• Supply Chain Security on VSCode Extensions

    It happens here* and it can happen anywhere.

    broken image

    Alan Hardland

    Chief Security Officer

    "Hey guys, I heard that VSCode extensions are Node.js applications. So naturally they come with vulnerabilities and security risks. To be compliant with our security policies, we need to take actions ASAP."

    broken image

    Sarah Holding

    Chief Operation Officer

    "Aha, I see. So we can try to block their access to Microsoft Marketplace, right? I can do that in a minute. Anything else should I take into consideration?"

    broken image

    George Stone

    Chief Technology Officer

    "Blocking access? Then what? How can our engineering team search and install extensions as usual and maintain their productivity? You should know that VSCode is of little use without extensions!"

    broken image

    LeXtudio Inc.

    Solution Provider

    "We understand these concerns about VSCode extensions are multifaceted: security, operational, usability, and many more. As a professional and dedicated software vendor, we are happy to offer our unique and hassle-free solution."



    * This is a fictional scenario designed to illustrate real-world concerns when using VSCode extensions in risk-sensitive enterprises.

  • Our Solution

    A private VSCode extension marketplace will take care of everything for you.

    broken image



    No learning curve

    The private marketplace should not change any developer experience in VSCode. They can search/install extensions with just a few clicks.

    broken image



    No compliance issue

    Extensions should be validated, auto updated, removed on emergencies. Those requiring external downloads must be internalized.

    broken image



    Easy discovery

    The private marketplace should enable easy-to-use search and recommendations, which are tailored for the company or department.

    broken image



    Flexible deployment options

    The private marketplace should support a variety of deployment options (single server, multi-server, and/or SaaS).

    broken image



    Capability to serve many

    No matter how many developers connect to the private marketplace, it should reliably handle the load and respond fast.

    broken image



    No maintenance nightmare

    The private marketplace should be easy to maintain and upgrade. Any issues and emergencies can be resolved quickly.

  • Screenshots

    How does Scarborough for VSCode look like?

    broken image

    Scarborough Extensions in VSCode

    Easy-to-use section in VSCode that resembles familiar user experience on searching/installing extensions.

    broken image

    Scarborough Server

    All-in-one enterprise server for extension lifecycle management that remedies all usability, operational and security concerns.

  • Benefits

    How does Scarborough for VSCode help?

    broken image



    "Nice. Now I can audit all actions around extensions, including acquisition and installation. Even security emergencies can be handled easily."

    broken image



    "Great. The operation team found it easy to maintain and upgrade, and we can monitor everything without hassle. Premium support also gives us more confidence."

    broken image



    "Fantastic! Our engineers love it very much as its user experience is seamless. They can keep using the extensions as usual and request new ones on demand."

  • Choose Your Best Option

    A unified solution for VSCode private marketplace, built especially for enterprises!  

    broken image

    Starter Plan

    For small companies


    per month

    Basic features unlocked

    Email support

    Single server


    broken image

    Pro Plan

    For medium companies


    per month

    Advanced features unlocked

    Live chat support

    Up-to-3 servers

    broken image

    Enterprise Plan

    For large companies

    Get a quote

    from us

    Everything in Pro, plus:

    Phone support

    Bonus care package!

  • Contact Us

    Let's get started!