Safeguard
Tag

ide-security

Safeguard articles tagged "ide-security" — guides, analysis, and best practices for software supply chain and application security.

10 articles

AI Security

The Cursor extension that cost a developer $500,000

A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.

Jul 16, 20266 min read
Application Security

Code injection risks in CLI tools and IDE plugins

A malicious npm dependency hid in event-stream for 8M downloads before detection. Developer tooling is a code-injection blast radius most teams never audit.

Jul 15, 20266 min read
Supply Chain Security

What developer-first supply chain security actually requires

The xz-utils backdoor was caught by a 500ms SSH login delay, not a scanner. Real developer-first security means catching it before the commit ships.

Jul 8, 20267 min read
AI Security

Cursor IDE Security Model: What Enterprises Need to Know

Cursor's 2026 security model introduces privacy modes, indexing controls, and agent sandboxes. Here is the enterprise-ready view of what works.

Feb 12, 20265 min read
Agent Security

Windsurf CVE-2025-62353: Path Traversal in Cascade and the IDEsaster Wave

HiddenLayer's CVSS 9.8 Windsurf flaw exfiltrated secrets even with write_to_file on the deny list. The Cascade agent's filesystem trust broke wide open.

Oct 21, 20256 min read
Product

How the Snyk Language Server powers IDE plugins across VS...

A technical look at how Snyk's Go-based Language Server uses LSP and a delegating scanner pattern to power VS Code, JetBrains, and Eclipse plugins from one binary.

Aug 18, 20257 min read
Product

How Snyk's JetBrains plugin family supports IntelliJ, PyC...

A mechanical look at how Snyk ships one JetBrains plugin across IntelliJ, PyCharm, WebStorm, GoLand, and Rider using a shared platform and backend scan engine.

Aug 18, 20256 min read
DevSecOps

The Hidden Cost of Context Switching Between IDE and Secu...

Jumping between your IDE and security dashboards isn't free. Here's what context switching really costs developers, and how to eliminate it.

Jul 17, 20257 min read
Developer Security

JetBrains Plugin Security Verification: Protecting Your IDE

IDE plugins run with the same privileges as your IDE. A malicious IntelliJ plugin has access to your source code, credentials, and development environment.

Jun 12, 20235 min read
Developer Security

VS Code Extension Marketplace Security: The IDE Supply Chain

VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.

Oct 18, 20225 min read
ide-security — Safeguard Blog