Show HN: Litterbox – Defend Against Supply Chain Attacks

1 points by Gerharddc 5 hours ago

Are you worried about a supply chain attack (or even a rogue AI agent perhaps) compromising your entire development system? To minimise damage in such a scenario, I've built https://litterbox.work/ (https://github.com/Gerharddc/litterbox). Litterbox leverages Podman on Linux to create reproducible and somewhat isolated development environments (these environments are isolated from each other and from your host machine). These are similar to VSCode's DevContainers but take the concept a step further by putting the editor itself inside the container too. This helps to protect against exploits inside the editor (from rogue extensions perhaps) but more importantly, it eliminates the need for editor integration (i.e. the editor needs no knowledge of or support for Litterbox). Furthermore, Litterbox comes with a specialised SSH agent for exposing SSH keys in a more secure way where each request to the agent needs to be approved in a pop-up dialog.

This project is still in the very early stages with plenty of rough edges so any contributions or suggestions would be greatly appreciated!