diff --git a/docs/custom-registries.md b/docs/custom-registries.md
index a587c4cc06..50547418cd 100644
--- a/docs/custom-registries.md
+++ b/docs/custom-registries.md
@@ -73,6 +73,20 @@ https://storage.googleapis.com/dart-archive/channels/stable/release/2.19.4/sdk/d
 https://storage.googleapis.com/dart-archive/channels/stable/release/2.19.4/sdk/dartsdk-linux-arm64-release.zip.sha256sum
 ```
 
+## `devbox`
+
+Devbox releases are downloaded from:
+
+- `https://github.com/jetify-com/devbox/releases`
+
+Samples:
+
+```txt
+https://github.com/jetify-com/devbox/releases/download/0.12.0/devbox_0.12.0_linux_amd64.tar.gz
+https://github.com/jetify-com/devbox/releases/download/0.12.0/devbox_0.12.0_linux_arm64.tar.gz
+https://github.com/jetify-com/devbox/releases/download/0.12.0/checksums.txt
+```
+
 ## `docker`
 
 Docker releases are downloaded from:
diff --git a/renovate.json b/renovate.json
index 2b1ba65b28..1222b26771 100644
--- a/renovate.json
+++ b/renovate.json
@@ -80,7 +80,8 @@
         "sbt",
         "sops",
         "swift",
-        "vendir"
+        "vendir",
+        "devbox"
       ],
       "separateMinorPatch": false
     },
@@ -116,7 +117,8 @@
         "sbt",
         "sops",
         "swift",
-        "vendir"
+        "vendir",
+        "devbox"
       ],
       "matchUpdateTypes": ["minor", "patch"],
       "automerge": true
diff --git a/src/cli/tools/index.ts b/src/cli/tools/index.ts
index c7f5770edb..497bda432f 100644
--- a/src/cli/tools/index.ts
+++ b/src/cli/tools/index.ts
@@ -10,6 +10,7 @@ export const NoPrepareTools = [
   'composer',
   'copier',
   'corepack',
+  'devbox',
   'flux',
   'gleam',
   'gradle',
diff --git a/test/latest/Dockerfile b/test/latest/Dockerfile
index 54d577f8c9..84d9666334 100644
--- a/test/latest/Dockerfile
+++ b/test/latest/Dockerfile
@@ -44,21 +44,20 @@ COPY test/latest/src/ /
 WORKDIR /test
 
 # create test certs
-RUN set -ex; \
-  openssl genrsa 2048 > ca.key; \
-  openssl genrsa 2048 > renovate.key; \
-  openssl req -config ca.conf -x509 -new -nodes -key ca.key -out ca.pem; \
-  openssl req -config cert.conf -new -nodes -key renovate.key -out renovate.csr; \
-  openssl x509 -req -in renovate.csr -CA ca.pem -CAkey ca.key -out renovate.pem -extfile cert.conf -extensions v3_req; \
-  rm ca.key; \
-  cat renovate.pem ca.pem > renovate-chain.pem;
+RUN set -ex
+openssl genrsa 2048 >ca.key
+openssl genrsa 2048 >renovate.key
+openssl req -config ca.conf -x509 -new -nodes -key ca.key -out ca.pem
+openssl req -config cert.conf -new -nodes -key renovate.key -out renovate.csr
+openssl x509 -req -in renovate.csr -CA ca.pem -CAkey ca.key -out renovate.pem -extfile cert.conf -extensions v3_req
+rm ca.key
+cat renovate.pem ca.pem >renovate-chain.pem
 
 # install root ca
 # RUN  set -ex \
 #   && cp ca.pem /usr/local/share/ca-certificates/renovate-ca.crt \
 #   && update-ca-certificates
 
-
 #--------------------------------------
 # test: custom root ca
 #--------------------------------------
@@ -69,7 +68,8 @@ RUN install-tool node 20.17.0
 
 # renovate: datasource=github-releases packageName=containerbase/php-prebuild
 RUN install-tool php 7.4.33
-RUN set -ex; [ $(stat --format '%u' "/usr/local/bin/php") -eq ${USER_ID} ]
