Skip to content

Add PyPI-based pySigma version dependency detection for plugins #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Add PyPI-based pySigma version dependency detection for plugins #426

wants to merge 3 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Nov 27, 2025
edited
Loading

Plugin pySigma version dependencies are currently maintained manually in the plugin directory. This adds methods to fetch dependency info directly from PyPI metadata and automatically find compatible plugin versions.

Changes

  • pysigma_version_from_pypi(plugin_version=None) - Fetches pySigma version specifier from PyPI requires_dist metadata for latest or specific plugin version
  • find_compatible_version() - Iterates through all PyPI releases (newest first) to find a compatible version for the installed pySigma
  • Helper methods _get_pypi_json() and _extract_pysigma_specifier() for PyPI API interaction

Usage

from sigma.plugins import SigmaPlugin

plugin = SigmaPlugin(...)
plugin.package = "pysigma-backend-splunk"

# Get pySigma requirement from PyPI
specifier = plugin.pysigma_version_from_pypi()  # Latest: <2.0,>=1.0
specifier = plugin.pysigma_version_from_pypi("1.1.3")  # Specific: <0.12.0,>=0.11.18

# Find compatible version for current pySigma installation
compatible = plugin.find_compatible_version()  # Returns e.g. "2.0.0"

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • d3fend.mitre.org
    • Triggering command: /home/REDACTED/.cache/pypoetry/virtualenvs/pysigma-Tjs8INP8-py3.12/bin/pytest /home/REDACTED/.cache/pypoetry/virtualenvs/pysigma-Tjs8INP8-py3.12/bin/pytest --tb=short (dns block)
    • Triggering command: /home/REDACTED/.cache/pypoetry/virtualenvs/pysigma-Tjs8INP8-py3.12/bin/pytest /home/REDACTED/.cache/pypoetry/virtualenvs/pysigma-Tjs8INP8-py3.12/bin/pytest --tb=short -q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Determine pySigma dependency of plugins from package</issue_title>
<issue_description>Currently, the pySigma version dependency of plugins is determined from the plugin directory and has to be maintained manually. This should be changed to determining the plugin dependency directly only from the PyPI package metadata. In addition, if the current version of a plugin is not compatible with an older pySigma version, a matching older version of the plugin should be determined automatically.</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Update plugin dependency resolution for pySigma Add PyPI-based pySigma version dependency detection for plugins Nov 27, 2025
Copilot AI requested a review from thomaspatzke November 27, 2025 23:14
Copilot finished work on behalf of thomaspatzke November 27, 2025 23:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thomaspatzke thomaspatzke Awaiting requested review from thomaspatzke

Assignees

@thomaspatzke thomaspatzke

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Determine pySigma dependency of plugins from package

2 participants

@thomaspatzke