Subscribe to the Non-Human & AI Identity Journal

What should security teams do when source code and the shipped extension do not match?

Teams should fail the approval and investigate the packaged binary, because the compiled artifact is what actually runs. A mismatch between source, metadata, and shipped code indicates that the repository history cannot be trusted as the only source of truth. That gap is especially dangerous in developer tooling that can touch credentials, source, and build systems.

Why This Matters for Security Teams

When source code and the shipped extension diverge, the security question is not “which version is cleaner” but “which artifact is real.” Compiled code, signed packages, and deployment bundles are the systems of record once software leaves the repo. That matters especially for extensions and developer tools, because they often inherit access to repositories, CI/CD tokens, cloud credentials, and secrets.

Current guidance from NIST SP 800-53 Rev 5 Security and Privacy Controls is to verify software integrity, control changes, and preserve trustworthy provenance across the lifecycle. NHIMG research shows why this is urgent: The Ultimate Guide to NHIs reports that 96% of organisations store secrets outside of secrets managers in vulnerable locations, and 30.9% store long-term credentials directly in code. A code mismatch can therefore be a delivery problem, a supply-chain problem, or a secrets exposure problem at the same time.

In practice, many security teams discover the mismatch only after an extension has already touched source, tokens, or build systems, rather than through intentional review of the signed artifact.

How It Works in Practice

The practical response is to treat the packaged binary, installer, or extension archive as the authoritative object and fail approval until it is independently validated. That means checking hash, signature, build provenance, version metadata, and the exact contents that will execute in production. If the repository history and the shipped package do not match, the team should assume the repo is incomplete, the build is untrusted, or the release process has been tampered with.

This is where software supply-chain controls and NHI governance intersect. A mismatched extension can hide credential exfiltration logic, altered authorization checks, or a backdoor that reads environment variables and secrets. That is why the most relevant controls are not only code-review controls but also artifact integrity controls, release attestation, and secret boundary enforcement. The OWASP Software Supply Chain guidance and NIST integrity controls both point toward the same operational result: do not approve what cannot be verified.

  • Compare the shipped artifact against a trusted build output, not just the repository head.
  • Check signatures, hashes, SBOMs, and build logs for provenance gaps.
  • Rebuild from source in a clean environment where possible and diff the results.
  • Inspect the extension for unexpected network access, secret access, or permission creep.
  • Rotate any secrets that the extension could have accessed if mismatch evidence suggests tampering.

NHIMG breach reporting on events such as the Emerald Whale breach and the New York Times breach shows how quickly identity material and access paths become the real blast radius once tooling is compromised. These controls tend to break down when release pipelines mutate artifacts after approval because the last trusted review no longer matches what was actually shipped.

Common Variations and Edge Cases

Tighter artifact validation often increases release friction, requiring organisations to balance developer velocity against the risk of hidden payloads or credential theft. That tradeoff is especially sharp for marketplace extensions, browser add-ons, IDE plugins, and internal tools that are updated frequently and run with broad user trust.

There is no universal standard for every environment yet, but current guidance suggests a few practical distinctions. If the extension is open source but the packaged binary differs, the safest assumption is supply-chain tampering until proven otherwise. If the binary is signed but the source does not reproduce it, the signature alone is not enough to establish trust. If the code is bundled or minified, teams may need a reproducible build process, deterministic packaging, or a third-party attestation workflow before approval.

For high-risk extensions, especially those that can read secrets, edit repositories, or interact with build systems, the approval bar should be higher than for ordinary application code. The right question is not whether the source looks acceptable, but whether the shipped artifact can be trusted to behave as declared. Where reproducibility is impossible, compensating controls should include tighter permission scoping, runtime monitoring, and rapid revocation of any tokens the extension can access. NHIMG’s research on Schneider Electric credentials breach underscores how exposed identities can amplify the impact of a single trust failure.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-01 Artifact mismatch can hide secret access and identity abuse in shipped tooling.
NIST CSF 2.0 PR.IP-1 Protective integrity controls cover trusted builds, signatures, and release validation.
NIST AI RMF Trustworthy AI system governance generalizes to runtime artifact assurance and accountability.

Establish provenance, validation, and escalation steps for any untrusted or non-reproducible artifact.