Plugin ecosystem

Track-based plugin architecture with explicit safety context.

NOX ships 9 tracks and 30 plugins. Each track publishes risk class, CI safety, and offline capability to support predictable rollout decisions.

Total tracks

Total plugins

CI-safe tracks

Track 1

Core Analysis

Static analysis plugins for source and config files. Fast, deterministic, and safe in local and CI workflows.

passive
CI yes
Offline yes
RO yes

nox-plugin-arch-lint Architecture dependency rules and security pattern detection
nox-plugin-container Dockerfile linting, image vulnerability scanning, container SBOM
nox-plugin-sast Language-specific vulnerability detection (SQL injection, XSS, path traversal)
nox-plugin-logic-scan Business logic vulnerability detection with optional AI analysis
nox-plugin-mcp-scan MCP server configuration security analysis (8 rules)

Track 2

Dynamic & Runtime Security

Runtime-facing plugins for active testing of deployed services and environments with explicit opt-in.

active
CI no
Offline no
RO no

nox-plugin-api-abuse API authorization testing (BOLA, BFLA, rate-limit)
nox-plugin-attack-surface Static endpoint extraction and exposure mapping
nox-plugin-dast DAST web/API scanning (passive and active modes)
nox-plugin-k8s-runtime Live Kubernetes cluster security scanning (8 rules)
nox-plugin-red-team Attack chain analysis and HTTP validation (10 rules)

Track 3

Supply Chain & Provenance

Integrity and provenance checks for build outputs, dependencies, and release artifacts.

passive
CI yes
Offline no
RO yes

nox-plugin-artifact-integrity Release verification and build comparison
nox-plugin-depconfusion Dependency confusion detection and prevention
nox-plugin-provenance SLSA attestation generation and verification

Track 4

Policy, Risk & Governance

Plugins that turn findings into enforceable policy and compliance decisions.

passive
CI yes
Offline yes
RO yes

nox-plugin-baseline-mgmt Finding baseline snapshots, diff, and triage
nox-plugin-policy-gate Policy evaluation and CI gate (pass/fail)
nox-plugin-risk-register Risk register generation and trend tracking
nox-plugin-grc GRC compliance assessment across 12 frameworks including FedRAMP

Track 5

Threat Modeling & Design

Design-time security analysis plugins for architecture and threat model quality.

passive
CI yes
Offline yes
RO yes

nox-plugin-threat-explain LLM-enhanced finding explanations and impact analysis
nox-plugin-threat-model STRIDE-based auto-modeling with optional AI threat generation

Track 6

Intelligence & Early Warning

Threat intelligence plugins that provide context, correlation, and early signal amplification.

passive
CI yes
Offline no
RO yes

nox-plugin-risk-score Utility risk scoring and severity calculation
nox-plugin-threat-enrich CVE enrichment and ATT&CK mapping
nox-plugin-risk-context Contextual risk scoring based on environment factors

Track 7

Incident Readiness & Response

Readiness and response quality plugins focused on operational resilience.

passive
CI yes
Offline yes
RO yes

nox-plugin-detect-ready Logging audit and alert coverage analysis
nox-plugin-playbook Incident playbook readiness assessment

Track 8

Developer Experience & Workflow

Workflow plugins that fit NOX outputs into day-to-day engineering practice.

passive
CI yes
Offline yes
RO yes

nox-plugin-lsp Language server protocol integration for editor diagnostics
nox-plugin-orchestrator Scan orchestration, execution planning, and profiles
nox-plugin-report-composer Rich reports (Markdown, HTML, JSON) and dashboards

Track 9

Agent & Assistance

AI-assisted explanation and remediation planning plugins for human and agent users.

passive
CI yes
Offline no
RO yes

nox-plugin-case-bundle Finding grouping and severity aggregation
nox-plugin-triage-agent LLM-powered finding prioritization and classification
nox-plugin-validator Finding validation with optional AI verification