Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 1.65s · analysis 11.79s · 0.6 MB · GitHub preflight 459ms

Fail2BanEntreprise

https://github.com/Maher-Amara/Fail2BanEntreprise · scanned 2026-06-04 04:06 UTC (1 day, 4 hours ago) · 10 languages

131 findings (71 legacy + 60 scanner) 0th percentile · Typescript · small (2-20K LoC) Scanner says 93 (lower by 63)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 day, 4 hours ago · v3 · 91 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
60.8
/100
Repobility
29
71 legacy
9-layer
93
100.0% cov · 20 gaps
Critical
5
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 55.0 0.15 8.25
security_score 0.8 0.25 0.20
testing_score 0.0 0.20 0.00
documentation_score 41.0 0.15 6.15
practices_score 50.0 0.15 7.50
code_quality 78.4 0.10 7.84
Overall 1.00 29.9
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 5 High 42 Medium 22 Low 12 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 71 9-layer 20 Crowd 0 Layer: Software 28 Quality 31 Security 20 Cicd 6 Api 1 Frontend 2 Hardware 3
Scan summary Repository scanned at 93.1/100 with 100.0% coverage. It contains 280 nodes across 8 cross-layer flows, written primarily in mixed languages. Engine surfaced 20 findings — concentrated in quality (11), hardware (3), software (2). Risk profile is low: 0 critical, 0 high, 8 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 81 of 91 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Legacy security credential_exposure conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
.env.example:28 credential_exposurelegacy
critical Legacy security credential_exposure conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
.env.example:16 credential_exposurelegacy
critical Legacy security credential_exposure conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
.env.example:12 credential_exposurelegacy
critical Legacy security credential_exposure conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
.env.example:11 credential_exposurelegacy
critical Legacy security credential_exposure conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
.env.example:7 credential_exposurelegacy
high Legacy cicd docker conf 0.92 Dockerfile copies the entire context without .dockerignore
COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts.
web/Dockerfile:22 dockerlegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:trixie` not pinned by digest
`FROM node:trixie` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
web/Dockerfile:30 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:trixie` not pinned by digest
`FROM node:trixie` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
web/Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-267c-6grr-h53f
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-26hh-7cqf-hhc6
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-36qx-fr4f-26g5
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-492v-c6pp-mqqv
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-8h8q-6873-q5fj
Next.js Vulnerable to Denial of Service with Server Components
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-c4j6-fc7j-m34r
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-mg66-mrh9-m8jx
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 next: GHSA-q4gf-8mx6-v5v3
Next.js has a Denial of Service with Server Components
web/package-lock.json dependencylegacy
high Legacy software dependency conf 0.88 picomatch: GHSA-c2c7-rcm5-vvqj
Picomatch has a ReDoS vulnerability via extglob quantifiers
web/package-lock.json dependencylegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
web/app/setup/page.tsx:108 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
web/app/login/page.tsx:84 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
web/app/invite/[token]/page.tsx:79 authlegacy
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
authlegacy
high Legacy security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /unban/route.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /unban/route.
web/app/api/unban/route.ts:8 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /servers/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /servers/route.
web/app/api/servers/route.ts:32 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dashboard/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /dashboard/route.
web/app/api/dashboard/route.ts:4 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /intel/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /intel/route.
web/app/api/intel/route.ts:6 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /me/route.
web/app/api/me/route.ts:4 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /unban-me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /unban-me/route.
web/app/api/unban-me/route.ts:5 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /whitelist/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /whitelist/route.
web/app/api/whitelist/route.ts:11 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /servers/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /servers/route.
web/app/api/servers/route.ts:13 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /unban-me/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /unban-me/route.
web/app/api/unban-me/route.ts:24 authlegacy
high Legacy security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /whitelist/route.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /whitelist/route.
web/app/api/whitelist/route.ts:25 authlegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
web/app/login/page.tsx:18 error_handlinglegacy
medium Legacy software dependency conf 0.88 brace-expansion: GHSA-f886-m6hf-6m8v
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.88 brace-expansion: GHSA-jxxr-4gwj-5jf2
