Back to search
Top Contributors
156
commits
5
commits
3
commits
1
commits
1
commits
1
commits
Flowlyt is a security analyzer that scans GitHub Actions workflows to detect malicious patterns, misconfigurations, and secrets exposure, helping enforce secure CI/CD practices.
Stars
15
Forks
5
Watchers
15
Open Issues
2
Overall repository health assessment
No package.json found
This might not be a Node.js project
156
commits
5
commits
3
commits
1
commits
1
commits
1
commits
Merge pull request #35 from harekrishnarai/fix/security-shell-injection
af94e19View on GitHubfix(security): eliminate all shell injection via ${{ inputs.* }} in run blocks
909831fView on GitHubfix(security): prevent shell injection by binding inputs to env vars in action.yml
1a5ff77View on GitHubMerge pull request #34 from harekrishnarai/fix/artifact-poisoning-dedup-and-bar-ux
e3ff771View on GitHubfix(rules): deduplicate ARTIFACT_POISONING — use HasPrefix for absolute paths, one finding per step; fix(ai): print findings before bar update for clean scrolling UX
49bba5cView on GitHubdocs: update CHANGELOG for v1.0.10, v1.0.11, and v1.1.0
b307c1bView on GitHubfeat(ai): batch dispatch, class-specific prompts, heuristic pre-filter, streaming UX
ae9e168View on GitHubfix(ai): use partial AI results on timeout; remove unused --ai-workers flag
953fc91View on GitHubfix(ai): correct AIVerified semantics for skipped findings; render AIRemediation and AISkipped in reports
735344cView on GitHubfix(ai): propagate AISkipped, AISkipReason, AIRemediation to rules.Finding
0456099View on GitHubfix(ai): remove duplicate per-finding printf from main.go conversion loop
5957289View on GitHubfeat(ai): surface Remediation, AISkipped, AISkipReason in CLI output
402dbf2View on GitHubfix(ai): remove dead maxWorkers field, fix context timeout scope, flush cache on timeout
b7fec2bView on GitHub