ExtensionTotal

Streamline supply chain security by quickly detecting malicious, risky, vulnerable, or non-compliant third-party IDE extensions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Darcula
Github Copilot
Pythagora
IntelliSense for CSS
SUPPORTED
Visual Studio (Enterprise)
Visual Studio Code
Jetbrains (Enterprise)
Add ExtensionTotal to VS Code - It's Free! ->
USed by the best security teams in the world
vs code EXTENSIONS HAVE 
LIMITLESS CONTROL OVER your endpoint

Your code, your secrets, in the hands of 80K VS Code extensions

anyone can publish an extension within 30 minutes

IDE Extension marketplaces lacks security controls

The average developer installs over 40 extensions in the IDE

Developer IDEs are unmanaged

introducing

ExtensionTotal

The first platform to streamline, detect, and govern supply chain risks of third-party IDE extensions, powered by our novel analysis engine.
And this is just the beginning…

How does it work?

ExtensionTotal continuously analyzes extensions listed on the IDE marketplaces. Each extension is unpacked, hundreds of attributes are extracted, enriched, and factored into a risk score.

use cases

How Organizations Are Using ExtensionTotal

Detect Malicious Extensions
Discovery and Inventory
Policy Enforcement
Streamline Extensions Vetting
Third-Party AI Exposure
Private Registry
Quickly Vet
Inventory & Posture
Govern & Remediate

Quickly Vet IDE Extensions

With our risk assessment, security teams can determine extension risk and take action on risky extensions that violate the organization policy

Get Started

Take Off The Blindfold

Enhance your security posture discovering extensions in use within your organization. Continuously assess risk and ensure compliance for critical extensions to maintain the integrity and safety of your development environment

Get Started

End-to-end Extension Governance

Enforce custom policies to mitigate risks from non-compliant IDEs and extensions. Govern your development tools to uphold your organizational security standards.

Get Started
Jambo Main Features

A new way to collect and analyze customer feedback.

Boards and Pages
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Boards and Pages
Use Jambo for analyzing user feedback & valuable insights
Custom Domains
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Public Roadmap
Use Jambo for analyzing user feedback & valuable insights
Integrations
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Vote System
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Jambo Main Features

A new way to collect and analyze customer feedback.

Boards and Pages
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Boards and Pages
Use Jambo for analyzing user feedback & valuable insights
Custom Domains
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Public Roadmap
Use Jambo for analyzing user feedback & valuable insights
Integrations
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.
Vote System
Use Jambo for analyze and engage with user feedback & valuable insights effortlessly.

Do you know what extensions are installed in your organization?

Get started with your MDM to discover installed extensions and leverage ExtensionTotal API for risk and threat intelligence
• API paid subscription required
#!/bin/bash

loggedInUser=$(stat -f "%Su" /dev/console)
codePath="/Applications/Visual Studio Code.app/Contents/Resources/app/bin/code"
cd /Users/"$loggedInUser"
codeExtensions=$(sudo -u "$loggedInUser" "$codePath" --list-extensions)

jsonResult="{\"extensions\":["

while IFS= read -r line || [[ -n $line ]]; do
    content=$(curl -s --location 'https://app.extensiontotal.com/api/getExtensionRisk' \
    --header 'Content-Type: application/json' \
    --header 'Cookie: SameSite=None' \
    --header 'x-api-key: <YOUR_API_KEY>' \
    --data "{
      \"q\": \"$line\"
    }")
    jsonResult+="$content,"
    done < <(printf '%s' "$codeExtensions")

jsonResult=${jsonResult%,}
jsonResult+="]}"
echo "$jsonResult"
api RATE LIMITS APPLY | macos compatible script
people are talking about OUR RESEARCH

Security people talk about us

Testimonial section title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse tincidunt sagittis eros. Quisque quis euismod lorem.

"If there was any proof missing that the engineering ecosystem is a land of infinite opportunities for adversaries...."

Daniel Krivelevich

AppSec CTO @ Palo Alto Networks | Co-Founder & CTO @ Cider Security

If VSCode is being used in your org I recommend reading these blog posts which have been reported on by BleepingComputer..ebepingComputer

Kevin Gray

Cyber Security at NatWest

"At most organizations, developers have the most sensitive data, but also the most relaxed controls..."

James Berthoty

Security Engineer Turned Analyst @ Latio Tech

Lorem Ipsum is simply dummy text of the printing and typesetting industry.

Profile name

CEO / Creative IT

Read our research

How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension

Read our blog to learn how we hacked the VSCode Marketplace

Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace

Learn through numbers on how exposed your organization is to VSCode

A Letter to Microsoft: Uncovering Design Flaws of Visual Studio Code Extensions

Our letter to Microsoft discussing the security design flaws in VSCode
Extensiontotal was built in a month

We love building, follow us

Amit Assaraf

Want to chat?

We'd love to learn more about what brings you here (maybe you're trying out something new and cool - that's great, too)

Lets chat 👋

Extension Total Inc
1000 N. West St, Suite 1400
Wilmington, DE 19801, USA

Extension Total LTD
HaEgoz St #6, 9090100
Givon Hahadasha, Israel

Terms
Privacy
Cookies