extensions
Safeguard articles tagged "extensions" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Azure Functions extensions as a supply chain entry point in 2026
Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.
VS Code Extensions and Supply Chain Risk in 2026
VS Code extensions run with full editor privileges and broad filesystem access. A look at the real attacks, the marketplace's blind spots, and how to harden the workstation.
Python Cython Extensions and the Supply Chain
Cython-built Python extensions ship as platform-specific binaries with a build toolchain behind them. That introduces supply chain surface most teams have not mapped.
VS Code Extension Marketplace Security: The IDE Supply Chain
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.
Database Extensions as Supply Chain Risk: The Overlooked Attack Surface
PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.