All activity
Docker builds can fetch from any server on the internet. A compromised dependency could silently exfiltrate your build secrets.
Buildcage prevents this. Define allowed domains, and everything else is blocked.
Your Dockerfiles stay the same — no proxy injection, no certificate changes. TLS is never intercepted.
Drop-in builder for Docker Buildx and GitHub Actions.
- Audit mode to discover dependencies
- Restrict mode to enforce your allowlist
- Self-hostable for full control
Open source.
BuildcageRestrict outbound access in Docker builds on GitHub Actions
dash14left a comment
Hello Hunters, I built Buildcage to solve a problem we kept running into at work: when you `RUN npm install` in a Dockerfile, that command can connect to anywhere on the internet, with no visibility into where it goes. A compromised package could exfiltrate build secrets or phone home to an attacker's server. Buildcage restricts outbound network access during Docker builds. Define allowed...
BuildcageRestrict outbound access in Docker builds on GitHub Actions