High-risk tools in Coolify
7 of the 45 tools in Coolify are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
controlExecuteStart/stop/restart app, database, or service
-
deployExecuteDeploy by tag/UUID. Use pr param for PR preview deployments (requires GitHub app integration).
-
deploymentExecuteManage deployment: get/cancel/list_for_app (logs excluded by default, use lines param to include)
-
docker_network_aliasExecuteWorkaround for Coolify upstream bug: DB containers are aliased by UUID only, not by friendly name. Generates SSH commands to add the friendly-name alias. Run after database crea...
-
redeploy_projectExecuteRedeploy all apps in project
-
restart_project_appsExecuteRestart all apps in project
-
stop_all_appsExecuteEMERGENCY: Stop all running apps
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.