- Source: GL_Runner
- Destination: GL_RunnerManager
The non-traversable GL_ManagedBy edge connects a runner instance to the gitlab-runner manager process that operates it. Multiple runner instances can be managed by the same manager process. This edge is created during runner enumeration when manager details are available.
While not directly traversable, GL_ManagedBy is essential for host-level lateral movement analysis: by following GL_BuildsOn → GL_Runner → GL_ManagedBy → GL_RunnerManager → GL_HostedOn → Computer, an attacker can identify which physical or virtual hosts are reachable by executing code in a given pipeline branch.
graph LR
runner("fa:fa-gears GL_Runner shared-runner-01")
manager("fa:fa-server GL_RunnerManager linux-runner-host")
computer("fa:fa-desktop Computer runner-host-01")
runner -.->|GL_ManagedBy| manager
manager -.->|GL_HostedOn| computer