5Şub
Cybersecurity Strategy for a VSCode extension
I am working on an internal project which involves the creation of a VSCode extension like Github Copilot for internal projects.
I have to do the security strategy for this project. I thought of static/dynamic analysis of the existing code, penetration tests, defense against supply chain attacks and API security (even though we use the one from Github). Moreover, I am going to use Azure AI Evaluator & the Github Dependabot and some other tools.
I need your advice on what I should add or how a good Security Strategy would look like for this kind of project?
Eventually, should I worry about the security of this extension? Or everything is taken care of automatically by the Microsoft since it's a VSCode extension?
