I use stackstorm in an environment where many people can contribute to the python scripts that are being run. For security reasons, it is important that these scripts can only connect to a handful of servers inside our infrastructure.
Unfortunately, the scripts have dependencies which need to be pulled from github/bitbucket, forcing us to poke holes in our firewall to allow dependencies to be installed. This is an unacceptable risk to us, since it is possible for malware to setup command & control channels via github.
What is the best way to defend against this attack vector? The problem currently is that actionrunners are both responsible for fetching the dependencies, as well as running the code. If we could separate these responsibilities, we would be able to tightly firewall our execution environment and have a much more secure deployment.
Can someone give me pointers on how to achieve this best?