Skip to content

0xsecaas/safecrate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Safecrate: Safely Inspect Untrusted Code

Safecrate is a CLI tool that lets you open and build untrusted source code in a secure, isolated Docker container. It prevents risky commands from running on your machine by providing a sandboxed environment with Rust, Neovim, and Rust Analyzer pre-configured.

⚠️ Security Notice: For maximum security, run Safecrate inside a VM. Docker isolation is strong but not infallible against kernel or daemon exploits.

Quick Start

# 1. Initialize the sandboxed environment
safecrate init

# 2. Open an untrusted project
safecrate open /path/to/untrusted_code

# 3. Resume a previous session
safecrate resume /path/to/untrusted_code

# 4. Clean up the container
safecrate remove /path/to/untrusted_code

Features

  • Isolate Untrusted Code: Open any project in a sandboxed container to prevent access to your host system.
  • Pre-configured for Rust: Comes with Neovim and Rust Analyzer for a ready-to-use development environment.
  • Customizable: Use your own Dockerfile for other languages or tools (safecrate init --dockerfile_PATH).
  • Control Execution: Override the default command, keep containers alive, or disable networking.
# Example: Open a shell with no network access
safecrate open UNTRUSTED_DIR --cmd "bash" --no-network

Safecrate works by mounting the project directory into a Docker container, so all build tools and code analysis run in isolation, keeping your system safe.

About

Safely Inspect Untrusted Code

crates.io/crates/safecrate

Topics

docker security sandbox isolation dev-tools

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages