Skip to content

boostsecurityio/lotp

Repository files navigation

Living Off the Pipeline (LOTP)

boostsecurityio - lotp stars - lotp forks - lotp issues - lotp License

View site - GH Pages

Introduction

The idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features ("foot guns"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.

Contributions

We welcome contributions submitted as Pull Requests with new tool contributions or simply Issues for new ideas.

License

Released under Apache 2.0 by @boostsecurityio.


Prior art / Credits

This project is largely inspired from previous projects such as: