mirror of
https://github.com/mleem97/gregWiki.git
synced 2026-04-11 03:29:19 +02:00
32 lines
1.1 KiB
Markdown
32 lines
1.1 KiB
Markdown
---
|
|
id: plugin-submission-audit
|
|
title: Plugin Submission & Security Audit Workflow
|
|
slug: /contributors/plugin-submission-audit
|
|
---
|
|
|
|
## Goal
|
|
|
|
Provide a repeatable workflow where community authors submit plugins through a Git repository URL, then pass an automated security/quality audit before publication in the wiki and release channels.
|
|
|
|
## Submission Model
|
|
|
|
1. Author opens a **Plugin Submission** issue.
|
|
2. Author provides a public Git repository URL (`https://...git`).
|
|
3. Maintainer triggers the security-audit workflow.
|
|
|
|
## Automated Audit Steps
|
|
|
|
- Clone submitted repository in CI.
|
|
- Run static scan for suspicious calls and execution vectors.
|
|
- Run secret and credential pattern checks.
|
|
- Produce an auditable report artifact.
|
|
|
|
## Release Gate Policy
|
|
|
|
- If audit result is **fail**, publication is blocked.
|
|
- If audit result is **pass**, maintainers can mark module as `releaseReady` and publish wiki/release visibility.
|
|
|
|
## Multiplayer Clarification
|
|
|
|
Steamworks multiplayer remains a planned direction but is currently blocked by missing Steamworks implementation on the game developer side.
|