← Back to scan
File as GitHub Issue repo: yugabyte/yugabyte-db

Push this scan report to yugabyte/yugabyte-db

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Mutable default argument in `stream_partition_and_chunk` (dict)

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
MED MINED109 [MINED109] Mutable default argument in `ProcessFile` (list): `def ProcessFile(... = []/{}… src/lint/cpplint.py:6367
MED MINED109 [MINED109] Mutable default argument in `ProcessFileData` (list): `def ProcessFileData(...… src/lint/cpplint.py:6234
MED MINED109 [MINED109] Mutable default argument in `ProcessLine` (list): `def ProcessLine(... = []/{}… src/lint/cpplint.py:6083
MED MINED109 [MINED109] Mutable default argument in `process_pdf_data` (dict): `def process_pdf_data(.… python/ai/rag_agent/pdf_processing/proc…:186
MED MINED109 [MINED109] Mutable default argument in `stream_partition_and_chunk` (dict): `def stream_p… python/ai/rag_agent/rag_pipeline/partit…:86
MED MINED109 [MINED109] Mutable default argument in `process_html_data` (dict): `def process_html_data… python/ai/rag_agent/html_processing/pro…:173
MED MINED109 [MINED109] Mutable default argument in `sync_inline_thirdparty` (list): `def sync_inline_… python/yugabyte/inline_thirdparty.py:239
MED MINED109 [MINED109] Mutable default argument in `set_env_on_spark_worker` (dict): `def set_env_on_… python/yugabyte/yb_dist_tests.py:79
MED MINED109 [MINED109] Mutable default argument in `download_url` (list): `def download_url(... = []/… python/yugabyte/download_and_extract_ar…:128
MED MINED109 [MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set()… python/yugabyte/lto.py:164
MED MINED109 [MINED109] Mutable default argument in `get_obj_paths_from_static_library` (list): `def g… python/yugabyte/lto.py:130
MED MINED109 [MINED109] Mutable default argument in `init_spark_context` (list): `def init_spark_conte… python/yugabyte/run_tests_on_spark.py:275
MED MINED109 [MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set()… managed/devops/opscli/ybops/cloud/commo…:85
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/cloud/aws/u…:304
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/cloud/azure…:291
MED MINED109 [MINED109] Mutable default argument in `create_or_update_vm` (list): `def create_or_updat… managed/devops/opscli/ybops/cloud/azure…:890
MED MINED109 [MINED109] Mutable default argument in `_create_instance` (list): `def _create_instance(.… managed/devops/opscli/ybops/cloud/azure…:863
MED MINED109 [MINED109] Mutable default argument in `change_instance_type` (list): `def change_instanc… managed/devops/opscli/ybops/cloud/azure…:747
MED MINED109 [MINED109] Mutable default argument in `network` (dict): `def network(... = []/{}/set())`… managed/devops/opscli/ybops/cloud/azure…:430
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/cloud/oci/c…:63
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/scripts/gen…:168
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/scripts/gen…:140
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/scripts/gen…:111
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/scripts/gen…:87
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/scripts/gen…:67
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/utils/remot…:322
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/opscli/ybops/utils/remot…:244
MED MINED109 [MINED109] Mutable default argument in `promote_release` (list): `def promote_release(...… managed/devops/opscli/ybops/utils/repli…:98
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_backup.py:3650
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_backup.py:2994
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_backup.py:4121
MED MINED109 [MINED109] Mutable default argument in `run_ssh_cmd` (dict): `def run_ssh_cmd(... = []/{}… managed/devops/bin/yb_backup.py:2298
MED MINED109 [MINED109] Mutable default argument in `run_tool` (dict): `def run_tool(... = []/{}/set()… managed/devops/bin/yb_backup.py:1788
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_netprob.py:374
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_netprob.py:280
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_netprob.py:252
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/yb_platform_util.py:75
