In our kubernetes cluster, we ensure that a docker software can not leak data by specifying egress/ingress rules in kubernetes that ensure that the pod that executes the user software has no access to the internet
Since we want to also use GitHub as backend, I would like to add another security layer, that is always added: Every user software and Evaluator is always (no matter if it executed by public GitHub runners or our Kubernetes cluster) executed in a FireJail. In our Kubernetes cluster, this is only done to maintain interoperability with public GitHub runners, and in GitHub, this is intended to ensure that a software is fully installed in the container. We need to add a documentation that this way, GitHub runners would only habe a lightweight sandbxing: we can not fully ensure that the software does not leak data. I.e., on really sensitive data, the pod should only be executed in an environment where no leakage is possible (e.g., our kuberenetes environment), and in GitHub (with free runners, if you use your own runners you can of course again ensure that no leakage is possible) it only has light sandboxing (but with some free resources).