Skip to content

Customer Scanners

Part of sof scanners power is the fact that it has a scanner plugin architecture, this enables you to create your own plugins to generate scanning results.

Building your own plugin

In order to build a plugin you must do two things: 1. have a plugin manifest file - titled "sof_scanner_plugin.json". This file contains a relative path to the core js file to load and a definition used to ensure its a cli plugin. 

{
    "sof_plugin": "cli",
    "entry_point": "yourfile.js"
}
  1. your code, which exports default something that matches the following interface: 
export interface scanner{
    scanner: string;
    scan(source: string,_options: string): Promise<any>;
}

The scan function needs to export an object which meets the following interface:

interface Report {
    vulnerabilities: Vulnerability[]
}
interface Vulnerability {
    id: string,
    category: string,
    name: string,
    description: string?,
    solution: string?,
    severity: string,
    confidence: string,
    location: Location,
}
interface Locaiton {
    file: string,
    start_line: number, //-1 represents unknown
    end_line: number,   //-1 represents unknown
}

Including your plugin

Once you plugin is built you can include it during scan time by using the -s flag in sof_scanner. For example, say you make a scanner as a standalone npm module called "security_tech/awesome_scanner" you could install and execute that scanner by running the following 

npm install security_tech/awesome_scanner
sof-scanner --server http://localhost:8080 -c .\sof-config.json -l .\output.json -p .\node_modules