Sandstorm has a pretty unique sandboxing model, which makes it drastically more secure than Docker in practice, but the tradeoffs in terms of packaging differences can be significant.
One of the biggest things is that Sandstorm prefers to sandbox individual documents versus applications, which mitigates a huge variety of security flaws in apps. In most cases vulnerabilities in apps on Sandstorm are not exploitable when run on Sandstorm.
It also manages most authentication and authorization roles for apps in an integrated way, which requires more integration work than just spinning up a Docker container.
Feel free to hit me up if you want to know more, though it would be a lot of work to make Sandstorm work for your business model at this point. It's cool seeing others in the "make open source web apps user-friendly to run" space though.
One of the biggest things is that Sandstorm prefers to sandbox individual documents versus applications, which mitigates a huge variety of security flaws in apps. In most cases vulnerabilities in apps on Sandstorm are not exploitable when run on Sandstorm.
It also manages most authentication and authorization roles for apps in an integrated way, which requires more integration work than just spinning up a Docker container.
Feel free to hit me up if you want to know more, though it would be a lot of work to make Sandstorm work for your business model at this point. It's cool seeing others in the "make open source web apps user-friendly to run" space though.