Sometimes we want to clone someone else project repository for testing or for helping... What are the best security practices for Elixir projects case?

So all is in the title… It could happen that we clone a git repository containing malicious code. This could be hidden in elixir files or in nodejs modules in the case of a phoenix project.

What are the precautions we can take so that for example this code cannot access or alter our personal data?

Isn’t there a quick and easy way to run an Elixir / Phoenix project completely isolated and safe on the hosting operating system?

I’m thinking of virtual machine but this may be too overhelming?
Or maybe docker container (which i’m not too familar with)?

Any guide link would be highly appreciated as always.

Thanks ^^

Edit: I am mainly interested in Linux solutions and more specifically Ubuntu if possible. Which make me think this is not really an Elixir question. :thinking:

Docker would be a good option here. It’s not completely isolated but it’s pretty good, and several online code execution as-a-service websites use docker containers for this.

If you’re just interested in having a sandbox environment to manually work in it can be as simple as running docker run --rm -it ubuntu to create a temporary Ubuntu environment inside a docker container, in which you can run whatever you wish.

3 Likes