← Back to scan
File as GitHub Issue repo: volcengine/OpenViking

Push this scan report to volcengine/OpenViking

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Phantom test coverage — test files without real assertions

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_port_check.py:29
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_code_parser.py:147
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_code_parser.py:115
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_code_parser.py:69
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_code_parser.py:17
HIGH TEST001 Phantom test coverage — test files without real assertions tests/misc/test_config_validation.py:160
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… benchmark/RAG/scripts/download_dataset.…:121
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … benchmark/custom/session_contention_ben…:863
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… openviking_cli/rust_cli.py:63
MED DKR003 Compose service `openviking` image uses the latest tag docker-compose.yml:15
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR002 Compose service `minio` image has no explicit tag bot/deploy/docker/langfuse/docker-compo…:108
MED DKR002 Compose service `clickhouse` image has no explicit tag bot/deploy/docker/langfuse/docker-compo…:87
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED AIC003 Duplicated implementation block across source files openviking/eval/ragas/play_recorder.py:175
MED AIC003 Duplicated implementation block across source files crates/ragfs/src/plugins/sqlfs/mod.rs:23
MED AIC003 Duplicated implementation block across source files crates/ragfs/src/plugins/sqlfs/cache.rs:139
MED AIC003 Duplicated implementation block across source files crates/ragfs/src/plugins/serverinfofs/m…:249
MED AIC003 Duplicated implementation block across source files crates/ragfs/src/core/plugin.rs:81
MED AIC003 Duplicated implementation block across source files crates/ragfs/src/core/mountable.rs:245
MED AIC003 Duplicated implementation block across source files bot/vikingbot/providers/openai_compatib…:48
MED AIC003 Duplicated implementation block across source files bot/vikingbot/openviking_mount/viking_f…:68
MED AIC003 Duplicated implementation block across source files bot/vikingbot/openviking_mount/viking_f…:67
MED AIC003 Duplicated implementation block across source files bot/vikingbot/openviking_mount/fuse_sim…:9
MED AIC003 Duplicated implementation block across source files bot/vikingbot/openviking_mount/fuse_sim…:9
MED AIC003 Duplicated implementation block across source files bot/vikingbot/openviking_mount/fuse_pro…:9
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:67
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:21
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:95
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:792
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:788
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:242
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-server/pkg/plugin…:241
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-shell/agfs_shell/…:2141
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-shell/agfs_shell/…:2140
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-shell/agfs_shell/…:43
MED QUAL003 Magic number used as default arg third_party/agfs/agfs-shell/agfs_shell/…:22
MED QUAL003 Magic number used as default arg tests/cli/test_cli.py:31
MED QUAL003 Magic number used as default arg openviking/session/session.py:342
MED QUAL003 Magic number used as default arg openviking/session/session.py:341
MED TEST002 Function is stub-only (pass/raise NotImplementedError) third_party/agfs/agfs-shell/agfs_shell/…:113
MED TEST002 Function is stub-only (pass/raise NotImplementedError) third_party/agfs/agfs-shell/agfs_shell/…:235
MED TEST002 Function is stub-only (pass/raise NotImplementedError) third_party/agfs/agfs-shell/agfs_shell/…:75
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_edge_cases.py:563
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_edge_cases.py:554
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_edge_cases.py:551
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_upload_utils.py:514
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_upload_utils.py:502
MED TEST002 Function is stub-only (pass/raise NotImplementedError) tests/test_upload_utils.py:479
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/models/embedder/openai_embed…:176
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/models/embedder/openai_embed…:173
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/models/embedder/openai_embed…:167
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/models/embedder/openai_embed…:157
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/models/embedder/openai_embed…:151
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/store/store…:119
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/store/store…:15
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/meta/dict.py:67
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/index/local…:308
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:135
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:273
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:56
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:43
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:39
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:35
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:31
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:27
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:23
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:19
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:15
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:11
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:917
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:881
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:148
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:132
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:115
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:112
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/storage/vectordb/collection/…:109
MED TEST002 Function is stub-only (pass/raise NotImplementedError) openviking/parse/parsers/directory.py:248
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:1011
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:691
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:669
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:658
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:784
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:741
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:731
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:679
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:194
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:856
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:813
MED ERRH002 Bare except — overly broad /tank0/claude-archive/community/volceng…:762
MED LOG001 PII printed to stdout/stderr tests/misc/test_config_validation.py:111
MED CORS001 CORS misconfiguration — wildcard Access-Control-Allow-Origin openviking/server/app.py:96
MED CORS001 CORS misconfiguration — wildcard Access-Control-Allow-Origin openviking/server/config.py:65
MED CORS001 CORS misconfiguration — wildcard Access-Control-Allow-Origin openviking/server/config.py:23
MED SUPC002 Supply chain — npm install without lockfile third_party/agfs/agfs-shell/webapp/setu…:31
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking_cli/utils/rerank.py:114
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking_cli/utils/downloader.py:25
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking_cli/cli/commands/resources.py:29
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/utils/media_processor.py:73
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/utils/code_hosting_utils.py:26
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/models/vlm/backends/openai_v…:128
