Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Top 5 patterns to fix first

Sorted by anomaly — patterns where this repo ranks worst against the corpus, weighted by severity. Fixing these brings the biggest improvement to your corpus percentile.

high 90th percentile (worse) self.attribute used but never assigned in __init__
25 instances in this repo · corpus median for python repos: 4 · seen in src/flask/config.py:124, src/flask/wrappers.py:206, src/flask/wrappers.py:205, …
high 75th percentile (worse) Phantom test coverage (assertion-free test)
25 instances in this repo · corpus median for python repos: 8 · seen in tests/test_cli.py:217, tests/test_config.py:132, tests/test_config.py:110, …
medium below median Bare except continues silently
4 instances in this repo · corpus median for python repos: 2 · seen in src/flask/cli.py:650, src/flask/cli.py:956, src/flask/app.py:1598, …
high top 10% FastAPI POST/PUT/DELETE/PATCH endpoint without auth
6 instances in this repo · corpus median for python repos: 63 · seen in examples/celery/src/task_app/views.py:30, examples/celery/src/task_app/views.py:36, examples/celery/src/task_app/views.py:22, …
high top 10% Weak Crypto
1 instance in this repo · corpus median for python repos: 4 · seen in src/flask/sessions.py:277
70 of your 88 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 1.89s · analysis 2.23s · 1.8 MB · GitHub preflight 425ms

pallets/flask

https://github.com/pallets/flask.git · scanned 2026-05-19 19:33 UTC (2 weeks, 2 days ago) · 10 languages

640 findings (88 legacy + 552 scanner) 94th percentile · Python · small (2-20K LoC) Scanner says 68 (higher by 20)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 2 days ago · v8 · 157 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
80.1
/100
Repobility
93
88 legacy
9-layer
68
88.9% cov · 69 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 100.0 0.15 15.00
security_score 90.4 0.25 22.60
testing_score 100.0 0.20 20.00
documentation_score 73.0 0.15 10.95
practices_score 82.0 0.15 12.30
code_quality 64.0 0.10 6.40
Overall 1.00 87.2
Severity distribution — click a segment to filter
Active filters: layer: software × excluding tests × Reset all
Severity: Critical 0 High 64 Medium 9 Low 63 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 88 9-layer 69 Crowd 0 Layer: Quality 108 Security 10 Software 23 Frontend 1 Cicd 1 Api 14
Scan summary Repository scanned at 67.7/100 with 88.9% coverage. It contains 1513 nodes across 14 cross-layer flows, written primarily in mixed languages. Engine surfaced 69 findings — concentrated in quality (25), software (23), api (14). Risk profile is high: 0 critical, 3 high, 3 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 23 of 157 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: examples/celery/make_celery.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/flask/__main__.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/flask/signals.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/flask/typing.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_apps/cliapp/app.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_apps/cliapp/importerrorapp.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_apps/cliapp/inner1/inner2/flask.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_apps/cliapp/multiapp.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_apps/helloworld/wsgi.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code conf 1.00 Possibly dead Python function: close_db
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
examples/tutorial/flaskr/db.py:23 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: from_blueprint
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/blueprints.py:664 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: github_link
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/conf.py:72 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: has_app_context
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/ctx.py:235 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: open_instance_resource
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/app.py:447 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: register_template_filter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/blueprints.py:492 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: register_template_global
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/blueprints.py:608 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: register_template_test
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/blueprints.py:550 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: select_jinja_autoescape
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/app.py:533 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: setup
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docs/conf.py:100 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/ctx.py:201 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/app.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/blueprints.py:240 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapper_func
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/flask/sansio/scaffold.py:45 dead-code
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/236d5297-cc82-4271-839f-d82abeafbe5c/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/236d5297-cc82-4271-839f-d82abeafbe5c/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.