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/run_node_action.py:449
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/devops/bin/run_node_action.py:431
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/node-agent/ybops/node_agent/rpc…:378
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/node-agent/ybops/node_agent/rpc…:292
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/node-agent/ybops/node_agent/rpc…:247
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… managed/node-agent/ybops/node_agent/rpc…:194
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/k8s_ybc_parent.py:160
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… build-support/lint.py:430
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… managed/src/main/java/com/yugabyte/yw/c…:193
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… managed/src/main/java/com/yugabyte/yw/m…:199
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… managed/src/main/java/com/yugabyte/yw/c…:275
MED SEC037 [SEC037] Uncontrolled Recursion — stack/depth exhaustion: Parsing arbitrary-depth user in… managed/src/main/java/com/yugabyte/yw/c…:107
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … java/yb-sample/src/main/java/org/yb/YbS…:43
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … java/yb-sample/src/main/java/org/yb/Sim…:32
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … java/yb-sample/src/main/java/org/yb/Lar…:34
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… java/yb-loadtester/src/main/java/com/yu…:73
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… java/yb-cql-4x/src/main/java/com/yugaby…:99
MED SEC034 [SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logge… java/yb-cql-4x/src/main/java/com/yugaby…:94
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. managed/src/main/java/com/yugabyte/yw/c…:98
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. managed/src/main/java/com/yugabyte/yw/c…:107
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. build-support/stabilize_auto_flags_list…:54
MED COMP001 [COMP001] High cognitive complexity: Function `MakeRelativePathsInFlagsAbsolute` has cogn… .ycm_extra_conf.py:93
MED DKR003 Compose service `anon-how-to-pandocker` image uses the latest tag src/postgres/third-party-extensions/pos…:2
MED DKR003 Compose service `nginx` image uses the latest tag managed/docker-compose.yml:60
MED DKR003 Compose service `postgres` image uses the latest tag managed/docker-compose.yml:42
MED DKR003 Compose service `thirdparty-deps` image uses the latest tag managed/docker-compose.yml:95
MED DKR003 Compose service `yugabyte-base` image uses the latest tag managed/docker-compose.yml:28
MED DKR003 Compose service `yugaware` image uses the latest tag managed/docker-compose.yml:4
MED DKR003 Dockerfile base image uses the latest tag src/postgres/third-party-extensions/pos…:10
MED DKR003 Dockerfile base image uses the latest tag src/odyssey/docker/Dockerfile:1
MED DKR003 Dockerfile base image uses the latest tag .devcontainer/Dockerfile:1
MED DKR003 Dockerfile base image uses the latest tag .cursor/Dockerfile:1
MED DKR003 Dockerfile base image uses the latest tag .claude/Dockerfile:1
MED MINED124 [MINED124] requirements.txt: `yugabyte_pycommon` has no version pin: Unpinned pip require… requirements.txt:25
MED MINED124 [MINED124] requirements.txt: `wheel` has no version pin: Unpinned pip requirement means e… requirements.txt:24
MED MINED124 [MINED124] requirements.txt: `watchdog` has no version pin: Unpinned pip requirement mean… requirements.txt:23
MED MINED124 [MINED124] requirements.txt: `types-requests` has no version pin: Unpinned pip requiremen… requirements.txt:22
MED MINED124 [MINED124] requirements.txt: `types-psutil` has no version pin: Unpinned pip requirement … requirements.txt:21
MED MINED124 [MINED124] requirements.txt: `sys-detection` has no version pin: Unpinned pip requirement… requirements.txt:20
MED MINED124 [MINED124] requirements.txt: `six` has no version pin: Unpinned pip requirement means eve… requirements.txt:19
MED MINED124 [MINED124] requirements.txt: `semantic-version` has no version pin: Unpinned pip requirem… requirements.txt:18
MED MINED124 [MINED124] requirements.txt: `ruamel.yaml` has no version pin: Unpinned pip requirement m… requirements.txt:17
