IDE Extensions

The IDE Extensions page provides an organization-wide view of all IDE extensions detected on developer machines.

From this page, you can see:

• A list of all IDE extensions in use

• The users and devices where each extension is installed

• A security score for each extension

You can filter extensions by IDE to focus on a specific development environment.

This view helps you understand which extensions are widely used across your organization and identify extensions that may introduce supply chain risk.

Extension Details

Selecting an IDE extension opens a detailed view with information about its usage and security posture.

Devices Using This Extension

This section shows:

• All devices where the extension is installed

• The version of the extension installed on each device

This helps you understand the spread of an extension across your organization and identify where remediation may be required.

Extension Security Score

Each IDE extension is assigned a security score based on multiple supply chain signals.

The security score provides visibility into factors such as:

• Install base and adoption

• Release recency

• Publisher verification status

• License availability

• Known vulnerabilities

• Repository security posture (for example, branch protection and security policy presence)

This information helps you understand why an extension has its assigned score and supports decisions about whether it should continue to be used within your organization.

Upcoming Capabilities

The following capabilities are currently under development:

• Extension allowlists to define which IDE extensions are permitted across your organization

• Cooldown periods for new extension versions, preventing newly released updates from being used until they have been evaluated

These controls will help reduce exposure to malicious or compromised extension updates while maintaining developer productivity.