This repository contains the officially supported first-party plugins for the Zero Trust Vulnerability Scanner (ZTVS). These plugins provide critical host security auditing across various environments.
These plugins are built using the ZTVS Go SDK and optimized for performance.
plugin-os: Core operating system security checks (SSH hardening, password policies, user auditing).plugin-axios-mitigation: (Go version) Supply-chain protection targeting known compromised dependencies.
These plugins are executed via the ZTVS Python SDK and require the uv runtime.
plugin-axios-github-scan: Advanced GitHub organization auditing for axios vulnerabilities and deployment monitoring.
You do not need to install these plugins manually. The zt engine automatically discovers and installs them from the official registry.
To sync with the latest versions:
zt plugin updateIf you want to modify or build plugins manually, ensure you have Go 1.26.1+ installed.
git clone https://github.com/mosesgameli/ztvs-plugins.git
cd ztvs-plugins
make buildThis will produce binaries in the dist/ directory. You can copy these to your local plugin path:
- Linux/macOS:
~/.ztvs/plugins/ - Windows:
%LOCALAPPDATA%\ztvs\plugins\
Interested in building your own? Check out the ZTVS Documentation for the full protocol specification.
This project is licensed under the MIT License. See LICENSE for details.