+RUN set -ex
+[ $(stat --format '%u' "/usr/local/bin/php") -eq ${USER_ID} ]
 
 # renovate: datasource=github-releases packageName=PowerShell/PowerShell
 RUN install-tool powershell v7.4.5
@@ -77,46 +77,46 @@ RUN install-tool powershell v7.4.5
 # renovate: datasource=github-releases depName=python packageName=containerbase/python-prebuild
 ARG PYTHON_VERSION=3.12.5
 RUN install-tool python
-RUN set -ex; [ $(stat --format '%u' "/usr/local/bin/python") -eq ${USER_ID} ]
+RUN set -ex
+[ $(stat --format '%u' "/usr/local/bin/python") -eq ${USER_ID} ]
 
 # Do not renovate ruby 2.x
 RUN install-tool ruby 2.7.7
-RUN set -ex; [ $(stat --format '%u' "/usr/local/bin/ruby") -eq ${USER_ID} ]
-
-RUN set -ex; \
-  openssl x509 -noout -text -in ca.pem; \
-  openssl x509 -noout -text -in renovate.pem;
-
-RUN set -ex; \
-  nginx; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem curl -svo /dev/null https://localhost' ${USER_NAME}; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem curl -svo /dev/null https://buildkitsandbox' ${USER_NAME}; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem node request.mjs' ${USER_NAME}; \
-  su -c 'NODE_EXTRA_CA_CERTS=/test/ca.pem node request.mjs' ${USER_NAME}; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem php request.php' ${USER_NAME}; \
-  SSL_CERT_FILE=/test/ca.pem pwsh -c "&{ \$ErrorActionPreference='Stop'; invoke-webrequest https://buildkitsandbox }"; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem python request.py' ${USER_NAME}; \
-  su -c 'SSL_CERT_FILE=/test/ca.pem ruby request.rb' ${USER_NAME}; \
-  true
-
+RUN set -ex
+[ $(stat --format '%u' "/usr/local/bin/ruby") -eq ${USER_ID} ]
+
+RUN set -ex
+openssl x509 -noout -text -in ca.pem
+openssl x509 -noout -text -in renovate.pem
+
+RUN set -ex
+nginx
+su -c 'SSL_CERT_FILE=/test/ca.pem curl -svo /dev/null https://localhost' ${USER_NAME}
+su -c 'SSL_CERT_FILE=/test/ca.pem curl -svo /dev/null https://buildkitsandbox' ${USER_NAME}
+su -c 'SSL_CERT_FILE=/test/ca.pem node request.mjs' ${USER_NAME}
+su -c 'NODE_EXTRA_CA_CERTS=/test/ca.pem node request.mjs' ${USER_NAME}
+su -c 'SSL_CERT_FILE=/test/ca.pem php request.php' ${USER_NAME}
+SSL_CERT_FILE=/test/ca.pem pwsh -c "&{ \$ErrorActionPreference='Stop'; invoke-webrequest https://buildkitsandbox }"
+su -c 'SSL_CERT_FILE=/test/ca.pem python request.py' ${USER_NAME}
+su -c 'SSL_CERT_FILE=/test/ca.pem ruby request.rb' ${USER_NAME}
+true
 
 # install root ca
-RUN  set -ex \
-  && cp ca.pem /usr/local/share/ca-certificates/renovate-ca.crt \
-  && update-ca-certificates
+RUN set -ex &&
+  cp ca.pem /usr/local/share/ca-certificates/renovate-ca.crt &&
+  update-ca-certificates
 
 # use global root certs
-RUN set -ex; \
-  nginx; \
-  su -c 'curl -svo /dev/null https://buildkitsandbox' ${USER_NAME}; \
-  su -c 'node request.mjs' ${USER_NAME}; \
-  su -c 'npm_config_registry=https://localhost npm ping' ${USER_NAME}; \
-  su -c 'php request.php' ${USER_NAME}; \
-  pwsh -c "&{ \$ErrorActionPreference='Stop'; invoke-webrequest https://buildkitsandbox }"; \
-  su -c 'python request.py' ${USER_NAME}; \
-  su -c 'ruby request.rb' ${USER_NAME}; \
-  true
-
+RUN set -ex
+nginx
+su -c 'curl -svo /dev/null https://buildkitsandbox' ${USER_NAME}
