Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 1.65s · analysis 11.79s · 0.6 MB · GitHub preflight 459ms

Maher-Amara/Fail2BanEntreprise

https://github.com/Maher-Amara/Fail2BanEntreprise · scanned 2026-06-04 04:06 UTC (1 week, 2 days ago) · 10 languages

131 raw signals (71 security + 60 graph) 0th percentile · Typescript · small (2-20K LoC) System graph score 93 (lower by 63)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 2 days ago · v3 · 69 actionable findings from 2 signal sources. 22 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
60.8
/100
Security checks
29
50 findings
System graph
93
100.0% cov · 19 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 55.0 0.15 8.25
security_score 0.8 0.25 0.20
testing_score 0.0 0.20 0.00
documentation_score 41.0 0.15 6.15
practices_score 50.0 0.15 7.50
code_quality 78.4 0.10 7.84
Overall 1.00 29.9
Severity distribution — click a segment to filter
Active filters: severity: high × excluding tests × Reset all
Severity: Critical 1 High 24 Medium 22 Low 12 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 50 System graph 19 Crowd 0 Layer: Software 27 Quality 17 Security 14 Cicd 6 Api 1 Frontend 2 Hardware 2
Scan summary Quality grade F (30/100). Dimensions: security 1, maintainability 55. 71 findings (34 security). 3,690 lines analyzed.

Showing 24 of 69 actionable findings. 91 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks cicd CI/CD security conf 0.92 Dockerfile copies the entire context without .dockerignore
COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts.
web/Dockerfile:22 CI/CD securitycontainers
high Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences Dockerfile FROM `node:trixie` not pinned by digest
`FROM node:trixie` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
lines 1, 30
web/Dockerfile:1, 30 (2 hits)
high Security checks software dependencies conf 0.88 next: GHSA-267c-6grr-h53f
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-26hh-7cqf-hhc6
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-36qx-fr4f-26g5
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-492v-c6pp-mqqv
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-8h8q-6873-q5fj
Next.js Vulnerable to Denial of Service with Server Components
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-c4j6-fc7j-m34r
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-mg66-mrh9-m8jx
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-q4gf-8mx6-v5v3
Next.js has a Denial of Service with Server Components
web/package-lock.json
high Security checks software dependencies conf 0.88 picomatch: GHSA-c2c7-rcm5-vvqj
Picomatch has a ReDoS vulnerability via extglob quantifiers
web/package-lock.json
high Security checks security auth conf 0.83 3 occurrences Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
3 files, 3 locations
web/app/invite/[token]/page.tsx:79
web/app/login/page.tsx:84
web/app/setup/page.tsx:108
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /unban/route.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /unban/route.
web/app/api/unban/route.ts:8
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /servers/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /servers/route.
web/app/api/servers/route.ts:32
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dashboard/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dashboard/route.
web/app/api/dashboard/route.ts:4
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /intel/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /intel/route.
web/app/api/intel/route.ts:6
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /me/route.
web/app/api/me/route.ts:4
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /unban-me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /unban-me/route.
web/app/api/unban-me/route.ts:5
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /whitelist/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /whitelist/route.
web/app/api/whitelist/route.ts:11
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /servers/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /servers/route.
web/app/api/servers/route.ts:13
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /unban-me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /unban-me/route.
web/app/api/unban-me/route.ts:24
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /whitelist/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /whitelist/route.
web/app/api/whitelist/route.ts:25
high Security checks quality Quality conf 0.74 15 occurrences Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
4 files, 15 locations
web/app/page.tsx:187, 194, 199, 205, 211, 220, 226, 231 (8 hits)
web/app/servers/page.tsx:26, 33, 39, 53 (4 hits)
web/app/invite/[token]/page.tsx:18, 32 (2 hits)
web/app/profile/page.tsx:18
high Security checks cicd CI/CD security conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker-compose.yml:13 CI/CD securitycontainers
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/22571c91-55ad-4884-818b-d252be90b564/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/22571c91-55ad-4884-818b-d252be90b564/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.