Could nuclei launch tools like safety, bandit, semgrep in templates?

[cklonger]

I am conducting security testing with nuclei.
I only find ssl, dns, and http related keywords in templates.
Could nuclei launch tools like safety, bandit, semgrep in template?

[ehsandeep]

@cklonger No, we can currently define steps / rules in the template for the supported protocols in the nuclei engine, which are: http, dns, ssl, network, whois, wss, and file.

With user security in mind, executing other security tools from a template is currently restricted. But, if you don't mind, could you describe the use case you're attempting to accomplish here?

[cklonger]

Hello @ehsandeep
Thanks for your reply.
My idea is simple.
My use case is we might have chance to conduct white/gray box testing.
If we have requirement.txt and source code, we would use safety and bandit to scan the source code (python project)
We may have a self-define tool keyword which we can used in template
And the path of tool, the path of source code folder as input parameter.
We could integrating tools and summarize all this scan result into json files.
To find all the possible vulnerabilities of the web application