Tr4L
Tr4L
Exactly. https://slides.com/tr4l/2024#/5/6 Le ven. 30 août 2024, 01:26, Adnan Khan ***@***.***> a écrit : > Something like this? So it seems like any form of injection where we can >...
Note: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Maven.gitlab-ci.yml You can achieve the same on GITLAB with old version of maven by using `MAVEN_CLI_OPTS` env
Trivy also allow a client/server mode: https://trivy.dev/latest/docs/references/modes/client-server/ The attack path will probably then depend on the "scanner" used. With template, you can exfiltrate env (like what you did on https://github.com/boostsecurityio/lotp/blob/main/_tool/trivy.md)...
(Some slide hard to follow without the speacker https://slides.com/tr4l/nuget )