feat: Overhaul devcontainer configurations and add experimental paranoid mode #18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update README.md
This commit introduces a significant refactoring of the devcontainer configurations to provide clearer, more distinct security levels. It also adds a new, experimental \paranoid\ mode for maximum security.\n\nKey changes include:\n\n- **Rename `hardened` to `airgapped`**: The `hardened` container is now `airgapped`, focusing on network isolation. The CI workflow has been updated to test for this.\n- **Repurpose `isolated` as `hardened`**: The `isolated` container has been repurposed to be the new `hardened` container, providing a secure environment with network connectivity.\n- **Introduce `paranoid` container**: A new, experimental `paranoid` container has been added. This provides the highest level of security with a read-only filesystem and network isolation.\n- **Update `auditor` and `minimal` containers**: The `workspaceMount` for these containers now binds to the local workspace, disabling the previous `tmpfs` isolation.\n- **CI and Documentation Updates**: The GitHub workflow and README have been updated to reflect these changes, with new tests for network and filesystem isolation.
(readme): Rewrited project structure
This commit introduces the `eth-security-toolbox` devcontainer, a pre-configured environment for smart contract auditing based on the popular Trail of Bits toolbox. Key changes include: - Added the `eth-security-toolbox` devcontainer. - Updated the GitHub Actions workflow to include the new container in the CI build matrix. - Updated `README.md` to document the new container and clarify the use cases for all available devcontainer configurations.
mattaereal
approved these changes
Sep 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces a major overhaul of the devcontainer configurations, including the addition of a new experimental "paranoid" mode for enhanced security. It also includes significant updates to the documentation to improve user experience.