Extensibility

Plugin System

Extend ThreatMitigator with custom plugins written in any language. JSON-RPC 2.0 protocol over stdin/stdout with sandboxed execution.

Any Language

Write plugins in any language that supports JSON-RPC 2.0 over stdin/stdout.

Auto-Discovery

Plugins are auto-detected from PATH as executables matching threatmitigator-plugin-*.

Sandboxed Execution

Configurable memory limits, execution timeouts, and OS-level sandboxing for security.

Failure Isolation

One plugin crash doesn't affect others. Graceful degradation ensures core scanning continues.

How It Works

Protocol: JSON-RPC 2.0 over stdin/stdout
Discovery: Auto-detected from PATH (executables matching threatmitigator-plugin-*)
Configuration: Per-plugin settings in .threatmitigator.toml

Plugin Capabilities

Custom threat detection rules
Organization-specific security policies
Domain-specialized scanning
External tool integration

Plugin Configuration

1
2
3
4
5
6
[[plugins]]
name = "my-custom-scanner"
path = "/usr/local/bin/threatmitigator-plugin-custom"
timeout_secs = 60
memory_limit_mb = 256
env = { CUSTOM_VAR = "value" }

Plugin Security

Configurable memory limits
Execution timeouts
Sandboxed execution (seccompiler on Linux, win32job on Windows)
Failure isolation (one plugin crash doesn’t affect others)

See it in action

Extend ThreatMitigator with custom plugins for domain-specific scanning and external tool integration.

Ready to Secure Your Infrastructure?

Join teams already using ThreatMitigator to identify security threats in their Terraform, CloudFormation, Docker, and Helm configurations.

Get Started Free View Documentation