Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
107 of your 133 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 8.2s · analysis 25.96s · 47.5 MB · GitHub API rate-limit (preflight)

git/git

https://github.com/git/git · scanned 2026-06-05 09:29 UTC (5 days, 17 hours ago) · 10 languages

437 raw signals (127 security + 310 graph) 11/13 scanners ran 38th percentile · C · large (100-500K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 17 hours ago · v2 · 165 actionable findings from 2 signal sources. 115 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
73.1
/100
Security checks
83
39 findings
System graph
63
88.9% cov · 126 findings
Critical
6
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 15.0 0.20 3.00
documentation_score 45.0 0.15 6.75
practices_score 77.0 0.15 11.55
code_quality 54.0 0.10 5.40
Overall 1.00 64.5
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 6 High 8 Medium 87 Low 44 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 39 System graph 126 Crowd 0 Layer: Quality 61 Security 31 Software 10 Cicd 2 Api 1 Network 60
Scan summary Quality grade C+ (64/100). Dimensions: security 100, maintainability 85. 127 findings (46 security). 443,199 lines analyzed.

Showing 138 of 165 actionable findings. 280 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED013] Password In Url: https://user:password@host — leaks creds via logs, referrer, error messages.
Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context.
3 files, 3 locations
t/t0302-credential-store.sh:48
t/t5564-http-proxy.sh:28
t/unit-tests/u-urlmatch-normalization.c:207
critical Security checks quality Quality conf 1.00 [SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3).
Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC.
t/lib-git-p4.sh:196
critical System graph security Secrets conf 1.00 Possible secret in t/lib-gitweb.sh
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
t/lib-gitweb.sh:8
critical System graph security Secrets conf 1.00 Possible secret in t/t5580-unc-paths.sh
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
t/t5580-unc-paths.sh:11
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic.
Review and fix per the pattern semantics. See CWE-78 / for context.
compat/vcbuild/scripts/lib.pl:26
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic.
Review and fix per the pattern semantics. See CWE-78 / for context.
compat/vcbuild/scripts/clink.pl:133
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.
Review and fix per the pattern semantics. See CWE-78 / for context.
3 files, 3 locations
compat/vcbuild/scripts/clink.pl:133
compat/vcbuild/scripts/lib.pl:26
t/helper/test-drop-caches.c:126
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks.
Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group.
t/t4053-diff-no-index.sh:199
high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences [MINED108] `self.generateTempFile` used but never assigned in __init__: Method `exceedsLargeFileThreshold` of class `LargeFileSystem` reads `self.generateTempFile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.generateTempFile = <default>` in __init__, or add a class-level default.
lines 1501, 1529, 1530, 1531, 1540, 1542, 1643, 1649, +13 more
git-p4.py:1501, 1529, 1530, 1531, 1540, 1542, 1643, 1649, +13 more (25 hits)
high Security checks software dependencies conf 0.90 ✓ Repobility 15 occurrences [MINED126] Workflow container/services image `ubuntu:rolling` unpinned: `container/services image: ubuntu:rolling` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
Replace with `ubuntu:rolling@sha256:<digest>`. Re-pin via Dependabot Docker scope.
2 files, 15 locations
.github/workflows/main.yml:380, 383, 386, 391, 393, 395, 398, 401, +6 more (14 hits)
t/unit-tests/clar/.github/workflows/ci.yml:25
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 33 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…
6 files, 33 locations
.github/workflows/main.yml:66, 115, 126, 143, 160, 176, 179, 211, +7 more (23 hits)
.github/workflows/coverity.yml:41, 101, 144 (5 hits)
t/unit-tests/clar/.github/workflows/ci.yml:56 (2 hits)
.github/workflows/check-style.yml:23
.github/workflows/check-whitespace.yml:22
.github/workflows/l10n.yml:66
CI/CD securitySupply chainGitHub Actions
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 12 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `git-for-windows/setup-git-for-windows-sdk` pinned to mutable ref `@v2`: `uses: git-for-windows/setup-git-for-windows-sdk@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly a…
3 files, 12 locations
.github/workflows/main.yml:116, 150, 177, 184, 189, 227 (8 hits)
.github/workflows/coverity.yml:44 (2 hits)
.github/workflows/l10n.yml:95 (2 hits)
CI/CD securitySupply chainGitHub Actions
high System graph security security conf 1.00 Insecure pattern 'tls_verify_false' in git-p4.py:1840
Found a known-risky pattern (tls_verify_false). Review and replace if possible.
git-p4.py:1840 Tls verify false
medium Security checks quality Quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `run_git_hook` (list): `def run_git_hook(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def run_git_hook(x=None): x = x or []`
git-p4.py:318
low Security checks security Deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
t/lib-git-p4.sh:196
medium Security checks security Crypto conf 1.00 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.
Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed.
t/t1460-refs-migrate.sh:32
low Security checks quality Error handling conf 0.55 ✓ Repobility 5 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
lines 273, 311, 2683, 3118, 3181
git-p4.py:273, 311, 2683, 3118, 3181 (5 hits)
Error handlingquality
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in git-p4.py:2294
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
git-p4.py:2294 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in git-merge-octopus.sh:54
Found a known-risky pattern (weak_hash). Review and replace if possible.
git-merge-octopus.sh:54 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in src/hash.rs:213
Found a known-risky pattern (weak_hash). Review and replace if possible.
src/hash.rs:213 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in src/loose.rs:697
Found a known-risky pattern (weak_hash). Review and replace if possible.
src/loose.rs:697 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t0040-parse-options.sh:186
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t0040-parse-options.sh:186 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t0600-reffiles-backend.sh:316
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t0600-reffiles-backend.sh:316 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t0612-reftable-jgit-compatibility.sh:22
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t0612-reftable-jgit-compatibility.sh:22 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1050-large.sh:188
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1050-large.sh:188 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1400-update-ref.sh:261
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1400-update-ref.sh:261 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1405-main-ref-store.sh:59
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1405-main-ref-store.sh:59 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1406-submodule-ref-store.sh:54
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1406-submodule-ref-store.sh:54 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1407-worktree-ref-store.sh:23
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1407-worktree-ref-store.sh:23 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1512-rev-parse-disambiguation.sh:110
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1512-rev-parse-disambiguation.sh:110 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t1901-repo-structure.sh:76
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t1901-repo-structure.sh:76 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t2400-worktree-add.sh:253
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t2400-worktree-add.sh:253 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t3304-notes-mixed.sh:129
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t3304-notes-mixed.sh:129 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t5300-pack-object.sh:589
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t5300-pack-object.sh:589 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t5310-pack-bitmaps.sh:223
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t5310-pack-bitmaps.sh:223 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t5319-multi-pack-index.sh:57
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t5319-multi-pack-index.sh:57 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t5516-fetch-push.sh:1307
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t5516-fetch-push.sh:1307 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t5550-http-fetch-dumb.sh:90
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t5550-http-fetch-dumb.sh:90 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in t/t7400-submodule-basic.sh:479
Found a known-risky pattern (weak_hash). Review and replace if possible.
t/t7400-submodule-basic.sh:479 Weak hash
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — git-p4.py:332
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph network Security conf 1.00 Privileged port 10 in use
Port 10 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4150-am.sh Ports
medium System graph network Security conf 1.00 Privileged port 108 in use
Port 108 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3310-notes-merge-manual-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 11 in use
Port 11 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1300-config.sh Ports
medium System graph network Security conf 1.00 Privileged port 12 in use
Port 12 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t6120-describe.sh Ports
medium System graph network Security conf 1.00 Privileged port 13 in use
Port 13 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t8008-blame-formats.sh Ports
medium System graph network Security conf 1.00 Privileged port 161 in use
Port 161 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3404-rebase-interactive.sh Ports
medium System graph network Security conf 1.00 Privileged port 168 in use
Port 168 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3206-range-diff.sh Ports
medium System graph network Security conf 1.00 Privileged port 17 in use
Port 17 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3301-notes.sh Ports
medium System graph network Security conf 1.00 Privileged port 18 in use
Port 18 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 19 in use
Port 19 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3301-notes.sh Ports
medium System graph network Security conf 1.00 Privileged port 20 in use
Port 20 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t8007-cat-file-textconv.sh Ports
medium System graph network Security conf 1.00 Privileged port 23 in use
Port 23 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 24 in use
Port 24 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3301-notes.sh Ports
medium System graph network Security conf 1.00 Privileged port 256 in use
Port 256 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3311-notes-merge-fanout.sh Ports
medium System graph network Security conf 1.00 Privileged port 26 in use
Port 26 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3311-notes-merge-fanout.sh Ports
medium System graph network Security conf 1.00 Privileged port 27 in use
Port 27 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3301-notes.sh Ports
medium System graph network Security conf 1.00 Privileged port 28 in use
Port 28 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t6404-recursive-merge.sh Ports
medium System graph network Security conf 1.00 Privileged port 29 in use
Port 29 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 3 in use
Port 3 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t7501-commit-basic-functionality.sh Ports
medium System graph network Security conf 1.00 Privileged port 30 in use
Port 30 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 31 in use
Port 31 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 32 in use
Port 32 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 33 in use
Port 33 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 345 in use
Port 345 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 35 in use
Port 35 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t9300-fast-import.sh Ports
medium System graph network Security conf 1.00 Privileged port 369 in use
Port 369 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 38 in use
Port 38 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 380 in use
Port 380 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t5515-fetch-merge-logic.sh Ports
medium System graph network Security conf 1.00 Privileged port 41 in use
Port 41 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 42 in use
Port 42 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 43 in use
Port 43 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 44 in use
