New Show Hacker News story: Show HN: Coder Guard – Protect Your IDE from Malicious Extensions

Show HN: Coder Guard – Protect Your IDE from Malicious Extensions
3 by itsamy | 0 comments on Hacker News.
There is a growing problem with VSCode extensions: - they're not sandboxed (yet) - just like double-clicking an .exe file - they don't have a permission model - they auto update - they have built-in persistence - they are installed on developer machines with high-value credentials The recent CircleCI and LastPass incidents were both suspected to originate from a compromised developer machine - which is becoming every organization's Achilles heel in terms of cyber posture So I've been working on a way to help mitigate some of these risks Right now, only an MVP of a "CLI" is available: $ code --list-extensions --show-versions | curl --data-binary @- https://ift.tt/LiGnwIp Which will list your installed extensions with some enriched information to vet their trustfulness But much more detailed threat intel will be shown in the upcoming website and extension, including - Behavioural data gathered from running the extension on an instrumented sandbox environment - The ability to define policies to allow or block extension installs/updates, based on your specific risk appetite For updates, sign up at https://coderguard.io or follow https://twitter.com/coderguard The reason I'm posting this now is because I'd like to get some feedback in order to course-correct to make sure what I build actually solves people's problems I'd be happy to read any comments, or answer any questions

Comments

Popular posts from this blog

New Show Hacker News story: Show HN: Natural language Twitter search using Codex

Internet Download Manager Universal Crack is Here ! [IDM 6.25 Build 10 UPDATED]

New Show Hacker News story: Show HN: Movis – A Video Editing Library in Python