This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
AI Analysis
A specialized plugin repository for Tsunami Security Scanner, Google's open-source vulnerability detection tool. It provides detectors for CVEs, exposed APIs, and weak credentials across AI/ML frameworks and infrastructure services like MLflow, Apache Spark, Airflow, and Argo Workflow. Best suited for security teams and DevOps engineers who deploy machine learning and data processing systems and need automated vulnerability scanning tailored to those specific stacks.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Plugin ecosystem for Google's Tsunami security scanner, covering emerging infrastructure vulnerabilities
This repository provides a centralized collection of detection plugins for Tsunami Security Scanner, Google's open-source vulnerability scanner. It focuses on detectors for web applications, exposed services, and known CVEs—particularly in AI/ML infrastructure, container orchestration, and data processing frameworks. The project serves security teams and DevSecOps practitioners who integrate Tsunami into their scanning pipelines. It appears to be a reference implementation and community contribution hub rather than a standalone tool.
Created in June 2020 alongside Tsunami Security Scanner itself, this repository evolved as a sister project to host reusable detection logic. It grew from Google's internal security tooling and has accumulated community-contributed detectors over five years, with periodic updates targeting newly disclosed CVEs in popular infrastructure tools.
The project gained ~1,000 stars over six years—modest but steady. Recent activity (push on 2026-07-03, +2 stars in 7 days) shows ongoing maintenance. Growth appears driven by Tsunami's adoption in enterprise security workflows and periodic security disclosures requiring new detectors. The fork ratio (217:1,013) suggests active community forking but limited pull-request-based contribution relative to repository size.
Adoption not verified in README or metadata. No case studies, user testimonials, or deployment statistics provided. The parent project (Tsunami Security Scanner, 8,589 stars) suggests enterprise interest, but direct usage of these specific plugins is not documented. Presence on Google's official repository suggests internal or partner usage, but scale is unknown.
Appears to be a modular plugin architecture organized by detector type (RCE, credentials, exposed UI) and framework (PyTorch Serve, Ray, MLflow, Spark, etc.). README shows Java-based plugins that integrate with Tsunami's core scanner. Likely uses a dependency injection or plugin registration pattern, though without source inspection, the exact architecture cannot be confirmed.
Not documented in README. No test directory structure, coverage percentages, or CI/CD pipeline details are mentioned.
Active maintenance as of July 2026 (3 days ago). Most plugins appear to be CVE-specific point releases rather than evolving feature sets. Cadence suggests infrequent but deliberate updates—typical of a vulnerability database-like repository that grows when new threats emerge.
ADOPT IF: your organization runs Tsunami Security Scanner and needs detectors for specific frameworks (Spark, Airflow, MLflow, etc.) or you want to extend Tsunami's coverage without forking the core scanner. AVOID IF: you need a standalone scanning tool—this is a plugin repository for an existing platform, not a complete solution. MONITOR IF: you evaluate Tsunami as part of a SAST/DAST selection process; the plugin ecosystem maturity may influence whether Tsunami meets your organization's detection requirements.
Independent dimensions
Mainstream potential
3/10
Technical importance
6/10
Adoption evidence
2/10
- Plugin coverage appears sparse relative to the growing attack surface—only ~30 specialized detectors across a broad infrastructure landscape; may miss vulnerabilities in your specific stack.
- Adoption not verified at scale; unclear how widely deployed Tsunami (and by extension, these plugins) is, which may indicate adoption is limited to select organizations or internal Google use.
- CVE-specific plugins may have limited lifespan once patches are released; repository could accumulate stale, unmaintained detectors over time if pruning is not enforced.
- Dependency on parent project (Tsunami) health; if Tsunami is not actively maintained or loses community support, this plugin repository becomes less valuable.
- No documented integration path or version compatibility guarantees between plugins and Tsunami versions; users may face plugin-scanner compatibility issues.
Likely to remain a niche but stable reference implementation and CVE detector repository. Slow growth expected as new infrastructure vulnerabilities emerge and are added reactively. Unlikely to expand beyond the Tsunami ecosystem unless Tsunami gains significant enterprise adoption first.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Java
- License
- Apache-2.0
- Last updated
- 1w ago
- Created
- 74mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
No open issues — clean slate.
Top contributors
Recent releases
No releases published yet.
Similar repos
google/tsunami-security-scanner
Tsunami is a network security scanner developed by Google that uses an...
TideSec/TscanPlus
TscanPlus is a comprehensive network security assessment and operations...
We5ter/Scanners-Box
Scanners Box is a curated collection of 9,000+ open-source cybersecurity tools...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
1k | — | Java | 7/10 | 1w ago |
|
|
8.6k | — | Java | 8/10 | 2w ago |
|
|
3.8k | — | — | 7/10 | 1w ago |
|
|
9k | — | — | 8/10 | 4d ago |
|
|
2.8k | — | Go | 8/10 | 8h ago |
|
|
1.1k | — | Python | 6/10 | 1d ago |
This is the plugin ecosystem for Tsunami itself—not a competitor, but a component. The core scanner provides the scanning engine; this repository provides domain-specific detectors.
Broader collection of security scanning tools and payloads across multiple categories. Scanners-Box is more of a curated collection; Tsunami plugins are framework-specific and maintained against Tsunami's API.
Focuses on vulnerability database and OSS vulnerability tracking. Tsunami plugins are active scanners; OSV.dev is a lookup service. They serve different functions and may be complementary.
Commercial VULN scanners with similar plugin models. Tsunami's open-source approach attracts cost-conscious and DevSecOps-first organizations; commercial tools dominate large enterprise procurement.
Similar plugin-based architecture for web application scanning. ZAP focuses on web/API; Tsunami plugins span infrastructure, containers, and ML services—narrower but more specialized.