# Introduction

Developer machines are an increasingly targeted part of the software supply chain. They store sensitive credentials such as GitHub tokens, package registry publishing credentials, SSH keys, and cloud access keys, and they routinely execute untrusted code through dependencies, IDE extensions, developer tools, and AI coding agents.

Recent supply chain attacks have shown how malicious packages, extensions, and tools can execute on developer machines, harvest credentials, and enable attackers to pivot into source repositories, package registries, and release systems, often before any code reaches CI/CD pipelines.

### What is Dev Machine Guard?

Dev Machine Guard is not a traditional MDM Solution - it is a lightweight, script-based capability designed to integrate with your existing MDM or endpoint management tooling to provide visibility and control into the developer tooling ecosystem, including:

* IDE extensions and publishers (VSCode, Cursor and JetBrain IDEs)
* Locally installed open-source dependencies (npm, Python and Homebrew)
* AI coding agents and agent-driven actions
* External tools and MCP server integrations used during development

Dev Machine Guard runs on both **macOS** and **Windows** developer endpoints.

#### Why you need StepSecurity Dev Machine Guard

StepSecurity Dev Machine Guard is not a replacement for traditional MDMs like Kandji, Jamf, or Intune. Those tools are built for device posture, compliance, and fleet management, not for detecting or preventing supply chain attacks that originate from developer machines.<br>

Dev Machine Guard extends your existing MDM by addressing the developer-specific attack surface. It provides the visibility and controls needed to detect risky tooling, untrusted dependencies, and malicious integrations before they become a supply chain incident.

### Deployment Model

Dev Machine Guard is designed to work **on top of your existing endpoint infrastructure**.

StepSecurity does **not** deploy or require a proprietary agent. Instead, Dev Machine Guard is delivered as a lightweight script that you deploy using your existing MDM or EDR tooling.

The script runs periodically or on demand and collects telemetry required to provide visibility into developer machine activity. Collected data is securely sent to the StepSecurity platform for analysis and policy evaluation.

This approach allows organizations to extend supply chain visibility to developer machines without introducing new endpoint agents or replacing existing device management solutions.

**For detailed deployment instructions and configuration options, see the** [**Settings**](/dev-machine-guard/installation-script.md) **documentation.**

***

This documentation explains how Dev Machine Guard works, how to deploy it using your existing MDM or EDR tooling, and how to configure visibility and policies for developer machines and AI-assisted development.

**You can also follow this interactive demo to see how it works:**

{% embed url="<https://app.storylane.io/share/13il6g0lp1ep>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/dev-machine-guard/introduction.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.