Skip to content

Security Check Framework#1529

Open
netomi wants to merge 20 commits intomasterfrom
security-improvements
Open

Security Check Framework#1529
netomi wants to merge 20 commits intomasterfrom
security-improvements

Conversation

@netomi
Copy link
Contributor

@netomi netomi commented Jan 7, 2026
edited
Loading

This fixes #1331 .

The following changes are included:

  • Malware detection to identify malicious or suspicious code
  • Name squatting detection to prevent impersonation at the namespace or extension level
  • Secret scanning to catch accidental leaks of API keys or credentials
  • Generic mechanism to perform external scans on publication of extensions

@netomi netomi added the snapshot Pull requests with that label will automatically build and publish snapshot images label Jan 28, 2026
@netomi netomi force-pushed the security-improvements branch from 5446bd4 to a59e52b Compare January 28, 2026 16:08
@janbro
Copy link

janbro commented Jan 29, 2026

Opened #1572

@netomi netomi marked this pull request as ready for review January 29, 2026 13:11
@netomi netomi force-pushed the security-improvements branch from 682aa11 to 6e31613 Compare January 29, 2026 13:12
@netomi netomi changed the title Security improvements Security Check Framework Jan 29, 2026
janbro and others added 19 commits February 5, 2026 11:07
@janbro @netomi
Add similarity service to publish extension and namespace workflow (#…
d7d5d4c 
…1501)

* Add similarity service to publish extension workflow

* Add javadoc to similarity configuration

* Refactor similarity service to allow reuse independent of publishing check configuration
@janbro @netomi
Add Secret Scanning to Publish Workflow (#1510)
5a21a38 
* Add secret detection service to publish workflow

* Add mockito bean for secret scanning
@netomi
fix unit tests due to mocked secret scanning service
0756366
@janbro @netomi
Refactor validation services (#1531)
523c6d4 
- Add external isEnabled for secret scanning and similarity services
- Rename secret scanner config
- Refactor secret scanner util
- Fix secret scanner config dev example
@netomi
remove fix for SecretScanningService after isEnabled has been externa…
495aeb9 
…lized
@janbro @alejandro-n-rivera @netomi
Add extension scanning worfklow and admin dashboard (#1537)
c55193d 
* add configurable fast-fail pre-publish validation of extensions

* add UI for admin Extension Scans dashboard

---------

Co-authored-by: Alejandro Rivera <alejandrorivera1996@gmail.com>
@alejandro-n-rivera @janbro @netomi
fix admin scans api requests (#1540)
c1ccc62 
Co-authored-by: Alejandro Munoz <amunoz797@gmail.com>
@janbro @netomi
Fix scan api tests (#1544)
5957592
@alejandro-n-rivera @netomi
fix admin Extension Scans light theme UI (#1543)
169409a
@janbro @alejandro-n-rivera @netomi
Add Long-Running Scan Infrastructure for Async External Scanners (#1565)
6d0940b 
* fix broken extension icons on scan cards

* Fix line endings

* Add long running scans. Refactored publish checks

---------

Co-authored-by: Alejandro Rivera <alejandro.rivera1996@gmail.com>
@netomi
formatting to trigger rebuild
c481aee
@netomi
minor fixes wrt formatting and obvious fixes
44c3abb
@netomi
minor cleanups
689d677
@janbro @netomi
Fix ambiguity in secret check service task executor. Removed unneeded…
89a2d75 
… code. (#1572)
@netomi
minor fixes
c94513d
@janbro @netomi
Fix/security improvements (#1574)
547d977 
* Fix long running transaction. Fix secret rule

* Fix namespace similarity checks for contributors and new extensions
@netomi
fix unit tests
5d5335c
@janbro @netomi
Parallelize block list scanning. Add mime type check for secret (#1575)
1f29c50 
detection.
@janbro @netomi
Add required configuration for publish checks (#1584)
42f1709
@netomi netomi force-pushed the security-improvements branch from 1e7a52c to 42f1709 Compare February 5, 2026 10:07
@janbro janbro mentioned this pull request Feb 5, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@janbro janbro janbro left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

snapshot Pull requests with that label will automatically build and publish snapshot images

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Short-Term Security Improvements for Open VSX

3 participants

@netomi @janbro @alejandro-n-rivera