Port 44 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 45 in use
Port 45 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1400-update-ref.sh Ports
medium System graph network Security conf 1.00 Privileged port 46 in use
Port 46 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t1300-config.sh Ports
medium System graph network Security conf 1.00 Privileged port 47 in use
Port 47 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 50 in use
Port 50 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 51 in use
Port 51 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 52 in use
Port 52 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 58 in use
Port 58 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 59 in use
Port 59 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t9604-cvsimport-timestamps.sh Ports
medium System graph network Security conf 1.00 Privileged port 609 in use
Port 609 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 63 in use
Port 63 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3310-notes-merge-manual-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 667 in use
Port 667 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 673 in use
Port 673 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3206-range-diff.sh Ports
medium System graph network Security conf 1.00 Privileged port 71 in use
Port 71 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 72 in use
Port 72 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 736 in use
Port 736 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3206-range-diff.sh Ports
medium System graph network Security conf 1.00 Privileged port 76 in use
Port 76 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t0000-basic.sh Ports
medium System graph network Security conf 1.00 2 occurrences Privileged port 775 in use
Port 775 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
2 occurrences
t/t4002-diff-basic.sh (2 hits)
Ports
medium System graph network Security conf 1.00 Privileged port 81 in use
Port 81 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 82 in use
Port 82 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3206-range-diff.sh Ports
medium System graph network Security conf 1.00 Privileged port 83 in use
Port 83 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 87 in use
Port 87 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t5515-fetch-merge-logic.sh Ports
medium System graph network Security conf 1.00 Privileged port 901 in use
Port 901 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3310-notes-merge-manual-resolve.sh Ports
medium System graph network Security conf 1.00 Privileged port 938 in use
Port 938 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t4002-diff-basic.sh Ports
medium System graph network Security conf 1.00 Privileged port 940 in use
Port 940 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t5319-multi-pack-index.sh Ports
medium System graph network Security conf 1.00 Privileged port 988 in use
Port 988 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3308-notes-merge.sh Ports
medium System graph network Security conf 1.00 Privileged port 993 in use
Port 993 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
t/t3309-notes-merge-auto-resolve.sh Ports
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
1 test file(s) for 20 source file(s) (ratio 0.05). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks quality Quality conf 0.60 8 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
7 files, 8 locations
compat/regex/regex.h:3, 4 (2 hits)
builtin/ls-tree.c:11
builtin/show-ref.c:194
compat/obstack.h:3
compat/regex/regex_internal.h:2
compat/simple-ipc/ipc-win32.c:127
kwset.h:2
duplicationquality
low Security checks quality Documentation No LICENSE file
Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).
low System graph quality Maintenance conf 1.00 217 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: contrib/fast-import/import-zips.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: git-gui/lib/win32_shortcut.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 8 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: git-p4.py:decode_text_stream, git-p4.py:decode_text_stream This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
8 occurrences
repo-level (8 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: git-p4.py:generatePointer, git-p4.py:generatePointer, git-p4.py:generatePointer This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 7 places
Functions with the same first-5-line body hash: git-p4.py:run_git_hook, git-p4.py:run, git-p4.py:run, git-p4.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
duplicatesduplication
low System graph software Dead code conf 1.00 Possibly dead Python function: cloneExcludeCallback
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:2894
low System graph software Dead code conf 1.00 Possibly dead Python function: encoded_write
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:4030
low System graph software Dead code conf 1.00 Possibly dead Python function: encodeWithUTF8
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:3115
low System graph software Dead code conf 1.00 Possibly dead Python function: ensure_value
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:1673
low System graph software Dead code conf 1.00 Possibly dead Python function: format_description
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:4538
low System graph software Dead code conf 1.00 Possibly dead Python function: streamP4FilesCbSelf
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
git-p4.py:3326
low System graph quality Complexity conf 1.00 Very large file: contrib/completion/git-completion.bash (4027 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: contrib/subtree/t/t7900-subtree.sh (1951 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: git-gui/git-gui.sh (3978 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: git-p4.py (4628 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/for-each-ref-tests.sh (2152 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t1092-sparse-checkout-compatibility.sh (2576 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t1300-config.sh (2949 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t1400-update-ref.sh (2472 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t3200-branch.sh (1720 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t3404-rebase-interactive.sh (2345 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t4014-format-patch.sh (2707 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t4015-diff-whitespace.sh (2469 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t4202-log.sh (2415 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t5510-fetch.sh (1942 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t5516-fetch-push.sh (1946 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t5702-protocol-v2.sh (1528 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t6423-merge-rename-directories.sh (6066 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t7004-tag.sh (2364 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t7513-interpret-trailers.sh (1992 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t7810-grep.sh (1990 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t7900-maintenance.sh (1603 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t9001-send-email.sh (2851 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t9300-fast-import.sh (3934 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/t9902-completion.sh (3253 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: t/test-lib.sh (2013 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/1c561cf2-5600-4ddc-8e44-4c536211ab9a/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/1c561cf2-5600-4ddc-8e44-4c536211ab9a/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.