[FEAT] Plumber Policy-as-Code Marketplace

[0xBenguii]

Plumber Policy-as-Code Marketplace

Create a Plumber Policy Marketplace / Registry (e.g., getplumber.io):

A central hub for discovering, sharing, and installing policies

• Categorized by standards (OWASP, PCI-DSS, ANSSI, CIS, NIST, etc.)
• Includes metadata, versioning, documentation, and examples
• Supports both public and private organizational repositories

To pool effort around reusable security policies
so that teams can quickly achieve compliance with industry standards, discover useful rules, and reuse them easily across projects.

Extend the Plumber CLI to interact with the registry:

# Search available policies
plumber policy search owasp

# Install a policy from the registry
plumber policy install owasp/top-10

# Update an installed policy
plumber policy update owasp/top-10

# Show details about a policy
plumber policy inspect pci-dss/compliance 

Rather than writing policies from scratch for every project, a marketplace enables reuse of existing, proven policies, which saves time and effort. This accelerates adoption, reduces duplicated work, and shortens time to compliance. Reusable components also improve consistency across security practices.

[Joseph94m]

@0xBenguii Thanks for the proposal.

@thomasboni will handle defining the structure of the public, community-managed repo.

I will implement the commands after we have a clearer view of the structure of the community-managed marketplace.

In addition we also want to ensure that the commands allow the user to point at their own market-place whether it is on github, gitlab, private or public,