We're happily taking patches and other contributions. The process is documented at https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Contributing Please have a look at this document before submitting.
Before accepting your pull requests we need you or your organization to sign our contribution agreement.
We do this to keep the ownership of Suricata in one hand: the Open Information Security Foundation. See https://suricata-ids.org/about/open-source/ and https://suricata-ids.org/about/contribution-agreement/
Suricata is a complex piece of software dealing with mostly untrusted input. Mishandling this input will have serious consequences:
- in IPS mode a crash may knock a network offline;
- in passive mode a compromise of the IDS may lead to loss of critical and confidential data;
- missed detection may lead to undetected compromise of the network.
In other words, we think the stakes are pretty high, especially since in many common cases the IDS/IPS will be directly reachable by an attacker.
For this reason, we have developed a QA process that is quite extensive. A consequence is that contributing to Suricata can be a somewhat lengthy process.
On a high level, the steps are:
-
Travis-CI based build & unit testing. This runs automatically when a pull request is made.
-
Review by devs from the team and community
-
QA runs trigged by the team
If you have questions about contributing, please contact us via https://suricata-ids.org/support/