MED MINED124 [MINED124] requirements.txt: `pytest` has no version pin: Unpinned pip requirement means … requirements.txt:16
MED MINED124 [MINED124] requirements.txt: `pygithub` has no version pin: Unpinned pip requirement mean… requirements.txt:15
MED MINED124 [MINED124] requirements.txt: `pycodestyle` has no version pin: Unpinned pip requirement m… requirements.txt:14
MED MINED124 [MINED124] requirements.txt: `psutil` has no version pin: Unpinned pip requirement means … requirements.txt:13
MED MINED124 [MINED124] requirements.txt: `packaging` has no version pin: Unpinned pip requirement mea… requirements.txt:12
MED MINED124 [MINED124] requirements.txt: `overrides` has no version pin: Unpinned pip requirement mea… requirements.txt:11
MED MINED124 [MINED124] requirements.txt: `mypy` has no version pin: Unpinned pip requirement means ev… requirements.txt:10
MED MINED124 [MINED124] requirements.txt: `llvm-installer` has no version pin: Unpinned pip requiremen… requirements.txt:9
MED MINED124 [MINED124] requirements.txt: `downloadutil` has no version pin: Unpinned pip requirement … requirements.txt:8
MED MINED124 [MINED124] requirements.txt: `distro` has no version pin: Unpinned pip requirement means … requirements.txt:7
MED MINED124 [MINED124] requirements.txt: `compiler-identification` has no version pin: Unpinned pip r… requirements.txt:6
MED MINED124 [MINED124] requirements.txt: `compiledb` has no version pin: Unpinned pip requirement mea… requirements.txt:5
MED MINED124 [MINED124] requirements.txt: `codecheck` has no version pin: Unpinned pip requirement mea… requirements.txt:4
MED MINED124 [MINED124] requirements.txt: `botocore` has no version pin: Unpinned pip requirement mean… requirements.txt:3
MED MINED124 [MINED124] requirements.txt: `boto` has no version pin: Unpinned pip requirement means ev… requirements.txt:2
MED MINED124 [MINED124] requirements.txt: `autorepr` has no version pin: Unpinned pip requirement mean… requirements.txt:1
MED DKR002 Compose service `ts` image has no explicit tag troubleshoot/backend/docker/docker-comp…:17
MED DKR002 Compose service `PostgreSQL` image has no explicit tag src/postgres/third-party-extensions/pos…:4
MED DKR002 Compose service `fake-gcs-server` image has no explicit tag src/postgres/third-party-extensions/pg_…:66
MED DKR002 Compose service `webdav` image has no explicit tag src/postgres/third-party-extensions/pg_…:53
MED DKR002 Compose service `azurite` image has no explicit tag src/postgres/third-party-extensions/pg_…:41
MED DKR002 Compose service `minio` image has no explicit tag src/postgres/third-party-extensions/pg_…:26
MED DKR002 Dockerfile base image has no explicit tag src/postgres/third-party-extensions/pg_…:1
MED DKR002 Dockerfile base image has no explicit tag managed/devops/pex/Dockerfile:2
MED DKR002 Dockerfile base image has no explicit tag managed/devops/Dockerfile:4
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED WEB009 sitemap.xml is not valid XML docs/layouts/sitemap.xml
MED DKC015 Database service has no healthcheck troubleshoot/backend/docker/docker-comp…:3
MED DKC015 Database service has no healthcheck src/postgres/third-party-extensions/pos…:4
MED DKC015 Database service has no healthcheck managed/docker-compose.yml:42
MED DKC016 App service does not wait for database health src/postgres/third-party-extensions/pg_…:1
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/pgr…:21
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/pgr…:17
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/pg_…:23
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/pg_…:9
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/mag…:22
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/doc…:41
MED DKR009 Dockerfile separates apt update from install src/postgres/third-party-extensions/doc…:41
MED DKR018 Database dump or local database file is included in Docker build context .dockerignore
MED DKC014 Database data bind mount is inside the Docker build context src/postgres/third-party-extensions/pg_…:1
MED DKR015 Docker build context is very large .dockerignore
MED JRN002 Browser storage is used for session token material managed/ui/src/routes.jsx:100
MED JRN002 Browser storage is used for session token material managed/ui/src/config.js:29
