Security

Swarm is designed with layered controls across authentication, authorization, execution boundaries, and audit logging.

Customers should map these controls to their internal security standards before enabling broad production access.

User authentication and organization membership determine who can trigger or review runs.

Integration credentials should be scoped to least privilege and rotated according to your security policy.

Swarm supports scoped execution controls to reduce repository blast radius and enforce guardrails for automated changes.

Teams should configure approvals, branch protections, and required checks to align with their release process.

Run timelines and event logs are available for traceability and post-incident analysis.

Monitoring and alerting should be integrated with your existing incident-response workflows.

If you discover a vulnerability, report it through your Swarm support channel with enough detail to reproduce safely.

Do not publicly disclose sensitive exploit details until mitigation guidance is available.