microsoft/VibeVoice

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

62 of your 86 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Upstream (GitHub) caused delay on this scan — not Repobility.

GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
Clone from GitHub took 132.35s for a 149.4 MB repo slow.
Repobility's analysis ran in 1.12s after the clone landed.

https://github.com/microsoft/VibeVoice.git · scanned 2026-05-24 01:24 UTC (2 weeks, 6 days ago) · 10 languages

216 raw signals (80 security + 136 graph) 11/13 scanners ran 42nd percentile · Python · small (2-20K LoC) System graph score 92 (lower by 28)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 6 days ago · v2 · 75 actionable findings from 2 signal sources. 73 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

88.9% cov · 53 findings

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	75.0	0.15	11.25
`security_score`	100.0	0.25	25.00
`testing_score`	13.0	0.20	2.60
`documentation_score`	95.0	0.15	14.25
`practices_score`	40.0	0.15	6.00
`code_quality`	45.0	0.10	4.50
Overall		1.00	63.6

security_score may be inflated — optional security scanners were skipped on this fast scan

Severity distribution — click a segment to filter

Active filters: severity: high × excluding tests × Reset all

Severity: Critical 0 High 11 Medium 11 Low 39 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 22 System graph 53 Crowd 0 Layer: Quality 35 Security 13 Software 23 Frontend 1 Cicd 1 Api 2

Exclude dismissed / FP Exclude test files

Scan summary Quality grade C+ (64/100). Dimensions: security 100, maintainability 75. 80 findings (2 security). 17,165 lines analyzed.

Showing 11 of 75 actionable findings. 148 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.

Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.

4 files, 25 locations

demo/realtime_model_inference_from_file.py:36, 37, 41, 51, 54, 57, 58, 62, +5 more (13 hits)

vllm_plugin/model.py:339, 481, 498, 539, 576, 614, 637, 654, +1 more (9 hits)

demo/vibevoice_asr_inference_from_file.py:147, 240 (2 hits)

finetuning-asr/lora_finetune.py:305

high System graph security security conf 1.00 Insecure pattern 'eval_used' in demo/realtime_model_inference_from_file.py:218