Skip to content

feat(threatComposer): make cdn configurable via VS Code settings#8762

Merged
afida23 merged 3 commits into
aws:masterfrom
ellgregs:add-threat-composer-cdn-setting
Jun 29, 2026
Merged

feat(threatComposer): make cdn configurable via VS Code settings#8762
afida23 merged 3 commits into
aws:masterfrom
ellgregs:add-threat-composer-cdn-setting

Conversation

@ellgregs

@ellgregs ellgregs commented Apr 23, 2026

Copy link
Copy Markdown
Contributor

Problem

Users are unable to utilise a customised self-hosted ide-specific threat composer deployment within vs-code unless within a private network with customised dns resolution, due to the hardcoded URL for the ide-threat-composer editor resources.

Benefit of leveraging a self-hosted deployment of threat composer is users can include customised threat/mitigation packs - outlined here.

Solution

Added a configurable VS-Code setting aws.threatComposer.cdn that allows users to override the default cdn value 'https://ide-toolkits.threat-composer.aws.dev'.

Testing

Change is minimal: 2 files changed

Caveats

Does require the users self-hosted version to update the content security policy in their deployment of the ide variant of threat-composesr but that seems a reasonable expectation.

sed -i -e `s|https://ide-toolkits.threat-composer.aws.dev|<cdn>/|g` ./threat-composer/packages/threat-composer/public/index.html
sed -i -e `s|data:|data: <cdn>/|g` ./threat-composer/packages/threat-composer/public/index.html

  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.
  • License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ellgregs ellgregs requested a review from a team as a code owner April 23, 2026 18:41
@amazon-inspector-ohio

Copy link
Copy Markdown

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@amazon-inspector-ohio

Copy link
Copy Markdown

✅ I finished the code review, and didn't find any security or code quality issues.

@github-actions

Copy link
Copy Markdown
  • This pull request modifies code in src/* but no tests were added/updated.
    • Confirm whether tests should be added or ensure the PR description explains why tests are not required.

@ellgregs

Copy link
Copy Markdown
Contributor Author

Hey @bijinai, I've added a setting to be able to use a self-hosted version of threat-composer within vs-code. Since you've previously worked on this I'd appreciate your input when you have a chance. Thanks

@bijinai

bijinai commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

The change look good

@afida23 afida23 enabled auto-merge (squash) June 18, 2026 22:51
@afida23 afida23 disabled auto-merge June 29, 2026 14:32
@afida23 afida23 merged commit be22010 into aws:master Jun 29, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants