DevDefender is a collection of tools, articles, tutorials, and templates that help you secure your developer environment from emerging threats: genAI-enhanced supply chain, configuration, extension, and agent vulnerabilities.
Our main tool is a real-time alerting app for Developers, with alerts on over 30 attack vectors across popular IDEs and genAI coding agents. This tool is in early development, and is available for macos. It helps developers know when their environment configuration changes, so they can catch changes made by malicious extensions, repositories, or genAI agents.
We write threat breakdowns, PoC exploits, CVE writeups, and other news explainers to help you make sense of the threats to developer environments.
We also offer tutorials and scripts to help you understand your security posture on your dev machines.
In the future, we plan on offering resources for facilitating developer environment threat modeling on your team: brown-bag lunch-style month-long activities that will strengthen both your risk posture and your collaborative approach to developer environment security.
DevDefender is a project by Isaac Lewis, a senior software developer and application security specialist.
Shoutouts!
Thanks to the following people for their help and advice – nothing ever happens from just one person.
Adam Baldwin, Jaime Robles, Jim Manico, Josh Grossman, Erin Schmidt, Lynn Fisher