(depot.dev)

6 points Telstrom90 | 1 comments | 26 Jun 25 18:22 UTC | HN request time: 0.202s | source

Show context

adastra22 ◴[26 Jun 25 18:56 UTC] No.44390244[source]▶

I'm confused--what's the security risk in building a container?

Telstrom90 ◴[26 Jun 25 20:42 UTC] No.44391126[source]▶

You're running untrusted code. Every RUN command in a user's Dockerfile is executed during build, which means you're executing arbitrary commands from strangers on your own infrastructure. If you're not isolating that properly, it's a security risk.

replies(1): >>44392775 #

1. adastra22 ◴[27 Jun 25 00:27 UTC] No.44392775[source]▶

>>44391126 #

Inside the container though. The whole point of which is that it sandboxes and isolates the running code.

↑

Building untrusted container images safely at scale