MootDACH 2026: MDLShield - Expert security code reviews for Moodle™ plugin developers

Hi all,

during the last weeks, I tested the new service of mdlshield.com which provides expert security code reviews for Moodle™ plugin developers.

I was in touch directly with the vendors as well and got some more background information and insider knowledge about their intent and roadmap. But as no-one of them seems to be able to attend the MoodleMootDACH to present their product and as I know that other developers are playing with this service as well, I am wondering if it would make sense to pitch a MDLShield session to discuss and share our experiences with this service and to canalize our expectations to, maybe, give some feedback to the vendor afterwards.

I would volunteer to give a (really short) introduction into the service, but this will not be a vending presentation at all. Afterwards, I would appreciate if others would chime in.
Please raise your hand if you have already tested this service and would like to share your experience actively in the session as well so that I can prepare the session.

Cheers,
Alex

Re: MDLShield - Expert security code reviews for Moodle™ plugin developers

di Luca Bösch - martedì, 23 giugno 2026, 09:08

Thanks, Alex.
I have.
And I think I have an non-obvious thing to point out that is maybe worth it.
Having only 2 reviews per month in the free tier, as developer you have to act carefully.
So with the "May" credit I had a plugin of mine scanned.
Found some things, I worked on it.
Came June, I thought: "let's have MDLShield rescan it!" (one of the two free runs, the other one I passed to another plugin). Turns out it scanned the same commit as in May. I 'burnt' one of my monthly two scans uselessly.

Re: MDLShield - Expert security code reviews for Moodle™ plugin developers

di Alexander Bias - martedì, 23 giugno 2026, 09:58

Thanks, Luca.

Yes, this aspect is one of the points which I discussed with the vendor and would like to point out in the session.

Until then, you can look at https://mdlshield.com/pricing and particularly to the "AI Review Credits" box and the "Coming soon" list at the bottom. There is now a possibility to buy additional credits (if you burnt your free ones already) and there will also be a possibility to scan pre-releases to make sure that all findings are solved before making the next release.

Cheers,
Alex

Re: MDLShield - Expert security code reviews for Moodle™ plugin developers

di Amanda Doughty - martedì, 23 giugno 2026, 09:11

Hi Alex, I saw Marina post about this yesterday. I'd be interested in a short demo.

Re: MDLShield - Expert security code reviews for Moodle™ plugin developers

di Marina Glancy - martedì, 23 giugno 2026, 20:06

Thanks Alexander, I'm one of the authors of MDL Shield, glad you're finding it useful! Sorry we can't make it to MoodleMootDACH this year, we'll be keen to hear how the session goes.

One UI confusion we've already spotted: we sync new plugin releases every 12 hours, so if you publish a release and try to scan it right away, MDL Shield may still be looking at the previous release, and you can end up scanning the old version twice. We've now set it to every four hours, and will introduce per-plugin refresh in our next sprint.

For the duration of the Moot, anyone can use coupon code MOOTDACH26 to receive a 50% discount - valid until 4th of July 23:59.

We're hoping to ship pre-release and external git repository reviews before the moot.

Looking forward to your feedback!
Cheers, Marina