Streamline supply chain security by quickly detecting malicious, risky, vulnerable, or non-compliant third-party IDE extensions
The first platform to streamline, detect, and govern supply chain risks of third-party IDE extensions, powered by our novel analysis engine.
And this is just the beginning…
ExtensionTotal continuously analyzes extensions listed on the IDE marketplaces. Each extension is unpacked, hundreds of attributes are extracted, enriched, and factored into a risk score.
With our risk assessment, security teams can determine extension risk and take action on risky extensions that violate the organization policy
Enhance your security posture discovering extensions in use within your organization. Continuously assess risk and ensure compliance for critical extensions to maintain the integrity and safety of your development environment
Enforce custom policies to mitigate risks from non-compliant IDEs and extensions. Govern your development tools to uphold your organizational security standards.
#!/bin/bash
loggedInUser=$(stat -f "%Su" /dev/console)
codePath="/Applications/Visual Studio Code.app/Contents/Resources/app/bin/code"
cd /Users/"$loggedInUser"
codeExtensions=$(sudo -u "$loggedInUser" "$codePath" --list-extensions)
jsonResult="{\"extensions\":["
while IFS= read -r line || [[ -n $line ]]; do
content=$(curl -s --location 'https://app.extensiontotal.com/api/getExtensionRisk' \
--header 'Content-Type: application/json' \
--header 'Cookie: SameSite=None' \
--header 'x-api-key: <YOUR_API_KEY>' \
--data "{
\"q\": \"$line\"
}")
jsonResult+="$content,"
done < <(printf '%s' "$codeExtensions")
jsonResult=${jsonResult%,}
jsonResult+="]}"
echo "$jsonResult"
We'd love to learn more about what brings you here (maybe you're trying out something new and cool - that's great, too)