Add extension runtime security article #7920
Conversation
|
@seaniyer Here's the first draft of the dedicated article that discusses extension runtime security. I've reused most of the content that was previously in the FAQ section of the Extension Marketplace article. Can you review and provide feedback if there are other Marketplace measures we need to include? Thanks! |
|
@isidorn First version of this new doc available for your review. TO DO:
|
There was a problem hiding this comment.
This is a great first stab at this document.
I will share it with folk on the MP side and @sandy081 could also give it a read
fyi @joaomoreno
|
|
||
| 1. Select the **Report a concern** link at the bottom of the extension **More Info** section. | ||
|
|
||
| ## Related resources |
There was a problem hiding this comment.
There need s to be a link somewhere to https://code.visualstudio.com/docs/setup/enterprise#_configure-allowed-extensions
The approach would be "Do you want to configure what extensions are allowed in your orgranisation, check out ...."
There was a problem hiding this comment.
Added as a tip at the end of the Reliability section and also included a link in related resources at the end of the doc.
| The Visual Studio Code Marketplace employs several mechanisms to protect you from malicious extensions: | ||
|
|
||
| * **Malware scanning**: The Marketplace runs a malware scan on each extension package that's published to ensure its safety. The scan, which uses several antivirus engines, is run for each new extension and for each extension update. Until the scan is all clear, the extension won't be published in the Marketplace for public usage. | ||
|
|
There was a problem hiding this comment.
We need a section about detonation. Not disclosing everything that is being done, but just that we have a dynamic detection mechanism in a clean room VM.
There was a problem hiding this comment.
I added an item - can you review if this is correct and sufficiently detailed?
|
The goal of this doc is to:
|
Fixes #7874