Represents a gitlab-runner manager process — the agent that manages one or more runner instances and communicates with the GitLab instance to poll for and execute jobs. Multiple runner instances can be managed by a single manager process. The runner manager exposes host-level properties such as IP address, OS platform, and executor type, which are critical for lateral movement analysis.
When enrichment data is available from BloodHound (Active Directory), GL_HostedOn edges are added from runner manager nodes to Computer nodes matched by IP address.
| Property Name | Data Type | Description |
|---|---|---|
| name | string | Manager display name (typically platform system_id) |
| system_id | string | Unique system identifier of the runner manager |
| ip_address | string | IP address of the host running the runner manager |
| version | string | gitlab-runner version |
| revision | string | gitlab-runner build revision |
| architecture | string | CPU architecture (e.g., x86_64, arm64) |
| platform | string | OS platform (e.g., linux, windows, darwin) |
| executor | string | Job executor type (e.g., docker, shell, kubernetes) |
| created_at | datetime | When this runner manager was first registered |
| contacted_at | datetime | Last contact with the GitLab instance |
| status | string | Current status: online or offline |
| job_exec_status | string | Current job execution status |
flowchart TD
GL_Runner[fa:fa-gears GL_Runner]
GL_RunnerManager[fa:fa-server GL_RunnerManager]
Computer[fa:fa-desktop Computer]
GL_Runner -.->|GL_ManagedBy| GL_RunnerManager
GL_RunnerManager -.->|GL_HostedOn| Computer