"The Eclipse Foundation today revealed it has created a framework for the Open VSX Registry, for tools based on open source VS Code that scan for known malicious patterns, detect namespace impersonation and extension name spoofing, flag exposed credentials or embedded secrets and quarantine suspicious uploads for review."
"The Eclipse Foundation is transitioning the Open VSX Registry to a hybrid, multi-region architecture. Core services will run in data centers in Europe managed by Amazon Web Services (AWS), with a fully operational on-premises deployment of the Open VSX Registry also being made available in Canada as an independent secondary environment."
"With peak daily traffic exceeding 50 million requests and more than 10,000 extensions from over 6,500 publishers, Open VSX has become a production dependency for platforms serving millions of application developers. The Eclipse Foundation, along with other consortia, has previously noted that the existing funding model of open source registries and repositories is fundamentally broken."
The Eclipse Foundation has established a comprehensive security framework for the Open VSX Registry designed to protect against malicious software. The framework scans for known malicious patterns, detects namespace impersonation and extension name spoofing, identifies exposed credentials or embedded secrets, and quarantines suspicious uploads for review. Simultaneously, the registry is transitioning to a hybrid, multi-region architecture with core services running in AWS-managed European data centers and an independent secondary deployment in Canada. Cursor, an AI coding tool provider, is providing financial support for this infrastructure expansion. The initiative aims to encourage broader adoption of Open VSX Registry as AI coding tools increasingly build on VS Code, while addressing the challenge of securing software supply chains at scale.
#open-vsx-registry-security #software-supply-chain-protection #vs-code-extensions #multi-region-infrastructure #malware-detection
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]