search
PricingInstall StepSecurity AppLogin

fileIntroduction

Developer machines are an increasingly targeted part of the software supply chain. They store sensitive credentials such as GitHub tokens, package registry publishing credentials, SSH keys, and cloud access keys, and they routinely execute untrusted code through dependencies, IDE extensions, developer tools, and AI coding agents.

Recent supply chain attacks have shown how malicious packages, extensions, and tools can execute on developer machines, harvest credentials, and enable attackers to pivot into source repositories, package registries, and release systems, often before any code reaches CI/CD pipelines.

hashtag
What is Developer MDM?

Developer MDM is StepSecurity’s solution for securing developer machines and AI-assisted development workflows.

It provides visibility and control across the development environment, including:

  • IDE extensions and publishers (VSCode, Cursor)

  • Locally installed open-source dependencies (npm, Python)

  • AI coding agents and agent-driven actions

  • External tools and MCP server integrations used during development

hashtag
Deployment Model

Developer MDM is designed to work on top of your existing endpoint infrastructure.

StepSecurity does not deploy or require a proprietary agent. Instead, Developer MDM is delivered as a lightweight script that you deploy using your existing MDM or EDR tooling.

The script runs periodically or on demand and collects telemetry required to provide visibility into developer machine activity. Collected data is securely sent to the StepSecurity platform for analysis and policy evaluation.

This approach allows organizations to extend supply chain visibility to developer machines without introducing new endpoint agents or replacing existing device management solutions.

For detailed deployment instructions and configuration options, see the Settings documentation.

This documentation explains how Developer MDM works, how to deploy it using your existing MDM or EDR tooling, and how to configure visibility and policies for developer machines and AI-assisted development.

NextDevices

Last updated

Was this helpful?