lintai docs

Appearance

Rule Reference

SEC755lintai-ai-securitystabledevcontainerwarn

Devcontainer: sensitive local bind mount

Devcontainer config bind-mounts sensitive local host material

Provider
lintai-ai-security
Surface
devcontainer
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

supply-chainmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed devcontainer configs for bind mounts of sensitive local material such as SSH keys, cloud credentials, kubeconfig, or docker.sock.

Deterministic signal basis

DevcontainerSignals semantic JSON parsing plus exact value-span resolution for sensitive bind mounts in `workspaceMount`, `mounts`, or Docker-style `runArgs` mount flags.

Malicious corpus
devcontainer-sensitive-bind-mount
Benign corpus
devcontainer-safe-workspace-mount
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC754Devcontainer: host-side initializeCommandDevcontainer config defines a host-side initializeCommanddevcontainerstable

Why It Matters

Committed devcontainer configs can silently expose local host secrets and control surfaces inside the container. Mounting SSH material, cloud credentials, kubeconfig, or docker.sock increases the blast radius of any compromised process inside the dev environment.

What Triggers

SEC755 matches .devcontainer.json and .devcontainer/devcontainer.json when they bind-mount sensitive local host paths through:

  • mounts
  • workspaceMount
  • Docker-style runArgs mount flags

Covered host-sensitive sources include patterns such as .ssh, .aws, .kube, .config/gcloud, and /var/run/docker.sock.

False Positives

The rule is intentionally scoped to explicit bind mounts of sensitive host material. Ordinary workspace mounts and non-sensitive cache or data mounts do not trigger it.

Remediation

Remove sensitive host bind mounts from committed devcontainer config and keep credentials or daemon sockets outside the container definition.