Phylum was founded by a team of security researchers at heart, and we take the security of our tooling seriously.
We love coordinated disclosure!
Please email [email protected] to start a conversation! We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each step of the way.
We really hope you don't have to do this, but some organizations still use SSL termination in a way where we can't reasonably enforce certificate pinning without breaking use of our CLI tool.
You can use the
--no-check-certificate argument to the CLI tool to disable certificate checking.
Updated about 1 month ago