> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/dev-machine-guard/overview.md). # Overview Developer machines are an increasingly targeted part of the software supply chain. They store sensitive credentials such as GitHub tokens, package registry publishing credentials, SSH keys, and cloud access keys, and they routinely execute untrusted code through dependencies, IDE extensions, developer tools, and AI coding agents. Recent supply chain attacks have shown how malicious packages, extensions, and tools can execute on developer machines, harvest credentials, and enable attackers to pivot into source repositories, package registries, and release systems, often before any code reaches CI/CD pipelines. ### What is Dev Machine Guard? Dev Machine Guard is not a traditional MDM solution. It is a lightweight, script-based capability designed to integrate with your existing MDM or endpoint management tooling to provide visibility and control into the developer tooling ecosystem, including: * IDE extensions and publishers (VS Code, Cursor, Windsurf, Antigravity, JetBrains IDEs, Android Studio, Eclipse-based IDEs, and Xcode) * Locally installed open-source dependencies (npm, pnpm, bun, yarn, Python, and Homebrew) and OS-level system packages * AI coding agents and agent-driven actions * External tools and MCP server integrations used during development Dev Machine Guard runs on macOS, Windows, and Linux developer endpoints. ### Why you need StepSecurity Dev Machine Guard StepSecurity Dev Machine Guard is not a replacement for traditional MDMs like Kandji, Jamf, or Intune. Those tools are built for device posture, compliance, and fleet management, not for detecting or preventing supply chain attacks that originate from developer machines. Dev Machine Guard extends your existing MDM by addressing the developer-specific attack surface. It provides the visibility and controls needed to detect risky tooling, untrusted dependencies, and malicious integrations before they become a supply chain incident. ### Deployment Model Dev Machine Guard is designed to work on top of your existing endpoint infrastructure. Dev Machine Guard is not a traditional, always-on MDM agent like those used by Kandji, Jamf, or Intune. Instead, it is delivered as a lightweight loader script that you deploy using your existing MDM or EDR tooling. On a schedule you control, the loader downloads a small signed binary, verifies it against a StepSecurity signing key, runs it to collect telemetry, and exits. Nothing sits resident on the machine between scheduled runs. (For Windows fleets, Dev Machine Guard also ships as a signed Windows Installer. See the [Installation Script ](/developer-machines/installation-script.md)documentation for details.) The script runs periodically or on demand and collects the telemetry required to provide visibility into developer machine activity. Collected data is securely sent to the StepSecurity platform for analysis and policy evaluation. This approach allows organizations to extend supply chain visibility to developer machines without introducing a traditional fleet-management agent or replacing existing device management solutions. **You can also follow this interactive demo to see how it works:** {% embed url="" %} ### Documentation The product documentation covers the Dev Machine Guard workspace pages and the deployment script. * [Devices](/developer-machines/devices.md): inventory of every developer machine reporting telemetry, with per-device asset breakdowns (IDE extensions, npm packages, AI agents, MCP servers, system packages) and scan history. * [IDE Extensions](/developer-machines/ide-extensions.md): organization-wide view of every IDE extension and JetBrains plugin in use across your fleet, with per-extension security scores and detection of compromised and typosquatted extensions. * [AI Agents](/developer-machines/ai-agents.md): centralized view of AI coding tools detected across developer machines, grouped by category (CLI tools, IDE and desktop apps, general-purpose agents, frameworks and runtimes). * [MCP Servers](/developer-machines/mcp-servers.md): inventory of Model Context Protocol servers configured across developer machines, including which AI tools have each server registered. * [Suspicious Files](/developer-machines/suspicious-files.md): files flagged by StepSecurity-maintained malicious-file detection rules across enrolled machines (for example, a `binding.gyp` that runs during `npm install`, or editor and AI-tool config files that auto-execute on project open), with confidence levels and attack-campaign attribution. The rules are authored and updated centrally, so detection works out of the box with nothing to configure. * [OSS Package Search](/developer-machines/packages/oss-package-search.md): search for npm, Python, and Homebrew packages installed on developer machines, with exact on-disk locations to support incident response and remediation. * [System Packages](/developer-machines/packages/system-packages.md): visibility into OS-level packages installed via Homebrew on macOS and distribution package managers on Linux (apt, dnf, pacman), including filters for unsigned and third-party Linux packages. * [Package Configs](/developer-machines/packages/package-configs.md): per-device audit of package-manager configuration files (`.npmrc`, `bunfig.toml`, `.yarnrc` / `.yarnrc.yml`, `pip.conf`) across every scope, showing the effective registry each machine resolves from, whether a cooldown policy is in effect, and the authentication surface. * [Installation Script](/developer-machines/installation-script.md): deployment instructions for the loader script across macOS, Windows, and Linux, including how the signed-manifest auto-update flow works. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/dev-machine-guard/overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.