Safeguard
Tag

vs-code

Safeguard articles tagged "vs-code" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Supply Chain Security

IDE extension marketplace trust and verification

Wiz Research found 550+ leaked secrets across 500+ VS Code extensions, including publisher tokens that let attackers push malicious updates to entire install bases.

Jul 10, 20266 min read
Supply Chain Attacks

The Cursor IDE extension that stole $500K: a supply chain post-mortem

A fake 'Solidity Language' extension hit 50,000+ downloads on Open VSX before stealing $500K in crypto. Here's how IDE marketplaces became a trust gap.

Jul 9, 20265 min read
Incident Postmortem

GitHub VS Code Extension Breach (20 May 2026): What Happened, How It Worked, and What to Do Monday Morning

GitHub disclosed on 20 May 2026 that a poisoned VS Code Marketplace extension was used to exfiltrate roughly 3,800 private repositories from enterprise engineering orgs, landing in the middle of a broader May 2026 wave of developer-surface supply chain attacks.

May 20, 202616 min read
Tutorials

Getting Started with Safeguard IDE Extension (VS Code)

A step-by-step walkthrough for installing, configuring, and using the Safeguard VS Code extension to catch supply chain issues before you commit.

Jan 25, 20266 min read
Product

Safeguard IDE Extension: Supply Chain Intelligence in Your Editor

The Safeguard VS Code extension surfaces vulnerability data, dependency health, and policy violations directly in your editor as you write code.

Jun 15, 20246 min read
Developer Security

VS Code Extension Marketplace Security: The IDE Supply Chain

VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.

Oct 18, 20225 min read
vs-code — Safeguard Blog