[zmgsabst]

Developers are generally given specific environments to run code, which aren’t their laptops — eg, VMs in a development environment.

The goal isn’t to stop a developer from doing something malicious, but to add a step to the chain for hackers to do something malicious: they need to pwn the developer laptop from the devbox before they can pivot to, eg, internal data systems.

[kstrauser]

In my experience, that’s rare. Everywhere I’ve worked had devs working on code directly on their laptops.

[zmgsabst]

My experience is the opposite:

I haven’t worked somewhere we ran code locally in a long, long time. Your IDE is local, but the testing is remote — typically in an environment where you can match the runtime environment more closely (eg, ensuring the same dependencies, access to cloud resources, etc).

[tough]

isn't that just CI?

does that mean you will never compile it or build it locally?

don't 99% of people just use docker nowadays to have all that environment matches?