cds-for-code

Security Features in CDS for Code

Table of Contents

CloudSmith Consulting takes care to ensure that information collected by CDS for Code remains private and secure. These security and privacy precautions include, but are not limited to:

Encryption for passwords at rest and in transport

CDS for Code leverages 256-bit AES CBC encryption for all sensitive credential information.

Secure terminal

Some highlight features on our CDS for Code Secure terminal

Hosted views and content security policies

VSCode and it’s webviews are built on top of NodeJS electron. Each webview in CDS for Code has a content security policy restricted to only get the assets from known locations to be used within CDS for Code extension. These assets can be from local or remote sources, but will only load based on the configured Content Security Policy for that webview.

More information is available about Content Security Policies

Privacy features in CDS for Code

We understand that PII and PHI are sensitive, for that reason we take care not to expose any of that information in our logging or telemetry collection.

You can read more about CloudSmith Consulting’s general privacy policy here.

Sensitive logging

Logging is done to the file system or the CDS for Code output window in VSCode. We take care to sanitize these logs so that sharing them back to us in bug reports should not be an issue, as no sensitive information exists in them. Some of the logging precautions we take are:

Sensitive telemetry

CDS for Code has telemetry that is passed back to our telemetry store to keep us informed of the extension’s performance and reliablility. We take care to sanitize this telemetry so that your PII and encrypted information will never be sent to our telemetry store. Some of the telemetry precautions we take are:

Opting out of telemetry

Our telemetry option is turned off by switching off the global telemetry preference within VSCode. To do this:

  1. Open the file menu
  2. Select Preferences
  3. Select Settings
  4. Click Application
  5. Click Telemetry
  6. Uncheck Enable usage data and errors to be sent to a Microsoft online service

It should look similar to this:

img