devcontainers · AlvaroRausell · Jun 17, 2025 · Jun 17, 2025
@@ -18,6 +18,7 @@ Installs the Azure CLI along with needed dependencies. Useful for base Dockerfil
 | version | Select or enter an Azure CLI version. (Available versions may vary by Linux distribution.) | string | latest |
 | extensions | Optional comma separated list of Azure CLI extensions to install in profile. | string | - |
 | installBicep | Optionally install Azure Bicep | boolean | false |
+| bicepVersion | Select or enter a Bicep version. ('latest' or a specic version such as 'v0.31.92') | string | latest |
 | installUsingPython | Install Azure CLI using Python instead of pipx | boolean | false |
 
 ## Customizations

@@ -18,7 +18,7 @@ Create child containers *inside* a container, independent from the host's docker
 | version | Select or enter a Docker/Moby Engine version. (Availability can vary by OS version.) | string | latest |
 | moby | Install OSS Moby build instead of Docker CE | boolean | true |
 | mobyBuildxVersion | Install a specific version of moby-buildx when using Moby | string | latest |
-| dockerDashComposeVersion | Default version of Docker Compose (latest, v2 or none) | string | latest |
+| dockerDashComposeVersion | Default version of Docker Compose (v1, v2 or none) | string | v2 |
 | azureDnsAutoDetection | Allow automatically setting the dockerd DNS server when the installation script detects it is running in Azure | boolean | true |
 | dockerDefaultAddressPool | Define default address pools for Docker networks. e.g. base=192.168.0.0/16,size=24 | string | - |
 | installDockerBuildx | Install Docker Buildx | boolean | true |

@@ -20,7 +20,7 @@ Installs shared libraries for NVIDIA CUDA.
 | installNvtx | Additionally install NVIDIA Tools Extension (NVTX) | boolean | false |
 | installToolkit | Additionally install NVIDIA CUDA Toolkit | boolean | false |
 | cudaVersion | Version of CUDA to install | string | 11.8 |
-| cudnnVersion | Version of cuDNN to install | string | 8.6.0.163 |
+| cudnnVersion | Version of cuDNN to install | string | automatic |
 
 ## Compatibility
 

@@ -22,17 +22,51 @@ Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects la
 | installTFsec | Install tfsec, a tool to spot potential misconfigurations for your terraform code | boolean | false |
 | installTerraformDocs | Install terraform-docs, a utility to generate documentation from Terraform modules | boolean | false |
 | httpProxy | Connect to a keyserver using a proxy by configuring this option | string | - |
+| customDownloadServer | Custom server URL for downloading Terraform and Sentinel packages, including protocol (e.g., https://releases.hashicorp.com). If not provided, the default HashiCorp download server (https://releases.hashicorp.com) will be used. | string | - |
 
 ## Customizations
 
 ### VS Code Extensions
 
 - `HashiCorp.terraform`
 
+
+
 ## Licensing
 
 On August 10, 2023, HashiCorp announced a change of license for its products, including Terraform. After ~9 years of Terraform being open source under the MPL v2 license, it was to move under a non-open source BSL v1.1 license, starting from the next (1.6) version. See https://github.com/hashicorp/terraform/blob/main/LICENSE
 
+## Custom Download Server
+
+The `customDownloadServer` option allows you to specify an alternative server for downloading Terraform and Sentinel packages. This is useful for organizations that maintain internal mirrors or have proxies for HashiCorp downloads.
+
+When using this option:
+- Provide the complete URL including protocol (e.g., `https://my-mirror.example.com`)
+- The server should mirror the HashiCorp releases structure
+
+Example:
+```json
+"features": {
+    "ghcr.io/devcontainers/features/terraform:1": {
+        "customDownloadServer": "https://my-mirror.example.com"
+    }
+}
+```
+
+### ⚠️ Security Considerations
+
+When using a custom download server, be aware of the following security implications:
+
+- **Server Verification**: Always verify that the custom server is trustworthy and maintained by your organization or a trusted entity. Using an untrusted or compromised server could lead to downloading malicious software.
+
+- **Supply Chain Risks**: Malicious actors may attempt to distribute compromised versions of Terraform that contain backdoors, cryptominers, or other harmful code.
+
+- **Integrity Checks**: The feature performs SHA256 checks when available, but these are only as trustworthy as the source of the checksums. If both the binaries and checksums come from a compromised server, the integrity check may pass despite the software being malicious.
+
+- **Organizational Policy**: Ensure your custom download server adheres to your organization's security policies and implements proper access controls.
+
+Always use the official HashiCorp download server (https://releases.hashicorp.com) unless you have a specific need for an alternative source.
+
 ## OS Support
 
 This Feature should work on recent versions of Debian/Ubuntu-based distributions with the `apt` package manager installed.