MED JRN002 Browser storage is used for session token material managed/ui/src/components/restore/Globa…:55
MED JRN002 Browser storage is used for session token material managed/ui/src/components/profile/UserP…:40
MED JRN002 Browser storage is used for session token material managed/ui/src/components/common/forms/…:24
MED JRN002 Browser storage is used for session token material managed/ui/src/components/common/forms/…:28
MED JRN002 Browser storage is used for session token material managed/ui/src/actions/universe.js:855
MED JRN002 Browser storage is used for session token material managed/ui/src/actions/customers.js:216
MED JRN002 Browser storage is used for session token material managed/ui/src/actions/customers.js:212
MED DKR001 Docker final stage has no non-root USER troubleshoot/backend/docker/Dockerfile:11
MED DKR001 Docker final stage has no non-root USER src/yb/rocksdb/tools/Dockerfile:14
MED DKR001 Docker final stage has no non-root USER src/postgres/third-party-extensions/pos…:19
MED DKR001 Docker final stage has no non-root USER src/postgres/third-party-extensions/pgv…:2
MED DKR001 Docker final stage has no non-root USER src/postgres/third-party-extensions/mag…:37
MED DKR001 Docker final stage has no non-root USER src/odyssey/docker/dpkg/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER src/odyssey/docker/dev/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER src/odyssey/docker/Dockerfile:14
MED DKR001 Docker final stage has no non-root USER managed/yba-installer/integrationtests/…:1
MED DKR001 Docker final stage has no non-root USER managed/ui/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER managed/devops/pex/Dockerfile:2
MED DKR001 Docker final stage has no non-root USER .devcontainer/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER .cursor/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER .claude/Dockerfile:1
MED AIC001 Parallel implementation file sits beside a canonical file src/postgres/src/include/optimizer/geqo…:1
MED AIC001 Parallel implementation file sits beside a canonical file src/postgres/src/backend/utils/adt/tsqu…:1
MED AIC004 Suspicious implementation file appears unreferenced managed/src/main/java/db/migration/defa…:1
MED AIC004 Suspicious implementation file appears unreferenced managed/src/main/java/db/migration/defa…:1
MED AIC004 Suspicious implementation file appears unreferenced managed/src/main/java/db/migration/defa…:1
MED AIC004 Suspicious implementation file appears unreferenced managed/src/main/java/db/migration/defa…:1
MED DKC013 Database service has no persistent data volume src/postgres/third-party-extensions/pg_…:26
MED DKC013 Database service has no persistent data volume src/postgres/third-party-extensions/mag…:2
MED DKC005 Compose service adds dangerous Linux capabilities src/postgres/third-party-extensions/pg_…:1
MED AGT015 Remote install command pipes network code directly to a shell bin/configure_clockbound.sh:245
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. managed/devops/opscli/ybops/scripts/gen…:61
LOW AIC003 Duplicated implementation block across source files java/yb-client/src/main/java/org/yb/cli…:8
LOW AIC003 Duplicated implementation block across source files java/yb-client/src/main/java/org/yb/cli…:8
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/postgres/third-party-extensions/pg_…:18
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/postgres/third-party-extensions/pg_…:61
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/postgres/third-party-extensions/mag…:39
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/postgres/third-party-extensions/mag…:22
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/odyssey/docker/dpkg/Dockerfile:13
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/odyssey/docker/dev/Dockerfile:22
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/odyssey/docker/dev/Dockerfile:11
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/odyssey/docker/Dockerfile:35
LOW DKR010 Dockerfile leaves apt package indexes in the image layer src/odyssey/docker/Dockerfile:20
LOW DKC015 Database service has no healthcheck src/postgres/third-party-extensions/pg_…:1
LOW DKC015 Database service has no healthcheck src/postgres/third-party-extensions/mag…:2
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/pgr…:22
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/pgr…:18
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/pg_…:18
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/pg_…:61
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/pg_…:9
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/doc…:99
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/doc…:11
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/doc…:106
LOW DKR011 Dockerfile installs recommended OS packages src/postgres/third-party-extensions/doc…:11
LOW DKR012 Dockerfile keeps pip download cache managed/devops/pex/Dockerfile:19
LOW DKR012 Dockerfile keeps pip download cache docker/images/yugabyte/Dockerfile:90
LOW DKC016 App service does not wait for database health managed/docker-compose.yml:4
LOW AIC005 Duplicate top-level symbol appears in a patch-style file src/yb/yql/cql/ql/ptree/pt_update.h:1
LOW DKC010 Compose service lacks no-new-privileges hardening troubleshoot/backend/docker/docker-comp…:17
LOW DKC010 Compose service lacks no-new-privileges hardening src/postgres/third-party-extensions/pg_…:1
LOW DKC010 Compose service lacks no-new-privileges hardening src/odyssey/docker-compose.yml:40
LOW DKC010 Compose service lacks no-new-privileges hardening src/odyssey/docker-compose.yml:29
LOW DKC010 Compose service lacks no-new-privileges hardening src/odyssey/docker-compose.yml:15
LOW DKC010 Compose service lacks no-new-privileges hardening src/odyssey/docker-compose.yml:3
LOW DKC010 Compose service lacks no-new-privileges hardening managed/docker-compose.yml:77
LOW DKC010 Compose service lacks no-new-privileges hardening managed/docker-compose.yml:4
LOW DKC017 Database password is wired through an environment variable placeholder troubleshoot/backend/docker/docker-comp…:3
LOW DKC017 Database password is wired through an environment variable placeholder src/postgres/third-party-extensions/pos…:4
LOW DKC006 Compose service does not declare a runtime user troubleshoot/backend/docker/docker-comp…:17
LOW DKC006 Compose service does not declare a runtime user src/postgres/third-party-extensions/pg_…:1
LOW DKC006 Compose service does not declare a runtime user src/postgres/third-party-extensions/pg_…:1
LOW DKC006 Compose service does not declare a runtime user src/postgres/third-party-extensions/mag…:2
LOW DKC006 Compose service does not declare a runtime user src/odyssey/docker-compose.yml:40
LOW DKC006 Compose service does not declare a runtime user src/odyssey/docker-compose.yml:29
LOW DKC006 Compose service does not declare a runtime user src/odyssey/docker-compose.yml:15
LOW DKC006 Compose service does not declare a runtime user src/odyssey/docker-compose.yml:3
LOW DKC006 Compose service does not declare a runtime user managed/docker-compose.yml:77
LOW DKC006 Compose service does not declare a runtime user managed/docker-compose.yml:4
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `yugabyte/yugabyte-db`

**Score: 81/100 (B+)**  ·  487 findings  ·  scanned 2026-06-05 22:30 UTC  ·  2,186,613 LOC

| Severity | Count |
|---|---|
| CRITICAL | 30 |
| HIGH | 149 |
| MEDIUM | 154 |
| LOW | 89 |

📊 [Full filterable report](https://repobility.com/scan/1ef6c72a-4ac4-42c5-8abb-dfdbe54f196e/)  ·  ![scorecard](https://repobility.com/scan/1ef6c72a-4ac4-42c5-8abb-dfdbe54f196e/report.png?v=1780698601-s2)

### Top findings

1. **MEDIUM** `MINED109` — Mutable default argument in `ProcessFile` (list)
   `src/lint/cpplint.py:6367` · ✓ Repobility
2. **MEDIUM** `MINED109` — Mutable default argument in `ProcessFileData` (list)
   `src/lint/cpplint.py:6234` · ✓ Repobility
3. **MEDIUM** `MINED109` — Mutable default argument in `ProcessLine` (list)
   `src/lint/cpplint.py:6083` · ✓ Repobility
4. **MEDIUM** `MINED109` — Mutable default argument in `process_pdf_data` (dict)
   `python/ai/rag_agent/pdf_processing/process_pdf.py:186` · ✓ Repobility
5. **MEDIUM** `MINED109` — Mutable default argument in `stream_partition_and_chunk` (dict)
   `python/ai/rag_agent/rag_pipeline/partition_chunk_pipeline.py:86` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/1ef6c72a-4ac4-42c5-8abb-dfdbe54f196e/_
Megaproject â high spam risk
Could not determine 'yugabyte/yugabyte-db' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.