Publishing a custom module
Option A — share as a git repo
Teammates clone into their ~/.pencheff/custom_modules/:
cd ~/.pencheff/custom_modules
git clone https://github.com/your-org/pencheff-modules.git
export PENCHEFF_ENABLE_CUSTOM_MODULES=1Any file in the clone’s root is auto-discovered.
Option B — PyPI
Package a proper Python distribution so anyone can pip install it.
The module loader also inspects every installed package — if your
package declares a pencheff.plugins entry point, it gets registered
on startup without copying files.
# pyproject.toml
[project]
name = "pencheff-robots-check"
version = "1.0.0"
[project.entry-points."pencheff.plugins"]
robots_check = "pencheff_robots_check:RobotsCheck"Then:
pip install pencheff-robots-checkOption C — upstream into the main plugin
Open a PR against
pencheff — well-scoped,
tested modules are welcome. See CONTRIBUTING.md for the criteria
(unit tests, compliance mapping entries, fixture updates).
Release-note template
Include a one-paragraph description, default severity, OWASP category, and a link to the test fixture that demonstrates the check firing.