Skip to content
This repository was archived by the owner on Sep 3, 2024. It is now read-only.

ovotech/gitoops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitOops!
😱

all paths lead to clouds


GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

It works by mapping relationships between a GitHub organization and its CI/CD jobs and environment variables. It'll use any Bolt-compatible graph database as backend, so you can query your attack paths with openCypher:

MATCH p=(:User{login:"alice"})-[*..5]->(v:EnvironmentVariable)
WHERE v.name =~ ".*SECRET.*"
RETURN p

GitOops takes inspiration from tools like Bloodhound and Cartography.

Check out the docs, some more example queries and our BSides London talk.

About

all paths lead to clouds

Topics

Resources

License

Stars

640 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors