Skip to content

Execution Sandboxing

Engineer/DeveloperSecurity SpecialistOperations & StrategyDevops

Authored by:

munamwasi
munamwasi
jubos
jubos
masterfung
masterfung

Reviewed by:

matta
matta
The Red Guild | SEAL

🔑 Key Takeaway

  • Run jobs and automation in ephemeral, least-privilege environments by default.
  • Isolate process, filesystem, identity, and network together, not as separate optional controls.
  • Use stronger boundaries for untrusted or high-impact workflows.

Execution sandboxing means running workloads inside controlled boundaries so that compromise of a job, script, or tool does not become compromise of your platform.

In DevSecOps, this applies to:

  • CI jobs and build/test pipelines
  • package manager hooks and third-party actions
  • deployment automation and release tooling
  • developer scripts and internal bots
  • AI-enabled automation (one category of tool execution)

Core security properties

A production-grade sandbox should provide:

  1. Isolation: workload cannot freely access host resources or adjacent tenants.
  2. Least privilege: runtime identity and tokens are scoped to minimum required actions.
  3. Constrained side effects: filesystem, network, and API access are explicitly bounded.
  4. Ephemerality: runtime is short-lived and reset between jobs.
  5. Auditability: execution is logged with enough detail for incident response.

Boundary design: what to isolate

Treat these as separate enforcement planes:

PlaneTypical risksRequired controls
Process/syscallcontainer escape, host tamperingseccomp, no --privileged, capability drops, AppArmor/SELinux
Filesystemcredential theft, workspace poisoningread-only rootfs, isolated workspace, explicit writable mounts
Identitytoken abuse, cloud account takeovershort-lived credentials, OIDC federation, scoped IAM
Networkdata exfiltration, lateral movementdefault-deny egress, destination allowlist, proxy/inspection
Resourcesdenial of service, budget burnCPU/memory/pids/time limits, quotas, max concurrency

Choosing the runtime isolation level

Runtime optionIsolation strengthOperational overheadTypical fit
Standard containersModerateLowLow-risk build/test steps with strict hardening
Hardened containers (rootless + seccomp/AppArmor)Moderate-strongMediumMost CI validation workflows
Sandboxed containers (gVisor/Kata)StrongMedium-highUntrusted code in shared infrastructure
MicroVMs (Firecracker)StrongHighHigh-risk multi-tenant runners and privileged pipelines
Full VMsStrongest boundaryHighRegulated workloads or high-impact deployment/signing paths

CI/CD-specific patterns

1) Split trust zones

  • Zone A: Untrusted PR validation (forks, external code)
    • no long-lived secrets
    • restricted CI token permissions
    • no deploy/publish capability
  • Zone B: Trusted branch/release
    • controlled secret access
    • protected environments and approvals
    • provenance + signing requirements

2) Use ephemeral runners

Each job should run on fresh infrastructure and be destroyed after completion. Avoid shared mutable state and persistent credentials between jobs.

3) Restrict privileged paths

Build, sign, publish, and deploy should be distinct stages with explicit policy gates and auditable approvals.

Common failure modes

  • Treating “containerized” as automatically secure.
  • Running untrusted PR code on persistent or privileged runners.
  • Reusing static secrets in CI variables.
  • Allowing unrestricted egress from build jobs.
  • Granting broad default CI token permissions.

References

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!