-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathdevcontainer.json
More file actions
91 lines (78 loc) · 4.6 KB
/
devcontainer.json
File metadata and controls
91 lines (78 loc) · 4.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
{
// For format details, see https://aka.ms/devcontainer.json.
// This is the AUDITOR version of TRG's DevContainer - specialized for smart contract auditing
// with Docker-in-Docker support, specialized audit extensions, and focused tooling for
// comprehensive security analysis and code review.
"name": "Auditor TRG's DevContainer",
// Build configuration - uses the local Dockerfile in this directory
"build": {
"dockerfile": "./Dockerfile"
},
// Features to add to the dev container. More info: https://containers.dev/features.
// Specialized features for auditing and development workflows
"features": {
"ghcr.io/devcontainers/features/git:1": {}, // Git version control support
"ghcr.io/devcontainers/features/github-cli:1": {}, // GitHub CLI for repository management
"ghcr.io/devcontainers/features/docker-in-docker:2.12.2": { // Docker-in-Docker for containerized tools
"version": "latest", // Use latest stable version
"enableNonRootDocker": "true" // Enable non-root Docker for security
}
},
// Configure tool-specific properties for VS Code
"customizations": {
"vscode": {
// Specialized extensions for smart contract auditing and development
"extensions": [
// check out https://marketplace.visualstudio.com/items?itemName=tintinweb.ethereum-security-bundle for more information
"tintinweb.ethereum-security-bundle", // includes what is listed above ^
"tintinweb.vscode-ethover",
"trailofbits.weaudit",
"tintinweb.vscode-inline-bookmarks",
"tintinweb.vscode-solidity-language",
"tintinweb.graphviz-interactive-preview",
"NomicFoundation.hardhat-solidity",
"Olympixai.olympix",
"trailofbits.contract-explorer",
"tintinweb.chonky" // Chonky Agent
],
// VS Code settings optimized for auditing workflows
"settings": {
// Security settings - killswitch for automated tasks
"task.autoDetect": "off", // Disable automatic task detection
"task.problemMatchers.autoDetect": "off", // Disable automatic problem matchers
// Trust and security configuration
"security.workspace.trust.enabled": false, // Trust no one by default
// Privacy settings - killswitch for telemetry
"telemetry.telemetryLevel": "off", // Disable all telemetry collection
// Terminal configuration
"terminal.integrated.defaultProfile.linux": "zsh", // Use zsh by default
"terminal.integrated.profiles.linux": { "zsh": { "path": "/usr/bin/zsh" } }
// Using bash might be more safe and stable, but zsh provides better features
},
}
},
// Mount copying host folder into container, no hardening.
"workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=cached",
// Sets a hardened workspace path
"workspaceFolder": "/workspace",
// Docker run arguments for security hardening and resource management
"runArgs": [
// IPv6 security - disable IPv6 to reduce attack surface
"--sysctl=net.ipv6.conf.all.disable_ipv6=1", // Disable IPv6 globally
"--sysctl=net.ipv6.conf.default.disable_ipv6=1", // Disable IPv6 by default
// Network capability restrictions
"--cap-drop=NET_RAW", // Disable raw packet access
"--network=bridge", // Use bridge networking
// DNS configuration for security and reliability
"--dns=1.1.1.1", // Primary DNS (Cloudflare)
"--dns=1.0.0.1", // Secondary DNS (Cloudflare)
// Resource limits for container performance and security
// Play a little bit with resources to prevent resource exhaustion
// "--memory=512m", // Memory limit (commented out)
// "--cpus=2" // CPU limit (commented out)
],
// Writable mounts in case you want to set --read-only above.
// Currently no additional mounts are configured
"mounts": [
]
}