Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

ghc/ghc

https://github.com/ghc/ghc.git · scanned 2026-05-16 13:30 UTC (3 weeks, 3 days ago) · 10 languages

249 raw signals (9 security + 240 graph) 8/10 scanners ran 21st percentile · C · medium (20-100K LoC) System graph score 84 (lower by 30)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 3 weeks, 3 days ago · v2 · 6 actionable findings from 1 signal source. 2 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
74.1
/100
Security checks
65
6 findings
System graph
84
100.0% cov · 0 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 1 Medium 1 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 6 System graph 0 Crowd 0 Layer: Quality 3 Security 1 Software 2
Scan summary Quality grade C- (54/100). Dimensions: security 100, maintainability 40. 9 findings (1 security). 72,479 lines analyzed.

Showing 4 of 6 actionable findings. 8 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks software Resource exhaustion conf 1.00 [SEC035] Unbounded Resource Allocation — DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants.
Cap user-controlled sizes BEFORE allocation: size = min(int(request.args.get('n', 100)), MAX_SIZE) Set framework-level limits: Flask: app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 FastAPI: use middleware to enforce request size Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py …
docs/users_guide/conf.py:312
medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
low Security checks security Deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
.gitlab/rel_eng/upload_ghc_libs.py:258
low Security checks quality Quality conf 0.60 3 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
3 files, 3 locations
hadrian/bindist/cwrappers/cwrapper.c:1
hadrian/bindist/cwrappers/getLocation.c:1
rts/adjustor/NativeAmd64Mingw.c:20
duplicationquality
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/2375b6d0-a6b1-42a0-92ae-4a23b5c8f9ee/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/2375b6d0-a6b1-42a0-92ae-4a23b5c8f9ee/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.