D2 is CLI-based and safer than server renderers, but CI and automation usage still need controls.
- Review diagram source changes like code changes.
- Avoid processing untrusted files directly on privileged hosts.
- Prefer rendering in disposable CI containers.
- Run D2 as non-root.
- Restrict writable paths and artifact output directories.
- Disable unneeded network access during rendering.
- Pin D2 binary versions.
- Verify checksums/signatures of downloaded binaries.
- Keep build containers patched.
¶ Secrets and Artifacts
- Ensure generated diagrams do not leak sensitive architecture details.
- Enforce retention and access policies on rendered artifacts.
- Remove temporary files after builds.