice, Runbooks, SLO Definition, On-Call Practice, Monitoring & Alerting, Change Failure Tracking, Operational Review. The full protocol framework is open (CC BY 4.0) and machine-readable via API. ## Compliance Mapping Concordance maps protocol scores to regulatory and audit frameworks automatically: - EU Cyber Resilience Act (CRA) — 21 Annex I essential requirements - EU NIS2 Directive — 10 Article 21(2) measures - SOC 2 Trust Services Criteria — CC6, CC7, CC8, CC9 - ISO 27001 — mapped controls - NIST SSDF — supply chain practices - SLSA Levels — build provenance and integrity Evidence is generated continuously from real engineering data, not surveys or self-assessments. ## API - `GET /api/framework/protocols` — Full protocol definitions (CC BY 4.0, public) - `POST /api/scan` — Run a full assessment for a team - `POST /api/public-scan` — Public scan of any repo (no auth required) - `GET /api/sentinel?org_id=` — AI velocity governance data - `GET /api/heatmap?org_id=` — Org-wide protocol heatmap with trends - `GET /api/portfolio` — Portfolio-level aggregates - `GET /api/signal-export` — CRA/NIS2/SOC2/ISO compliance evidence export ## Key Pages - [Framework](https://getconcordance.com/framework): The 50 protocols, open and machine-readable - [Methodology](https://getconcordance.com/methodology): How scoring works — evidence-based, 1–5 maturity scale - [AI Sentinel](https://getconcordance.com/sentinel): Velocity governance for AI-accelerated teams - [How It Works](https://getconcordance.com/how-it-works): Connect, observe, score — metadata only, no code access - [Pricing](https://getconcordance.com/pricing): Free assessment for any repo. Pro from $99/mo, no per-seat pricing - [CRA Compliance](https://getconcordance.com/cra): Continuous CRA evidence from engineering data - [NIS2 Compliance](https://getconcordance.com/nis2): NIS2 Article 21 mapping - [SDLC Intelligence](https://getconcordance.com/sdlc-intelligence): Category definition — what SDLC intelligence means ## Integrations Source control: GitHub, GitLab, Bitbucket. Issue tracking: Jira, Linear. CI/CD: Reads pipeline metadata from connected SCM platforms. AI detection: Copilot, Cursor, Claude Code, Windsurf, Devin, and other AI coding tools detected automatically. ## Contact Website: https://getconcordance.com Email: terry@getconcordance.com