Security/Projects/Minion/Roadmap

Initial Release (Q4, 2012)

• Web Interface
• Task Engine
• 4 Task Engine Plugins
  • Garmr
  • Zed Attack Proxy
  • Skipfish
  • NMap
• Store data in a db
• Security test on minion - basic security review

As of Dec 21 all Initial Release roadmap items are completed except the security review.

Beta Release (Q1, 2013)

• "Intensity" Scale
  • Guidance to plugins the depth of time and effort the plugin should expend
  • Fast, Normal,
• Interpolation Support
• Common configuration facility
• Site Ownership Authentication
• Site and User data privacy
• Reporting Engine
• 3 Reporting Engine Plugins
  • Bugzilla Support - "File Bug" feature
  • Observatory
  • DEX-JSON Support
• Amazon AMI Maintenance
• Virtual Appliance
• Full Review (Team Review included)

Wishlist

• Pluggable UI components
  • Ability for Task Engine and Reporting Engine plugins to extend UI elements
  • "Paths" - allow a user to define multiple paths to initiating a project
    • URL
    • Repo
    • Vagrant Instructions
• Version checking plugin
• Gauntlt Integration

Interpolation Support Support to have plugins call interpolate in a sane fashion when iterating through the set of available plugins and the set of available data. Site Ownership Authentication THe ability for users to prove ownership of a site by: DNS record, inclusion of a well-known path with random data, or inclusion of a meta tag.

OWASP DEX Support

OWASP DEX is a data exchange format that is designed to faciltate sharing of data between tools. DEX-JSON is a slightly less verbose format that fills the same role, with some abstractions to move away from a stricly HTTP based view of the world.

Observatory Support

)

Bugzilla Support

Implementation of a generalized feature to allow a developer to promote an issue reported by Minion to an actual bug in a bug tracking system. This should be a pluggable interface with support for bugzilla initially.