VSCode Extension Installations on EC2 Server & Risk Evaluation

Question

A customer would like to install vs-code extensions to their EC2 (for example, the official GitHub Copilot extension). These extensions will be stored in the folder /home/ec2-user/.vscode-server/extensions.

The customer like to understand any forseen security vulnerabilities introduced by this? if there are potential risks, are there any advice to evaluate & minimise any security risk of vulnerabilities.

Accepted Answer

Hello,

Thank you for your post,

Please note that, as vscode extension is handled by third party developer(based on the extension) thus I will not be able to comment on the vulnerabilities of the extensions.

However as a recommendation, you may scan  your EC2 instance using tool like Amazon Inspector to detect if there are any vulnerabilities getting captured post adding the extension and take further action for the remediation.

[+] https://aws.amazon.com/inspector/

You may also have look at the best practices for your EC2 instance to make it more secure.

[+] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-best-practices.html

Answer

Hi Deepak, thanks & appreciate your sharing.

VSCode Extension Installations on EC2 Server & Risk Evaluation

相關內容