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/models/vlm/backends/volcengi…:183
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/models/vlm/backends/litellm_…:173
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/storage/vectordb/collection/…:92
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/storage/vectordb/collection/…:67
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/storage/vectordb/collection/…:42
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/storage/viking_vector_index_…:176
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/storage/viking_vector_index_…:175
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/code/code.py:458
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/code/code.py:273
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/code/code.py:242
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/code/code.py:203
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/code/code.py:114
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint openviking/parse/parsers/html.py:253
MED DKR001 Docker final stage has no non-root USER bot/deploy/docker/Dockerfile:4
MED DKR001 Docker final stage has no non-root USER bot/deploy/Dockerfile:1
MED DKR001 Docker final stage has no non-root USER Dockerfile:86
MED AIC001 Parallel implementation file sits beside a canonical file openviking/session/compressor_v2.py:1
MED SEC017 [SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external … benchmark/RAG/src/adapters/qasper_adapt…:379
MED SEC017 [SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external … benchmark/RAG/src/adapters/syllabusqa_a…:464
MED AGT007 localStorage write failures are swallowed silently openviking/console/static/app.js:161
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 44.0% of discovered …
MED AGT014 Codex auth.json is read or copied without visible secret-file hardening openviking/models/vlm/backends/codex_au…:84
MED AUC012 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /…
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/pending_health_server.py:26
MED AGT012 Agent control bridge may listen on a network interface without visible auth bot/demo/werewolf/werewolf_server.py:8
MED AGT015 Remote install command pipes network code directly to a shell npm/cli/README.md:19
MED AGT015 Remote install command pipes network code directly to a shell examples/cloud/GUIDE.md:616
MED AGT015 Remote install command pipes network code directly to a shell docs/zh/getting-started/03-quickstart-s…:227
MED AGT015 Remote install command pipes network code directly to a shell bot/README_CN.md:31
MED AGT015 Remote install command pipes network code directly to a shell CONTRIBUTING_JA.md:51
MED AGT015 Remote install command pipes network code directly to a shell CONTRIBUTING_CN.md:51
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/oauth/router.py:407
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/routers/sessions.py:252
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/routers/sessions.py:219
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/routers/sessions.py:197
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/routers/sessions.py:176
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/server/routers/relations.py:67
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … openviking/console/app.py:324
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … bot/vikingbot/channels/openapi.py:398
MED AGT013 Agent auto-approve or skip-permissions mode is easy to enable bot/workspace/skills/tmux/SKILL.md:81
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:268
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:264
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:260
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:256
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:252
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:245
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:238
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:234
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… openviking/console/app.py:230
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… bot/vikingbot/channels/openapi.py:384
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. bot/workspace/skills/opencode/opencode_…:16
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:734
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:665
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:524
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:523
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:516
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:202
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:312
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:423
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:393
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:391
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:377
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/pkg/plugin…:325
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/cmd/server…:155
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/cmd/server…:148
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/config.yaml:140
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-server/config.exa…:140
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/agfs_shell/…:81
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/agfs_shell/…:26
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/agfs_shell/…:84
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/agfs_shell/…:616
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/agfs_shell/…:1999
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-shell/build.py:287
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-sdk/go/client_tes…:252
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-sdk/go/client_tes…:251
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-sdk/go/client_tes…:247
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint third_party/agfs/agfs-sdk/go/client_tes…:246
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint tests/server/conftest.py:96
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint tests/server/test_admin_api.py:45
MED CRYP001 Crypto — plaintext HTTP for sensitive endpoint tests/server/test_auth.py:50
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… bot/demo/werewolf/werewolf_server.py:358
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… openviking_cli/setup_wizard.py:802
LOW QUAL005 Cluster of TODOs in one file tests/vectordb/test_filter_ops.py:1096
LOW QUAL005 Cluster of TODOs in one file openviking/parse/parsers/code/code.py:459
LOW DKR012 Dockerfile keeps pip download cache bot/deploy/docker/Dockerfile:48
LOW DKR012 Dockerfile keeps pip download cache bot/deploy/docker/Dockerfile:28
LOW DKR012 Dockerfile keeps pip download cache bot/deploy/Dockerfile:56
LOW DKR012 Dockerfile keeps pip download cache bot/deploy/Dockerfile:37
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:15
LOW DKC010 Compose service lacks no-new-privileges hardening bot/deploy/docker/langfuse/docker-compo…:87
LOW DKC010 Compose service lacks no-new-privileges hardening bot/deploy/docker/langfuse/docker-compo…:68
LOW DKC010 Compose service lacks no-new-privileges hardening bot/deploy/docker/langfuse/docker-compo…:6
LOW DKC011 Database service publishes a loopback host port bot/deploy/docker/langfuse/docker-compo…:145
LOW DKC011 Database service publishes a loopback host port bot/deploy/docker/langfuse/docker-compo…:129
LOW DKC011 Database service publishes a loopback host port bot/deploy/docker/langfuse/docker-compo…:87
LOW DKC006 Compose service does not declare a runtime user docker-compose.yml:15
LOW DKC006 Compose service does not declare a runtime user bot/deploy/docker/langfuse/docker-compo…:68
LOW DKC006 Compose service does not declare a runtime user bot/deploy/docker/langfuse/docker-compo…:6
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `volcengine/OpenViking`