brace-expansion: Large numeric range defeats documented `max` DoS protection
web/package-lock.json dependencylegacy
medium Legacy cicd docker conf 0.94 Compose service `cloudflared` image uses the latest tag
The latest tag is mutable and can change without a code review, producing different images from the same source.
docker-compose.yml:41 dockerlegacy
medium Legacy cicd docker conf 0.86 Database dump or local database file is included in Docker build context
Database exports and local database files can contain production data, credentials, or large binary payloads that slow Docker builds and can be copied into images by broad COPY instructions.
.dockerignore dockerlegacy
medium Legacy cicd docker conf 0.90 Docker build context has no .dockerignore
Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.
.dockerignore dockerlegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/servers/page.tsx:53 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/servers/page.tsx:39 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/servers/page.tsx:33 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/servers/page.tsx:26 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/profile/page.tsx:18 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:231 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:226 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:220 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:211 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:205 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:199 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:194 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/page.tsx:187 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/invite/[token]/page.tsx:32 qualitylegacy
high Legacy quality quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
web/app/invite/[token]/page.tsx:18 qualitylegacy
medium Legacy software dependency conf 0.88 next: GHSA-ffhc-5mcf-pf4q
Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.88 next: GHSA-gx5p-jg67-6x7h
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.88 next: GHSA-h64f-5h5j-jqjh
Next.js has a Denial of Service in the Image Optimization API
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.88 next: GHSA-wfc6-r584-vfw7
Next.js vulnerable to cache poisoning in React Server Component responses
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.90 npm package `@types/bcryptjs` is 1 major version(s) behind (2.4.6 -> 3.0.0)
`@types/bcryptjs` is pinned/resolved at 2.4.6 but the latest stable release on the npm registry is 3.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json dependencylegacy
medium Legacy software dependency conf 0.88 picomatch: GHSA-3v7f-55p6-f55p
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
web/package-lock.json dependencylegacy
medium Legacy software dependency conf 0.88 postcss: GHSA-qx2v-qp2m-jg93
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
web/package-lock.json dependencylegacy
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — web/app/components/NavHeader.tsx:21
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — web/app/invite/[token]/page.tsx:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — web/app/page.tsx:187
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — web/app/servers/page.tsx:26
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — web/app/users/page.tsx:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — agent/agent.py:180
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer cicd coverage conf 1.00 No CI/CD pipelines detected
No GitHub Actions, GitLab CI, or CircleCI configs found. Without CI you can't gate deploys on tests/lints.
coverage
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 41 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
testscoverage
low Legacy security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
authlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker-compose.yml:13 dockerlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
web/app/setup/page.tsx:75 qualitylegacy
low Legacy software dependency conf 0.88 next: GHSA-3g8h-86w9-wvmq
Next.js's Middleware / Proxy redirects can be cache-poisoned
web/package-lock.json dependencylegacy
low Legacy software dependency conf 0.88 next: GHSA-vfv6-92ff-j949
Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
web/package-lock.json dependencylegacy
low Legacy quality documentation No LICENSE file
Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).
documentationlegacy
low Legacy software dependency conf 0.90 npm package `better-sqlite3` is minor version(s) behind (12.8.0 -> 12.10.0)
`better-sqlite3` is pinned/resolved at 12.8.0 but the latest stable release on the npm registry is 12.10.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json dependencylegacy
low Legacy software dependency conf 0.90 npm package `ioredis` is minor version(s) behind (5.10.1 -> 5.11.0)
`ioredis` is pinned/resolved at 5.10.1 but the latest stable release on the npm registry is 5.11.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json dependencylegacy
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:trixie
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
web/Dockerfile:1 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:trixie
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
web/Dockerfile:30 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/next-env.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/next.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — web/lib/startup.ts:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/22571c91-55ad-4884-818b-d252be90b564/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/22571c91-55ad-4884-818b-d252be90b564/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.