Flowlyt Security Analyzer

Version updated for https://github.com/harekrishnarai/flowlyt to version v1.0.7.

• This action is used across all versions by 0 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Flowlyt is an AI-powered security analyzer designed to enhance the security of CI/CD pipelines by detecting vulnerabilities and misconfigurations in GitHub Actions and GitLab CI/CD workflows. It leverages advanced Abstract Syntax Tree (AST) analysis combined with AI-powered false positive reduction to provide faster, more accurate scans while minimizing noise. Key capabilities include multi-platform support, real-time vulnerability analysis, supply chain security focus, confidence scoring, and integration with industry-standard tools like SARIF and OSV.dev.

Release notes

Highlights

• Add shared code-context builder and embed codeContext in JSON findings
• Deduplicate findings in JSON and SARIF outputs
• Emit durationMs/durationNs in JSON for clear units
• Use raw code snippets and numeric security-severity in SARIF
• Reuse AI analyzer cache for single-finding analysis

Testing

• go test ./…

• harekrishnarai
• GitHub Actions