Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

jcode

https://github.com/1jehuang/jcode.git · scanned 2026-05-16 12:49 UTC (1 day, 9 hours ago) · 10 languages

102 findings (14 legacy + 88 scanner) 2/10 scanners ran 40th percentile · Rust · large (100-500K LoC) Scanner says 85 (lower by 15)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week ago · v4 · 100 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
81.5
/100
Repobility
78
12 legacy
9-layer
85
100.0% cov · 88 gaps
Critical
12
click to filter
Agents
6
0 votes
Crowd
0
reported
{# ── 2026-05-17 R27 #5: score breakdown panel ────────────────────── Surfaces the score_breakdown JSON that's been silently stored on Repository for months. Turns hidden math into a trust signal. #}
Score breakdown â 2026-05-17-v4 calibration-aware
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 80.4 0.25 20.10
testing_score 36.0 0.20 7.20
documentation_score 86.0 0.15 12.90
practices_score 65.0 0.15 9.75
code_quality 70.0 0.10 7.00
Overall 1.00 69.7
Calibrated penalty buckets (security_score): threat: 19.6
security_score may be inflated — optional scanners skipped due to repo size/fast scan
Severity distribution — click a segment to filter
Active filters: severity: info × excluding tests × Reset all
Severity: Critical 12 High 10 Medium 12 Low 60 Source: Legacy 12 9-layer 88 Crowd 0 Layer: Quality 70 Security 20 Software 8 Api 1 Frontend 1
Scan summary Repository scanned at 84.6/100 with 100.0% coverage. It contains 1723 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 88 findings — concentrated in quality (66), security (15), software (5). Risk profile is high: 12 critical, 0 high, 10 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 6 of 100 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

info 9-layer software depcruise conf 1.00 dependency-cruiser not installed — JS/TS module graph limited to regex
Repobility's software layer falls back to regex-based JS/TS imports when dependency-cruiser is missing. Install it for a proper module graph (resolves ES6/CommonJS, TS path aliases, dynamic imports): npm install -g dependency-cruiser # binary `depcruise` Override per-project timeout: REPOBILITY…
depcruisetoolingcoverage
info 9-layer security gitleaks conf 1.00 Gitleaks not installed — secret scanning over git history disabled
Repobility's secret-leak detection is limited without Gitleaks. Install Gitleaks for 150+ rules covering AWS, GCP, Stripe, Slack, GitHub tokens, JWTs, private keys, and more — including secrets buried in git history: brew install gitleaks # or `go install github.com/gitleaks/gitleaks/v8@latest` …
gitleakstoolingcoverage
info 9-layer api coverage conf 1.00 No API endpoints detected
The scanner did not find FastAPI/Flask/Express/NestJS/GraphQL/gRPC routes. If this repo exposes APIs, the framework may be unsupported.
coverage
info 9-layer frontend coverage conf 1.00 No frontend routes/components detected
No React/Vue/Next routes were found. This is fine for backend-only repos.
coverage
info 9-layer security semgrep conf 1.00 Semgrep not installed — security coverage limited to regex rules
Repobility's security layer falls back to hand-rolled regex when Semgrep is missing. Install Semgrep for 2,000+ rules + dataflow taint analysis: pipx install semgrep # or `pip install semgrep` Override rule pack: REPOBILITY_SEMGREP_CONFIG=p/owasp-top-ten,p/secrets
semgreptoolingcoverage
info 9-layer security trivy conf 1.00 Trivy not installed — vulnerability/misconfig/secret coverage limited
Repobility's security layer covers more ground when Trivy is installed. Trivy adds: CVE scanning of dependencies (NVD/GHSA), misconfig scanning (Dockerfile/K8s/Terraform), and secret detection. Install: brew install trivy # or see https://aquasecurity.github.io/trivy/latest/getting-started/inst…
trivytoolingcoverage
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/02c0aa3c-2fdb-4a26-b86f-531b60354fee/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/02c0aa3c-2fdb-4a26-b86f-531b60354fee/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.