Litterbox - Defend Against Supply Chain Attacks #27685
Gerharddc
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Worried about a supply chain attack (or even a rogue AI agent perhaps) compromising your entire development system? To minimise damage in such a scenario, I've built https://litterbox.work/ (https://github.com/Gerharddc/litterbox). Litterbox leverages Podman on Linux to create reproducible and somewhat isolated development environments (these environments are isolated from each other and from the host machine).
These are similar to VSCode's DevContainers but take the concept a step further by putting the editor itself inside the container too. This helps to protect against exploits inside the editor (from rogue extensions perhaps) but more importantly, it eliminates the need for editor integration (i.e. the editor needs no knowledge of or support for Litterbox). Furthermore, Litterbox comes with a specialised SSH agent for exposing SSH keys in a more secure way where each request to the agent needs to be approved in a pop-up dialog.
This project is still in the very early stages with plenty of rough edges so any contributions or suggestions would be greatly appreciated!
Beta Was this translation helpful? Give feedback.
All reactions