- Extensions are great and helps solve a lot of things for the creator of Pipelines, but they need to be managed
- Consider the security implications of an extension before "releasing" it for use inside your organization
- Extensions has to be approved by Collection Administrator, by limiting the number of Collection Administrators you can ensure a uniform process on approving new extensions
- If you build and use your own Extensions make that you have proper security scanning and reviews in place
- Define a plan for maintaining your Extensions - just like any other software you build
- Azure Marketplace https://marketplace.visualstudio.com/azuredevops
- Approve extension requests https://docs.microsoft.com/en-us/azure/devops/marketplace/approve-extensions?view=azure-devops