Intentionally vulnerable ARKO-style demo application. Do not deploy.
Desktop dispatch and manifest utility written in Object Pascal with a Delphi-style project layout. Like the other DevSecAI demo repos, it includes seeded application findings, CI, Docker, Kubernetes, Terraform, and smoke tests.
Stack: Object Pascal · Free Pascal build chain · Docker · Kubernetes · Terraform · GitHub Actions
Coverage: 11 SAST · 6 IaC · 3 pipeline findings across OWASP Top 10 themes including broken access control, cryptographic failures, injection, insecure design, integrity failures, and SSRF. See DEMO.md and demo.yaml.
dispatch <job-id>validates a dispatch request using operator context.print <job-id> <target-path>writes a route manifest to a caller-provided path.mirror <job-id> <callback-url>mirrors a dispatch event to a partner endpoint.report <job-id> <html-path>writes an operator-facing HTML report.invoice <job-id> <customer-id>builds the invoice query sent to the ledger.inspect <job-id> <source-path>previews a local manifest or session file.plugin <job-id> <plugin-name>executes a named dispatch hook.
brew install fpc
makemake testDISPATCH_OPERATOR=night-shift ./bin/relayops-dispatch dispatch JOB-1001
DISPATCH_OPERATOR=night-shift ./bin/relayops-dispatch print JOB-1001 /tmp/job-1001.txt
DISPATCH_OPERATOR=night-shift ./bin/relayops-dispatch mirror JOB-1001 https://partner.example.net/callback
RELAYOPS_NOTE='<img src=x onerror=alert(1)>' ./bin/relayops-dispatch report JOB-1001 /tmp/job-1001.html
./bin/relayops-dispatch invoice JOB-1001 CUST-2209
./bin/relayops-dispatch inspect JOB-1001 /etc/hosts
./bin/relayops-dispatch plugin JOB-1001 normalize.shsrc/Object Pascal application codetests/smoke checks used by CIinfra/k8s/intentionally weak Kubernetes manifestsinfra/terraform/intentionally weak Terraform resources.github/workflows/ci.ymlintentionally imperfect build pipeline