Lack of enterprise policy and extension central mgmt for MacOS opens companies to a supply chain attack #209095
Assignees
Labels
*duplicate
Issue identified as a duplicate of another issue(s)
Comments
|
Previous issue #186556 |
|
It was closed because it's being tracked already as a feature request via #148942 Comments can be left there, separate issues are just duplicates of that request and closed as such |
lramos15
added
*duplicate
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently visual studio code offers a group policy template to centrally manage visual studio code settings on windows. However, no support for centralized policy management is available for macOS. Further given that currently developers can install any vs code extension directly into the editor and the lack of supply chain controls over who can develop extensions and how they are vetted this opens up every enterprise customer to a supply chain attack where code can be stolen, intercepted or hostile code can be injected.
As a security professional, it is mandatory to be able to control which extensions can be installed by a developer by either enforcing a list of approved extensions or configuring visual studio code to only install extension from an enterprise code control repository.
This is a critical showstopper for enterprises to trust visual studio code as an enterprise ready solution.
Previous issue asking for this was closed with no explanation by @joaomoreno
The text was updated successfully, but these errors were encountered: