Portal Community
InstallHub

Security Scanning

Every package that passes through InstallHub — whether imported directly or installed from the marketplace — is subject to mandatory security scanning. Scanning is non-optional and cannot be bypassed, even by administrators.

Why Mandatory Scanning?

InstallHub packages contain executable workflow logic, AI agent configurations, and business rules. A malicious or compromised package could exfiltrate data, corrupt tenant state, or introduce injection vulnerabilities into running processes. Scanning provides a defense-in-depth layer that operates independently of the package publisher's intentions.

When Scanning Runs

ContextWhenBlocks On FAIL?Status
Direct import (Phase 2)Before installation beginsYes — import aborted and rolled backImplemented
Dry-run importDuring dry-run pipelineReported in dry-run resultImplemented
Marketplace submissionBefore listing the packageYes — rejected, not listedPhase 3 Pending
Marketplace installBefore installation begins (re-scan of cached package)Yes — install abortedPhase 3 Pending

Checks Performed

Expression
Injection
SQL
Injection
Dependency
CVE
Content
Policy
Credential
Exposure

IPackageSecurityScanner Interface

public interface IPackageSecurityScanner
{
    Task<ScanReport> ScanAsync(
        PackageBundle        bundle,
        ScanContext          context,
        CancellationToken    cancellationToken = default);
}

public record ScanReport
{
    public ScanResult          OverallResult  { get; init; }  // Pass, Warn, Fail
    public IReadOnlyList<ScanFinding> Findings { get; init; }
    public DateTimeOffset      ScannedAt      { get; init; }
    public long                DurationMs     { get; init; }
}

public record ScanFinding
{
    public string   Check         { get; init; }
    public Severity Severity      { get; init; }  // Critical, High, Medium, Low
    public string   ArtifactType  { get; init; }
    public string   ArtifactName  { get; init; }
    public string   Field         { get; init; }
    public string   Value         { get; init; }
    public string   Rule          { get; init; }
    public string   Message       { get; init; }
}

public enum ScanResult { Pass, Warn, Fail }

Result Summary

ResultOverall MeaningImport ActionMarketplace Action
PASSZero findings across all checksProceeds normallyListed with green badge
WARNOne or more medium/low findings, no critical/highProceeds with warning in audit logListed with yellow badge; human review recommended
FAILOne or more critical or high findingsBlocked — import aborted, package not installedRejected — not listed
Next: Expression Injection Detection →