Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan their projects using a friendly interface.

A simplified Minion diagram:

NOTE - this project is at a very early stage in its development.

Roadmap

Initial Release (Q4, 2012)

• Web Interface
• Task Engine
• 4 Task Engine Plugins
  • Garmr
  • Zed Attack Proxy
  • Skipfish
  • NMap
• Store data in a db
• Security test on minion - basic security review

Beta Release (Q1, 2013)

• "Intensity" Scale
  • Guidance to plugins the depth of time and effort the plugin should expend
  • Fast, Normal,
• Interpolation Support
• Common configuration facility
• Site Ownership Authentication
• Site and User data privacy
• Reporting Engine
• 3 Reporting Engine Plugins
  • Bugzilla Support - "File Bug" feature
  • Observatory
  • DEX-JSON Support
• Amazon AMI Maintenance
• Virtual Appliance
• Full Review (Team Review included)

Wishlist

• Pluggable UI components
  • Ability for Task Engine and Reporting Engine plugins to extend UI elements
  • "Paths" - allow a user to define multiple paths to initiating a project
    • URL
    • Repo
    • Vagrant Instructions
• Version checking plugin

Details

• Principles
• Architecture
• Components
  • Web UI
  • Task Engine
  • Plugin Service
  • Plugins
• Implementation Details

Links

All of the following are publicly accessible:

• Source code: https://github.com/ygjb/minion
• Task management: https://trello.com/b/DlVPzGaS
• Email list: http://groups.google.com/group/mozilla-minion-dev
• Security/Projects/Minion/Roadmap
• We also use the #minion channel on irc.mozilla.org

Developers:

• Simon Bennetts (Psiinon)
• Stefan Arentz
• Matthew Goodwin