The VS Code extension marketplace is a double-edged sword: it gives us countless extensions which make our lives a lot easier, but on the other hand it contains malicious extensions impersonating popular tools or just plain simple info stealers. This means there is a significant risk that these extensions can leak your developer credentials together with your source code, and as is stands today we lack a clear way to manage these risk.

In this session, we’ll design and implement a governance solution using the combination of PowerShell, CI/CD workflows, pipelines, and artifacts together with code scanning, and finally with Intune to mitigate these risks. By the end, you’ll have a framework adaptable to other package ecosystems like NuGet and npm, bringing a scalable, enterprise-ready layer of security to your development workflows.

Don’t leave your developers at risk—join us to tackle this challenge head-on!