Technology Radar
Dev Containers provide a standardized way to define reproducible, containerized development environments using a devcontainer.json configuration file. Originally designed to give teams consistent development setups, Dev Containers have found a compelling new use case as sandboxed execution environments for coding agents. Running an AI coding agent inside a Dev Container isolates it from the host file system, credentials and network, allowing teams to grant agents broad permissions without risking the host machine. The open specification is supported natively by VS Code and VS Code–based tools such as Cursor. DevPod extends devcontainer support to any editor or terminal workflow via SSH. Dev Containers take an ephemeral-by-default approach (i.e., the container rebuilds from the configuration on each launch) which provides a clean security boundary at the cost of reinstalling tools and dependencies. For teams that need persistent state or checkpoint and restore capabilities, alternatives such as Sprites take a different approach. Dev Containers also offer supply chain security benefits beyond agent sandboxing. By defining the toolchain in a declarative configuration, teams reduce exposure to compromised packages and unexpected dependencies on developer machines.
