diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 9bda5c90..d4df03a9 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -4,4 +4,4 @@
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {}
 	},
 	"postCreateCommand": "npm install -g @devcontainers/cli"
-}
+}
\ No newline at end of file
diff --git a/src/pep-cli-acc/.devcontainer.json b/src/pep-cli-acc/.devcontainer.json
new file mode 100644
index 00000000..b5af2946
--- /dev/null
+++ b/src/pep-cli-acc/.devcontainer.json
@@ -0,0 +1,66 @@
+{
+  "name": "PEP CLI (ACC)",
+  "dockerComposeFile": "docker-compose.yaml",
+  "service": "app",
+  "shutdownAction": "none",
+  "workspaceFolder": "/workspace",
+  "postCreateCommand": "./startupscript/post-startup.sh root /config \"${templateOption:cloud}\" \"${templateOption:login}\"; ./sudo-passwordless.sh abc",
+  // re-mount bucket files on container start up
+  "postStartCommand": [
+    "./startupscript/remount-on-restart.sh",
+    "root",
+    "/config",
+    "${templateOption:cloud}",
+    "${templateOption:login}"
+  ],
+  "features": {
+    "ghcr.io/devcontainers/features/java:1.6.3": {
+      "version": "17"
+    },
+    "ghcr.io/devcontainers/features/aws-cli:1.1.1": {},
+    "ghcr.io/dhoeric/features/google-cloud-cli:1.0.1": {},
+    "ghcr.io/coder/devcontainer-features/code-server:1": {
+      "port": 8080,
+      "host": "0.0.0.0",
+      "auth": "none"
+    },
+    "ghcr.io/devcontainers/features/go:1": {
+      "version": "1.22"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "3.12"
+    }
+  },
+  "remoteUser": "root",
+  "customizations": {
+    "workbench": {
+      "opens": {
+        "extensions": [
+          // Source.
+          ".c",
+          ".cjs",
+          ".cpp",
+          ".go",
+          ".java",
+          ".js",
+          ".mjs",
+          ".php",
+          ".scala",
+          ".sh",
+          ".ts",
+          // Documents
+          ".md",
+          ".html",
+          // Data
+          ".csv",
+          ".json",
+          ".jsonc",
+          ".tsv",
+          ".xml",
+          ".yml"
+        ],
+        "fileUrlSuffix": "?payload=[[\"openFile\",\"vscode-remote:///config/{path}\"]]"
+      }
+    }
+  }
+}
diff --git a/src/pep-cli-acc/README.md b/src/pep-cli-acc/README.md
new file mode 100644
index 00000000..c8b2827e
--- /dev/null
+++ b/src/pep-cli-acc/README.md
@@ -0,0 +1,17 @@
+
+# PEP Acceptance Image with VScode Server 
+
+A Template to run a vscode server on workbench.
+
+## Options
+
+| Options Id | Description | Type | Default Value |
+|-----|-----|-----|-----|
+| cloud | VM cloud environment | string | gcp |
+| login | Whether to log in to workbench CLI | string | false |
+
+
+
+---
+
+_Note: This file was auto-generated from the [devcontainer-template.json](https://github.com/verily-src/workbench-app-devcontainers/blob/main/src/vscode/devcontainer-template.json).  Add additional notes to a `NOTES.md`._
diff --git a/src/pep-cli-acc/docker-compose.yaml b/src/pep-cli-acc/docker-compose.yaml
new file mode 100644
index 00000000..0f0a32ec
--- /dev/null
+++ b/src/pep-cli-acc/docker-compose.yaml
@@ -0,0 +1,28 @@
+version: "2.4"
+services:
+  app:
+    container_name: "application-server"
+    image: "gitlabregistry.pep.cs.ru.nl/pep-public/core/ppp-acc"
+    restart: always
+    volumes:
+      - .:/workspace:cached
+      - work:/home/ubuntu:cached
+    ports:
+      - "8080:8080"
+    environment:
+      USER: "root"
+      DEFAULT_WORKSPACE: "/config"
+      SUDO_PASSWORD: "pwd"
+    networks:
+      - app-network
+    cap_add:
+      - SYS_ADMIN
+    devices:
+      - /dev/fuse
+    security_opt:
+      - apparmor:unconfined
+networks:
+  app-network:
+    external: true
+volumes:
+  work:
diff --git a/src/pep-cli-acc/sudo-passwordless.sh b/src/pep-cli-acc/sudo-passwordless.sh
new file mode 100755
index 00000000..d14bd0a1
--- /dev/null
+++ b/src/pep-cli-acc/sudo-passwordless.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# This script is used to set up passwordless sudo for the core user on the VM.
+# It requires to be run with root priviledges and USER_NAME to be set in the environment.
+# It is typically called from post-startup.sh.
+
+USER_NAME="${1}"
+
+if [[ -z "${USER_NAME}" ]]; then
+  echo "Usage: $0 <username>"
+  exit 1
+fi
+
+sudoers_file="/etc/sudoers"
+sudoers_d_file="/etc/sudoers.d/${USER_NAME}"
+
+# Make sure user exists
+if ! id "${USER_NAME}" &>/dev/null; then
+  echo "User ${USER_NAME} does not exist."
+  exit 1
+fi
+
+# Check if there's an old rule in the main sudoers file that requires a password
+if grep -q "^${USER_NAME} ALL=(ALL:ALL) ALL" "${sudoers_file}"; then
+  echo "Found password-requiring rule for ${USER_NAME} in /etc/sudoers. Commenting it out."
+  
+  # Comment out the old rule in /etc/sudoers
+  sed -i "s/^${USER_NAME} ALL=(ALL:ALL) ALL/# ${USER_NAME} ALL=(ALL:ALL) ALL/" "${sudoers_file}"
+fi
+
+echo "${USER_NAME} ALL=(ALL) NOPASSWD:ALL" > "${sudoers_d_file}"
+chmod 440 "${sudoers_d_file}"
+
+echo "User ${USER_NAME} has been given passwordless sudo access."