Skip to content

feat: Add metadata support to custom detectors #4625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
effortlessdevsec wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Add metadata support to custom detectors #4625

effortlessdevsec wants to merge 2 commits into from

Conversation

@effortlessdevsec
Copy link

@effortlessdevsec effortlessdevsec commented Dec 30, 2025

Feature Request: Add Metadata Support to Custom Detectors

Summary

Add support for a metadata field in custom detector configurations that automatically populates the ExtraData field in detector results. This would allow users to attach custom key-value metadata directly in the YAML configuration without requiring code changes.

Use Case

Currently, custom detectors can only set metadata programmatically in the code. Users should be able to define metadata directly in their custom detector YAML configuration files, which would then be automatically included in the ExtraData field of all results from that detector.

This would be useful for:

  • Adding environment tags (e.g., environment: production)
  • Adding team ownership information (e.g., team: security)
  • Adding severity levels (e.g., severity: high)
  • Adding rotation guides or documentation links
  • Adding any custom contextual information that should be associated with detected secrets

Proposed Implementation

1. Proto Definition Update

Add a metadata field to the CustomRegex message in proto/custom_detectors.proto:

message CustomRegex {
  // ... existing fields ...
  map<string, string> metadata = 12;
}

2. Code Implementation

Update pkg/custom_detectors/custom_detectors.go to copy metadata from the detector configuration to ExtraData when creating results:

// In createResults function
if metadata := c.GetMetadata(); metadata != nil {
    for key, value := range metadata {
        result.ExtraData[key] = value
    }
}

Example Usage

YAML Configuration

detectors:
- name: my-api-key-detector
  keywords:
  - api
  - key
  regex:
    api_key: "your-regex-here"
  metadata:
    environment: "production"
    team: "security"
    severity: "high"
    rotation_guide: "https://example.com/rotate-api-keys"
    custom_field: "any value"

Result

All results from this detector would automatically include the metadata in ExtraData:

{
  "DetectorName": "my-api-key-detector",
  "ExtraData": {
    "name": "my-api-key-detector",
    "environment": "production",
    "team": "security",
    "severity": "high",
    "rotation_guide": "https://example.com/rotate-api-keys",
    "custom_field": "any value"
  }
}

@effortlessdevsec effortlessdevsec requested a review from a team December 30, 2025 03:00
@effortlessdevsec effortlessdevsec requested review from a team as code owners December 30, 2025 03:00
@kashifkhan0771
Copy link
Contributor

kashifkhan0771 commented Dec 30, 2025

You need to run the command make protos after making changes in the .proto file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@effortlessdevsec @kashifkhan0771