- Source: GL_ProjectRole
- Destination: GL_Project
The non-traversable GL_ManageRunners edge indicates that a role can enable or disable runners for this project and manage runner-to-project assignments. Maintainer role and above typically have this permission.
Although non-traversable, this edge is significant because assigning a malicious or attacker-controlled runner to a project allows interception of job execution: the runner can steal CI/CD variables, inject arbitrary commands, exfiltrate secrets from the build environment, and perform man-in-the-middle attacks on pipeline logic. Conversely, an attacker can disable legitimate runners to cause CI/CD disruption.
graph LR
maintRole("fa:fa-user-tie GL_ProjectRole myproject/Maintainer")
project("fa:fa-diagram-project GL_Project myorg/backend")
runner("fa:fa-gears GL_Runner malicious-runner")
maintRole -.->|GL_ManageRunners| project
project -.->|GL_CanUseRunner| runner