Cadence logoCadencev0.2.1
Docs/Plugins

Plugins

Extend Cadence's detection pipeline with custom analysis strategies

The Cadence plugin system lets you extend the detection pipeline with custom analysis strategies. Plugins implement the StrategyPlugin interface and integrate seamlessly with all analysis modes CLI, webhook server, and streaming.

What Plugins Can Do

A plugin is a Go struct that:

  • Declares metadata (Info()) — name, category, description
  • Implements detection logic (Detect()) — receives raw SourceData, returns []Detection
  • Participates in all analysis runs automatically once registered
  • Appears in GET /api/plugins when the webhook server is running

Plugin vs Built-in Detector

PluginBuilt-in Detector
Implemented inYour Go codeCadence core
RegistrationPluginManager.Register()Automatic
Listed in /api/pluginsYesNo
Survives restartsRequires re-registrationAlways active
Contributed to StrategyRegistryVia MergeIntoRegistry()Automatic

Guides

  • Writing Plugins — Implement StrategyPlugin, register with PluginManager, and write tests
  • Best Practices — Naming, concurrency, confidence calibration, performance, and common pitfalls
  • Detection ReferenceDetection struct fields, severity levels, and category constants
PreviousAPI ReferenceWebhook ServerNextWriting PluginsPlugins