Secure Annex Extension Manager
Automatically protect your code development environment with real-time extension checks.
The Secure Annex Extension Manager integrates with the Secure Annex platform to continuously monitor your installed VS Code extensions for security threats, malware, and suspicious behavior. Keep your development environment safe without compromising productivity.
✨ Key Features
🛡️ Real-time Security Scanning
- Automatically scans all installed extensions against Secure Annex's threat intelligence database
- Instant notifications when potentially malicious extensions are detected
- Continuous monitoring with configurable scan intervals
🚀 Multi-Editor Support
- Works seamlessly with VS Code, Cursor, and Windsurf
- Unified security management across all your development environments
⚡ Automated Protection
- Automatically removes flagged extensions (configurable)
- Real-time monitoring of newly installed extensions
- Immediate threat response without user intervention
🎯 Privacy-First Design
- Anonymous scanning by default
- Optional user details for enterprise environments
- No sensitive code or data transmitted
🚀 Quick Start
You must be a Secure Annex customer to use this extension
- Install the extension from the marketplace
- Configure your endpoint using the Command Palette:
Secure Annex: Configure
- Test connection to ensure everything is working:
Secure Annex: Test Connection
- Enjoy automatic protection - the extension runs in the background
📋 Commands
Access these commands via Command Palette (Ctrl+Shift+P / Cmd+Shift+P):
| Command |
Description |
Secure Annex: Configure |
Set up API endpoint and preferences |
Secure Annex: Test Connection |
Verify connectivity to Secure Annex API |
Secure Annex: Scan Extensions Now |
Run immediate security scan |
Secure Annex: Show Blocked Extensions |
View list of blocked extensions |
⚙️ Configuration
Configure the extension through VS Code Settings (Ctrl+, / Cmd+,):
| Setting |
Description |
Default |
secureAnnex.endpoint |
API endpoint URL |
https://api.secureannex.com/organization/{organization_id}/ingest/{integration_id} |
secureAnnex.scanInterval |
Scan interval in minutes |
60 |
secureAnnex.sendUserDetails |
Include username and hostname in communication with Secure Annex |
false |
📊 Status Bar Integration
The status bar shows your current security status:
🛡️ Secure Annex - All extensions are safe🛡️ Secure Annex (3 blocked) - Extensions have been blocked
Click the status bar item to quickly access configuration settings.
🏢 Enterprise Deployment
For system administrators who need to deploy Secure Annex across multiple workstations, you can configure settings at the system level using Windows Registry or macOS property lists.
Windows Registry Configuration
Set values under HKEY_LOCAL_MACHINE\SOFTWARE\SecureAnnex:
| Value Name |
Type |
Description |
Example |
endpoint |
REG_SZ (String) |
API endpoint URL |
https://api.secureannex.com/v0/organization/your-org-id/integration/your-int-id |
sendUserDetails |
REG_DWORD |
Send username/hostname (1=true, 0=false) |
0 |
scanInterval |
REG_DWORD |
Scan interval in minutes |
60 (decimal) |
autoUninstall |
REG_DWORD |
Auto-uninstall blocked extensions (1=true, 0=false) |
1 |
Example: Set endpoint via command line (requires admin privileges):
reg add "HKLM\SOFTWARE\SecureAnnex" /v endpoint /t REG_SZ /d "https://api.secureannex.com/v0/organization/your-org-id/integration/your-int-id" /f
reg add "HKLM\SOFTWARE\SecureAnnex" /v sendUserDetails /t REG_DWORD /d 0 /f
reg add "HKLM\SOFTWARE\SecureAnnex" /v scanInterval /t REG_DWORD /d 60 /f
reg add "HKLM\SOFTWARE\SecureAnnex" /v autoUninstall /t REG_DWORD /d 1 /f
macOS Configuration
Option 1: Configuration Profile (Recommended for MDM)
Deploy a configuration profile with the preference domain com.secureannex. This is the recommended approach for organizations using MDM solutions (Jamf, Mosyle, Kandji, etc.).
Example Configuration Profile:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadIdentifier</key>
<string>com.secureannex.settings</string>
<key>PayloadUUID</key>
<string>GENERATE-YOUR-UUID-HERE</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadDisplayName</key>
<string>Secure Annex Settings</string>
<key>PayloadContent</key>
<dict>
<key>com.secureannex</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>endpoint</key>
<string>https://api.secureannex.com/v0/organization/your-org-id/integration/your-int-id</string>
<key>sendUserDetails</key>
<false/>
<key>scanInterval</key>
<integer>60</integer>
<key>autoUninstall</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Secure Annex Extension Configuration</string>
<key>PayloadIdentifier</key>
<string>com.yourorg.secureannex</string>
<key>PayloadUUID</key>
<string>GENERATE-YOUR-UUID-HERE</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
To install manually (testing):
sudo profiles install -path /path/to/SecureAnnexConfig.mobileconfig
To verify installation:
sudo profiles show
defaults read /Library/Preferences/com.secureannex
Option 2: Direct Property List Configuration
Set values in /Library/Preferences/com.secureannex.plist:
| Key |
Type |
Description |
Example |
endpoint |
String |
API endpoint URL |
https://api.secureannex.com/v0/organization/your-org-id/integration/your-int-id |
sendUserDetails |
Boolean or Integer |
Send username/hostname (1 or true) |
0 or false |
scanInterval |
Integer |
Scan interval in minutes |
60 |
autoUninstall |
Boolean or Integer |
Auto-uninstall blocked extensions (1 or true) |
1 or true |
Example: Set endpoint via command line (requires admin privileges):
sudo defaults write /Library/Preferences/com.secureannex endpoint "https://api.secureannex.com/v0/organization/your-org-id/integration/your-int-id"
sudo defaults write /Library/Preferences/com.secureannex sendUserDetails -bool false
sudo defaults write /Library/Preferences/com.secureannex scanInterval -int 60
sudo defaults write /Library/Preferences/com.secureannex autoUninstall -bool true
Configuration Priority
The extension reads configuration in the following order (highest to lowest priority):
- Workspace settings (per-project configuration)
- User settings (VS Code user preferences)
- System-level settings (Registry/plist as documented above)
This allows administrators to set defaults while still permitting users to override settings when necessary.
🐛 Troubleshooting
Connection Issues
- Verify your endpoint URL in settings
- Check network connectivity
- Ensure firewall allows HTTPS traffic to Secure Annex
Extension Not Scanning
- Verify CLI tools are available (
code --version)
- Check check interval settings
- Review VS Code output panel for errors
False Positives
- Review detailed threat analysis
- Contact Secure Annex support (support@secureannex.com)
- Configure custom allowlists if available
📄 License
This extension is licensed under the MIT License. See LICENSE file for details. Usage of intelligence data is covered by Secure Annex's Terms and Conditions.
Protect your development environment with Secure Annex Extension Manager. Install today and code with confidence!