+su -c 'node request.mjs' ${USER_NAME}
+su -c 'npm_config_registry=https://localhost npm ping' ${USER_NAME}
+su -c 'php request.php' ${USER_NAME}
+pwsh -c "&{ \$ErrorActionPreference='Stop'; invoke-webrequest https://buildkitsandbox }"
+su -c 'python request.py' ${USER_NAME}
+su -c 'ruby request.rb' ${USER_NAME}
+true
 
 #--------------------------------------
 # test: gitpod
@@ -153,7 +153,8 @@ USER $USER_NAME
 
 SHELL ["/bin/sh", "-c"]
 
-RUN set -ex; id | grep "uid=${USER_ID}(${USER_NAME}) gid=${PRIMARY_GROUP_ID}(${USER_NAME}) groups=${USER_ID}(${USER_NAME}),0(root)"
+RUN set -ex
+id | grep "uid=${USER_ID}(${USER_NAME}) gid=${PRIMARY_GROUP_ID}(${USER_NAME}) groups=${USER_ID}(${USER_NAME}),0(root)"
 
 # renovate: datasource=docker packageName=hashicorp/terraform versioning=docker
 RUN install-tool terraform 1.9.5
@@ -174,7 +175,9 @@ RUN install-tool git v2.46.0
 
 USER 1000
 
-RUN set -ex; id; id | grep "uid=${USER_ID}(${USER_NAME}) gid=0(root) groups=0(root),999(docker),${USER_ID}(${USER_NAME})"
+RUN set -ex
+id
+id | grep "uid=${USER_ID}(${USER_NAME}) gid=0(root) groups=0(root),999(docker),${USER_ID}(${USER_NAME})"
 
 ARG IGNORED_TOOLS=powershell,node
 
@@ -202,10 +205,11 @@ RUN [ $(stat --format '%a' "/usr/local/bin") -eq 777 ]
 
 RUN prepare-tool all
 
-RUN set -ex; [ -d /usr/local/erlang ] && echo "works" || exit 1;
+RUN set -ex
+[ -d /usr/local/erlang ] && echo "works" || exit 1
 
 #--------------------------------------
-# test: bazelisk, bun, vendir, helmfile, kustomize, skopeo
+# test: bazelisk, bun, devbox, vendir, helmfile, kustomize, skopeo
 #--------------------------------------
 FROM base AS teste
 
@@ -215,6 +219,9 @@ RUN install-tool bazelisk v1.20.0
 # renovate: datasource=npm
 RUN install-tool bun 1.1.26
 
+# renovate: datasource=github-releases packageName=jetify-com/devbox
+RUN install-tool devbox 0.12.0
+
 # renovate: datasource=github-releases packageName=gleam-lang/gleam
 RUN install-tool gleam 1.4.1
 
@@ -242,11 +249,14 @@ RUN install-tool helmfile "v${HELMFILE_VERSION}"
 
 RUN install-tool kustomize "${KUSTOMIZE_VERSION}"
 
-RUN set -ex; vendir --version
+RUN set -ex
+vendir --version
 
-RUN set -ex; helmfile version
+RUN set -ex
+helmfile version
 
-RUN set -ex; kustomize version
+RUN set -ex
+kustomize version
 
 SHELL [ "/bin/sh", "-c" ]
 
diff --git a/test/latest/Dockerfile.arm64 b/test/latest/Dockerfile.arm64
index db370a53ff..597e988d6b 100644
--- a/test/latest/Dockerfile.arm64
+++ b/test/latest/Dockerfile.arm64
@@ -48,6 +48,14 @@ FROM base AS test-bun
 # renovate: datasource=npm
 RUN install-tool bun 1.1.26
 
+#--------------------------------------
+# Image: devbox
+#--------------------------------------
+FROM base AS test-devbox
+
+# renovate: datasource=github-releases packageName=jetify-com/devbox
+RUN install-tool devbox 0.12.0
+
 #--------------------------------------
 # Image: gleam
 #--------------------------------------
@@ -133,6 +141,7 @@ FROM base
 
 COPY --from=test-bazelisk /.dummy /.dummy
 COPY --from=test-bun /.dummy /.dummy
+COPY --from=test-devbox /.dummy /.dummy
 COPY --from=test-docker /.dummy /.dummy
 COPY --from=test-git /.dummy /.dummy
 COPY --from=test-git-lfs /.dummy /.dummy