Project README

Living Off the Pipeline (LOTP)

Introduction

The idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features ("foot guns"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.

Contributions

We welcome contributions submitted as Pull Requests with new tool contributions or simply Issues for new ideas.

License

Released under Apache 2.0 by @boostsecurityio.

Prior art / Credits

This project is largely inspired from previous projects such as:

Open Source Agenda is not affiliated with "Lotp" Project. README Source: boostsecurityio/lotp

Stars

Open Issues

Last Commit

1 month ago

Repository

boostsecurityio/lotp

License

AGPL-3.0 Apache-2.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/lotp"><img src="https://www.opensourceagenda.com/projects/lotp/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

Lotp Save

Living Off the Pipeline (LOTP)

Introduction

Contributions

License

Prior art / Credits

Open Source Agenda Badge

From the blog

How to Choose Which Programming Language to Learn First?

From the blog

How to Choose Which Programming Language to Learn First?