A plugin is the method by which CloudSploit evaluates a cloud security control or best practice. For example, a plugin may check that S3 Bucket encryption is enabled or that an EC2 server is not exposed to the Internet. You can think of plugins as "signatures" in the traditional security product sense. Each scan runs a series of plugins related to the cloud account being scanned. For example, the scan of an AWS account will run a series of AWS plugins to evaluate AWS best practice compliance.