← Back to projects

Risk & Compliance Analyzer for Moodle™ (MRCA)

Role: Backend Architect & Plugin Developer

Plugin that performs automated security, privacy, and compliance audits in Moodle, generating a unified Risk Index.

Technologies

PHPMoodleMySQLJavaScript
View on GitHub →

The Problem

Moodle is the most widely adopted LMS globally. However, in jurisdictions with strong data protection regulations such as the European Union (GDPR), educational institutions face strict obligations regarding the processing of personal data.

Moodle provides no built-in mechanism to audit installed third-party plugins for:

  • Privacy compliance: Declaring what personal data the plugin stores.
  • Security risks: Detecting unsafe PHP functions or outdated dependencies.
  • Permission exposure: Finding critical capabilities assigned to non-admin roles.

The Solution

MRCA was built to fill this gap. It features an automated scanning engine that analyzes multiple risk dimensions, producing a unified Site Risk Index (0–100) and actionable compliance reports.

The core infrastructure relies on four interconnected scanners:

  1. Privacy Scanner: Identifies and classifies personally identifiable information (PII) across database tables.
  2. Dependency & Structural Scanner: Finds deprecated APIs, missing dependencies, and unsafe PHP usage.
  3. Capability Scanner: Prevents privilege escalation by analyzing role permissions.
  4. Correlation Engine: Amplifies the risk score when multiple layers flag the same plugin.

Results are presented via a visual Dashboard within Site Administration, featuring report exports (PDF, CSV, JSON) and optional SIEM integrations via Webhooks or the Integration Hub for Moodle™ (MIH).

If you are interested in more Plugins for Moodle™ like this or wish to see other Moodle projects, please visit plugins.mrjacket.dev.