Plugin Mechanism

[capitalist]

Is there an existing mechanism for, or plans for a plugin capability for custom Findings similar to credo's Check mechanism?

It looks like sobelow is already well architected to support this, but has the hard-coded @submodules

Forgive me if this is already asked & answered, but I did try to search, so the keywords I use will help others find the conversation if it has already been had.

[GriffinMB]

Hi! There wasn't (until now) any plan for it, but it's a good suggestion. I'll look into this. I'm working on some other things at the moment, so it might not be a quick turnaround.

I'll update this issue with details once I've worked out the details, and have an ETA.

[capitalist]

Wow, very quick reply. Fortunately, I don't need a quick turn around.

But we're working with a very smart offensive security expert who's suggested some very interesting things and we're looking at what our options are for tool extension.

[GriffinMB]

Sounds good! Also happy to accept Finding contributions if they're generally applicable :)

[capitalist]

I think we'd have a mix - some that are generally useful, and some that target specific patterns in our somewhat unorthodox platform.

[houllette]

Some inspiration could be taken from how Credo integrates plugins