Hi!
I’ve setup a Drone instance in single-machine mode, connected to Gitea.
“Just for fun”, I tried to forkbomb the Drone machine during a build step, and the machine and Drone instance didn’t like it much.
That got me thinking, docker is not really a security tool, so how unsecure is it to let the internet run builds on my drone instance?
That got me thinking, docker is not really a security tool, so how unsecure is it to let the internet run builds on my drone instance?
Would not recommend. At best you’re opening up your CI to crypto mining – at worst it is a foothold into private infrastructure from which an attacker could pivot to more damaging targets.
If you’d like to validate PRs from forks, but force approval of the build first, I just wrote an extension to help with that: