Security
How we approach security in Redactyl.
Local-First Design
The Redactyl CLI operates entirely on your machine. No data is sent to external servers. Your source code, container images, and any secrets found never leave your environment.
Open Source Transparency
Redactyl is fully open source under the Apache 2.0 license. You can inspect the code, verify its behavior, and audit it for your own security requirements.
Reporting Vulnerabilities
If you discover a security vulnerability in Redactyl, please report it responsibly:
- Use GitHub Security Advisories to report privately
- Or contact us directly
- Please do not publicly disclose until we have had time to respond
We aim to acknowledge reports within 48 hours and provide updates within 7 days.