**Score: 52/100 (C+)**  ·  351 findings  ·  scanned 2026-05-15 07:29 UTC  ·  342,990 LOC

| Severity | Count |
|---|---|
| CRITICAL | 9 |
| HIGH | 140 |
| MEDIUM | 178 |
| LOW | 16 |

📊 [Full filterable report](https://repobility.com/scan/38867b29-108b-4571-8f96-6b04632ee2b9/)  ·  ![scorecard](https://repobility.com/scan/38867b29-108b-4571-8f96-6b04632ee2b9/report.png?v=1778830157-s2)

### Top findings

1. **HIGH** `TEST001` — Phantom test coverage — test files without real assertions
   `tests/misc/test_port_check.py:29`
2. **HIGH** `TEST001` — Phantom test coverage — test files without real assertions
   `tests/misc/test_code_parser.py:147`
3. **HIGH** `TEST001` — Phantom test coverage — test files without real assertions
   `tests/misc/test_code_parser.py:115`
4. **HIGH** `TEST001` — Phantom test coverage — test files without real assertions
   `tests/misc/test_code_parser.py:69`
5. **HIGH** `TEST001` — Phantom test coverage — test files without real assertions
   `tests/misc/test_code_parser.py:17`

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/38867b29-108b-4571-8f96-6b04632ee2b9/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 24 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'volcengine/OpenViking' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
173/351 findings (49%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.