Running third-party code inside an application like Grafana is tricky.
There are plenty of plugin developers out there that are building some really cool plugins. The challenge right now is not to get more people developing plugins, but for the Grafana team to publish more of the ones that are being built.
To publish a plugin, it needs to be reviewed, vetted, and tested by a Grafana team member. As much as we’d love to “open the flood gates”, we review plugins for two main reasons:
Security: Panel plugins running inside your Grafana inside have access to the data returned by your data sources. There’s nothing that prevents a plugin from shipping your data off to a server somewhere. Are data sources handling credentials responsibly? We currently don’t have any automated vetting for these things, so it comes down to the reviewer to review the source code to make sure that a plugin doesn’t put users at risk.
Quality: We care about the experience for the end users. If every other plugin you install doesn’t load, or crashes randomly, it results in a really poor experience for everyone. For this reason, the reviewer configures each plugin to make sure it works as expected (which might include having to learn a new technology). Reviewers also prioritize updates to existing plugins over new ones to increase the quality of the ones have been published already.
At the moment, there are 1-2 people in the Grafana team that review plugins, part-time. We’re currently working on a new automated submission process that’s going to save us a lot of time, but it’ll take some time before we can start reaping the benefits from this.
I hope I could provide some insights. I’d be happy to answer any other questions you might have!