# Koidex

> Koidex detects and eliminates security risks in software your teams rely on — extensions, packages, apps, and AI models — across major marketplaces.

Koidex is a security intelligence platform powered by Koi that helps organizations quickly detect and eliminate risks in the software their teams install and use daily. It covers browser extensions, IDE plugins, npm packages, AI models, and more across major marketplaces including VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, and npm. Koidex uses an agentic risk engine that analyzes what software is actually made of — going past labels to real composition and behavior — rather than relying on guesswork or signatures. It surfaces newly caught malware in the wild through its "Catch of the Day" feed and publishes original threat research.

- **Agentic Risk Engine**: *Uses AI-driven, agentic analysis to inspect the real composition and behavior of extensions, packages, and apps — not just metadata or labels.*
- **Multi-Marketplace Coverage**: *Scans and monitors software across VS Code, JetBrains, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, npm, PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, and Visual Studio.*
- **Discovery**: *Tracks and manages every piece of software the moment it enters your ecosystem, giving full visibility into installed tools.*
- **Guardrails**: *Enforces policies to prevent risky or unauthorized software from being used by your teams.*
- **Governance**: *Provides oversight and control over the software supply chain across your organization.*
- **Remediation**: *Identifies and helps resolve threats found in installed software, reducing exposure quickly.*
- **Catch of the Day**: *A live feed of newly discovered malware found in the wild across popular marketplaces, backed by original threat research.*
- **VS Code Extension**: *A dedicated Koidex extension for Visual Studio Code lets developers check extension risk directly from their IDE.*
- **Enterprise Support**: *Extended coverage for PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, Visual Studio, and OpenVSX is available for enterprise customers.*

## Features
- Agentic risk engine for software composition and behavior analysis
- Multi-marketplace scanning (VS Code, JetBrains, Chrome, Edge, Firefox, npm, etc.)
- Discovery: track every software install in your ecosystem
- Guardrails to block risky or unauthorized software
- Governance and policy enforcement
- Remediation guidance for detected threats
- Catch of the Day: live malware feed from the wild
- Original threat research and publications
- VS Code extension for in-IDE risk checking
- Enterprise coverage for PyPI, Hugging Face, MCP, Office Add-ins, Homebrew

## Integrations
Visual Studio Code, JetBrains Marketplace, Chrome Web Store, Edge Add-ons, Firefox Add-ons, Cursor, Windsurf, npm, PyPI, Hugging Face, MCP, Office Add-ins, Homebrew, Visual Studio, OpenVSX

## Platforms
MACOS, WEB, API, BROWSER_EXTENSION, VSC_EXTENSION, JETBRAINS_PLUGIN

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://dex.koi.security
- Documentation: https://dex.koi.security
- EveryDev.ai: https://www.everydev.ai/tools/koidex