If you discover a security vulnerability in Flowlyt, please send an email to hi@harekrishnarai.me with details about the issue. Please include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggestions for mitigations (if any)

I'll do my best to respond promptly and work with you to address the issue.

When using Flowlyt:

• Keep your installation updated to the latest version
• Follow remediation advice provided in scan reports
• Consider using Flowlyt in your CI pipeline to automate workflow scanning

• Use --entropy-threshold to adjust sensitivity of secret detection
• Use --policy to provide custom policy files
• Use --no-default-rules to disable default rules if needed

For more information on securing GitHub Actions workflows:

• GitHub Actions Security Hardening Guide
• OWASP Top 10 CI/CD Security Risks