INGInious executes student code in grading environments, so sandboxing and isolation are the primary security requirements. Treat grader nodes as high-risk execution surfaces.
- Run grading containers/VMs on isolated worker nodes.
- Deny host-level privileges and broad filesystem mounts.
- Restrict network egress from grader containers.
- Reset grader environments between submissions.
- Enforce strong authentication for teachers and admins.
- Restrict who can create tasks with custom grader code.
- Audit grading scripts before publication.
- Log assignment and score changes with user attribution.
¶ 3) Maintain runtime and dependency hygiene
- Keep INGInious and container runtimes patched.
- Use minimal base images for grading environments.
- Encrypt backups containing submissions and grading metadata.
- Monitor for unusual submission patterns and resource abuse.
- INGInious documentation: https://docs.inginious.org/
- INGInious source repository: https://github.com/INGInious/INGInious
Any questions?
Feel free to contact us. Find all contact information on our contact page.