google

google/tsunami-security-scanner-plugins

Java Apache-2.0 Security

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

1k stars
217 forks
active
GitHub

1k

Stars

217

Forks

46

Open issues

30

Contributors

AI Analysis

A specialized plugin repository for Tsunami Security Scanner, Google's open-source vulnerability detection tool. It provides detectors for CVEs, exposed APIs, and weak credentials across AI/ML frameworks and infrastructure services like MLflow, Apache Spark, Airflow, and Argo Workflow. Best suited for security teams and DevOps engineers who deploy machine learning and data processing systems and need automated vulnerability scanning tailored to those specific stacks.

Security Security Tool Discovery value: 6/10
Documentation 6/10
Activity 8/10
Community 7/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

ml-framework-security ai-oss-detectors vulnerability-scanner cve-detection security-plugins
Actively maintained Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
5d ago

Plugin ecosystem for Google's Tsunami security scanner, covering emerging infrastructure vulnerabilities

This repository provides a centralized collection of detection plugins for Tsunami Security Scanner, Google's open-source vulnerability scanner. It focuses on detectors for web applications, exposed services, and known CVEs—particularly in AI/ML infrastructure, container orchestration, and data processing frameworks. The project serves security teams and DevSecOps practitioners who integrate Tsunami into their scanning pipelines. It appears to be a reference implementation and community contribution hub rather than a standalone tool.

Origin

Created in June 2020 alongside Tsunami Security Scanner itself, this repository evolved as a sister project to host reusable detection logic. It grew from Google's internal security tooling and has accumulated community-contributed detectors over five years, with periodic updates targeting newly disclosed CVEs in popular infrastructure tools.

Growth

The project gained ~1,000 stars over six years—modest but steady. Recent activity (push on 2026-07-03, +2 stars in 7 days) shows ongoing maintenance. Growth appears driven by Tsunami's adoption in enterprise security workflows and periodic security disclosures requiring new detectors. The fork ratio (217:1,013) suggests active community forking but limited pull-request-based contribution relative to repository size.

In production

Adoption not verified in README or metadata. No case studies, user testimonials, or deployment statistics provided. The parent project (Tsunami Security Scanner, 8,589 stars) suggests enterprise interest, but direct usage of these specific plugins is not documented. Presence on Google's official repository suggests internal or partner usage, but scale is unknown.

Code analysis
Architecture

Appears to be a modular plugin architecture organized by detector type (RCE, credentials, exposed UI) and framework (PyTorch Serve, Ray, MLflow, Spark, etc.). README shows Java-based plugins that integrate with Tsunami's core scanner. Likely uses a dependency injection or plugin registration pattern, though without source inspection, the exact architecture cannot be confirmed.

Tests

Not documented in README. No test directory structure, coverage percentages, or CI/CD pipeline details are mentioned.

Maintenance

Active maintenance as of July 2026 (3 days ago). Most plugins appear to be CVE-specific point releases rather than evolving feature sets. Cadence suggests infrequent but deliberate updates—typical of a vulnerability database-like repository that grows when new threats emerge.

Honest verdict

ADOPT IF: your organization runs Tsunami Security Scanner and needs detectors for specific frameworks (Spark, Airflow, MLflow, etc.) or you want to extend Tsunami's coverage without forking the core scanner. AVOID IF: you need a standalone scanning tool—this is a plugin repository for an existing platform, not a complete solution. MONITOR IF: you evaluate Tsunami as part of a SAST/DAST selection process; the plugin ecosystem maturity may influence whether Tsunami meets your organization's detection requirements.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

2/10

Risks
  • Plugin coverage appears sparse relative to the growing attack surface—only ~30 specialized detectors across a broad infrastructure landscape; may miss vulnerabilities in your specific stack.
  • Adoption not verified at scale; unclear how widely deployed Tsunami (and by extension, these plugins) is, which may indicate adoption is limited to select organizations or internal Google use.
  • CVE-specific plugins may have limited lifespan once patches are released; repository could accumulate stale, unmaintained detectors over time if pruning is not enforced.
  • Dependency on parent project (Tsunami) health; if Tsunami is not actively maintained or loses community support, this plugin repository becomes less valuable.
  • No documented integration path or version compatibility guarantees between plugins and Tsunami versions; users may face plugin-scanner compatibility issues.
Prediction

Likely to remain a niche but stable reference implementation and CVE detector repository. Slow growth expected as new infrastructure vulnerabilities emerge and are added reactively. Unlikely to expand beyond the Tsunami ecosystem unless Tsunami gains significant enterprise adoption first.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Java
92%
HTML
3%
Python
2.7%
Shell
1.5%
Go
0.7%
Dockerfile
0.1%
Jsonnet
0.1%

Information

Language
Java
License
Apache-2.0
Last updated
1w ago
Created
74mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Recent releases

No releases published yet.

Similar repos

google

google/tsunami-security-scanner

Tsunami is a network security scanner developed by Google that uses an...

8.6k Java Security
TideSec

TideSec/TscanPlus

TscanPlus is a comprehensive network security assessment and operations...

We5ter

We5ter/Scanners-Box

Scanners Box is a curated collection of 9,000+ open-source cybersecurity tools...

google

google/osv.dev

OSV.dev is Google's open-source vulnerability database and triage service that...

2.8k Go Security
CuriousLearnerDev

CuriousLearnerDev/Online_tools

A unified tool marketplace and automation platform designed for cybersecurity...

1.1k Python Security
vs. alternatives
google/tsunami-security-scanner (core)

This is the plugin ecosystem for Tsunami itself—not a competitor, but a component. The core scanner provides the scanning engine; this repository provides domain-specific detectors.

We5ter/Scanners-Box

Broader collection of security scanning tools and payloads across multiple categories. Scanners-Box is more of a curated collection; Tsunami plugins are framework-specific and maintained against Tsunami's API.

google/osv.dev

Focuses on vulnerability database and OSS vulnerability tracking. Tsunami plugins are active scanners; OSV.dev is a lookup service. They serve different functions and may be complementary.

Nessus/Qualys plugins

Commercial VULN scanners with similar plugin models. Tsunami's open-source approach attracts cost-conscious and DevSecOps-first organizations; commercial tools dominate large enterprise procurement.

OWASP ZAP add-ons

Similar plugin-based architecture for web application scanning. ZAP focuses on web/API; Tsunami plugins span infrastructure, containers, and ML services—narrower but more specialized.