[Security Concern] .devcontainers files accessible by Claude Code

Resolved 💬 3 comments Opened Aug 28, 2025 by gekart Closed Jan 7, 2026

One of the reasons to use containers for Claude Code is to run in a sandbox. If that sandbox definition (devcontainer.json, Dockerfile) can be modified by malicious execution, this might pose a security issue. One possible workaround: place the Claude Code workspace in a workspace folder in the repo:

repo
|- .devcontainers
|- workspace

but then you don't have access to the git repo root. Another approach: make the files r/o for user node.

Another cool approach a single devcontainer for multiple Claude Code repos: https://code.visualstudio.com/remote/advancedcontainers/configure-separate-containers

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