Build Isolation and Container Lifecycles

Runtime Isolation

All containers and VMs on CircleCI Cloud are isolated, or sandboxed, from each other. This means you cannot communicate directly with containers running in other jobs, even they are within the same project or org.

The exception to this rule are containers that run within the same job, known as secondary service containers, or the Remote Docker environment.

All jobs run in a freshly created container/VM, so by default there are no leftover, or cached, items at the beginning of a job. At the end of each job the container is destroyed for security purposes, so you can be assured any leftover files are not stored unless your config explicitly uploads these as artifacts.

For more information on our Data Security Policy, please see: Data Security Policy - CircleCI


Additional Resources

Was this article helpful?
1 out of 1 found this helpful



Article is closed for comments.