The idea of the LOTP project is to inventory how development tools (typically CLIs), commonly used in CI/CD pipelines, have lesser-known RCE-By-Design features ("foot guns"), or more generally, can be used to achieve arbitrary code execution by running on untrusted code changes or following a workflow injection.
We welcome contributions submitted as Pull Requests with new tool contributions or simply Issues for new ideas.
Released under Apache 2.0 by @boostsecurityio.
This project is largely inspired from previous projects such as: