Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
137 of your 372 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 6.02s · analysis 48.24s · 23.2 MB · GitHub API rate-limit (preflight)

opensearch-project/opensearch-migrations

https://github.com/opensearch-project/opensearch-migrations · scanned 2026-06-05 22:54 UTC (1 week, 2 days ago) · 10 languages

790 raw signals (332 security + 458 graph) 7th percentile · Java · large (100-500K LoC) System graph score 68 (lower by 3)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 2 days ago · v2 · 350 actionable findings from 2 signal sources. 186 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
55.9
/100
Security checks
44
147 findings
System graph
68
100.0% cov · 203 findings
Critical
16
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 28.0 0.25 7.00
testing_score 100.0 0.20 20.00
documentation_score 91.0 0.15 13.65
practices_score 97.0 0.15 14.55
code_quality 36.6 0.10 3.66
Overall 1.00 64.9
Severity distribution — click a segment to filter
Active filters: layer: software × excluding tests × Reset all
Severity: Critical 16 High 76 Medium 32 Low 137 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 147 System graph 203 Crowd 0 Layer: Software 135 Cicd 25 Security 17 Quality 127 Api 1 Frontend 32 Network 1 Hardware 12
Scan summary Quality grade C+ (65/100). Dimensions: security 28, maintainability 40. 332 findings (70 security). 306,674 lines analyzed.

Showing 127 of 350 actionable findings. 536 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks software dependencies conf 0.90 ✓ Repobility GHA script injection via github.event.pull_request.head.ref in run-step
Multi-line `run: |` block interpolates ${{ github.event.pull_request.head.ref }} into shell. PR title/body/branch/comment fields are attacker-controllable.
.github/workflows/sanitize-repo-details.yml:27
critical Security checks software dependencies conf 0.88 vitest: GHSA-5xrq-8626-4rwp
When Vitest UI server is listening, arbitrary file can be read and executed
TrafficCapture/SolrTransformations/transforms/package-lock.json
high Security checks software dependencies conf 0.90 ✓ Repobility Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo
`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (43,583 bytes) committed to a repo that otherwise has 1701 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
gradle/wrapper/gradle-wrapper.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility 5 occurrences Dockerfile FROM `golang:1.26-alpine` not pinned by digest
`FROM golang:1.26-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
4 files, 5 locations
AIAdvisor/opensearch-pricing-calculator/Dockerfile:1, 20 (2 hits)
AIAdvisor/skills/solr-opensearch-migration-advisor/setup/docker/claude/Dockerfile:1
custom-solr-images/dockerfiles/Dockerfile:1
dev-tools/jenkinsdocker/Dockerfile:1
high Security checks software dependencies conf 0.88 github.com/go-chi/chi/v5: GO-2026-4316
Open redirect vulnerability in the RedirectSlashes middleware in github.com/go-chi/chi
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: GO-2026-4985
Oversized OTLP HTTP response bodies can cause memory exhaustion in go.opentelemetry.io/otel/exporters/otlp
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-4559
Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5025
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5026
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5027
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5028
Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5029
Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5030
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/sys: GO-2026-5024
Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-175
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no docu…
AIAdvisor/skills/solr-opensearch-migration-advisor/uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-177
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited out…
AIAdvisor/skills/solr-opensearch-migration-advisor/uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-178
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b…
AIAdvisor/skills/solr-opensearch-migration-advisor/uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-179
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secre…
AIAdvisor/skills/solr-opensearch-migration-advisor/uv.lock
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4864
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4865
JsBraceDepth Context Tracking Bugs (XSS) in html/template
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4866
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4869
Unbounded allocation for old GNU sparse in archive/tar
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4870
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4946
Inefficient policy validation in crypto/x509
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4947
Unexpected work during chain building in crypto/x509
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4971
Panic in Dial and LookupPort when handling NUL byte on Windows in net
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4976
ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4977
Quadratic string concatenation in consumePhrase in net/mail
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4980
Escaper bypass leads to XSS in html/template
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4981
Crash when handling long CNAME response in net
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4982
Bypass of meta content URL escaping causes XSS in html/template
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-4986
Quadratic string concatentation in consumeComment in net/mail
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5037
Inefficient candidate hostname parsing in crypto/x509
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5038
Quadratic complexity in WordDecoder.DecodeHeader in mime
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 stdlib: GO-2026-5039
Arbitrary inputs are included in errors without any escaping in net/textproto
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.88 urllib3: PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
migrationConsole/cluster_tools/Pipfile.lock
high Security checks software dependencies conf 0.88 urllib3: PYSEC-2026-142
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.dr…
migrationConsole/cluster_tools/Pipfile.lock
high Security checks software dependencies conf 0.90 ✓ Repobility 7 occurrences Workflow container/services image `sonarqube:25.10.0.114319-community` unpinned
`container/services image: sonarqube:25.10.0.114319-community` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
3 files, 7 locations
.github/workflows/release-drafter.yml:144, 149, 154, 159, 164 (5 hits)
.github/workflows/CI.yml:415
.github/workflows/generate-workflow-schema.yaml:45
medium Security checks software dependencies conf 0.88 brace-expansion: GHSA-f886-m6hf-6m8v
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
TrafficCapture/SolrTransformations/transforms/package-lock.json
medium Security checks software dependencies conf 0.88 brace-expansion: GHSA-jxxr-4gwj-5jf2
brace-expansion: Large numeric range defeats documented `max` DoS protection
TrafficCapture/SolrTransformations/transforms/package-lock.json
medium Security checks software dependencies conf 0.88 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream: GHSA-xmrv-pmrh-hhx2
Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
AIAdvisor/opensearch-pricing-calculator/go.mod
high Security checks software dependencies conf 0.90 2 occurrences npm package `@eslint/js` is 1 major version(s) behind (9.39.1 -> 10.0.1)
`@eslint/js` is pinned/resolved at 9.39.1 but the latest stable release on the npm registry is 10.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
deployment/cdk/opensearch-service-migration/package.json
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 npm package `globals` is 3 major version(s) behind (14.0.0 -> 17.6.0)
`globals` is pinned/resolved at 14.0.0 but the latest stable release on the npm registry is 17.6.0 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 npm package `jest-junit` is 1 major version(s) behind (16.0.0 -> 17.0.0)
`jest-junit` is pinned/resolved at 16.0.0 but the latest stable release on the npm registry is 17.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
transformation/standardJavascriptTransforms/package.json
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
bootstrap-kiro-agent.sh:6
high Security checks software dependencies conf 0.90 npm package `@aws-cdk/aws-msk-alpha` is minor version(s) behind (2.213.0-alpha.0 -> 2.258.0-alpha.0)
`@aws-cdk/aws-msk-alpha` is pinned/resolved at 2.213.0-alpha.0 but the latest stable release on the npm registry is 2.258.0-alpha.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot ver…
deployment/cdk/opensearch-service-migration/package.json
high Security checks software dependencies conf 0.90 2 occurrences npm package `@aws-cdk/aws-servicecatalogappregistry-alpha` is minor version(s) behind (2.240.0-alpha.0 -> 2.258.0-alpha.0)
`@aws-cdk/aws-servicecatalogappregistry-alpha` is pinned/resolved at 2.240.0-alpha.0 but the latest stable release on the npm registry is 2.258.0-alpha.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency…
2 files, 2 locations
deployment/cdk/opensearch-service-migration/package.json
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 npm package `@jest/globals` is minor version(s) behind (30.2.0 -> 30.4.1)
`@jest/globals` is pinned/resolved at 30.2.0 but the latest stable release on the npm registry is 30.4.1 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 npm package `cdk` is minor version(s) behind (2.1125.0 -> 2.1126.0)
`cdk` is pinned/resolved at 2.1125.0 but the latest stable release on the npm registry is 2.1126.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 2 occurrences npm package `esbuild` is minor version(s) behind (0.25.12 -> 0.28.0)
`esbuild` is pinned/resolved at 0.25.12 but the latest stable release on the npm registry is 0.28.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
deployment/cdk/opensearch-service-migration/package.json
orchestrationSpecs/package.json
high Security checks software dependencies conf 0.90 3 occurrences npm package `jest` is minor version(s) behind (30.2.0 -> 30.4.2)
`jest` is pinned/resolved at 30.2.0 but the latest stable release on the npm registry is 30.4.2 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
3 files, 3 locations
deployment/cdk/opensearch-service-migration/package.json
deployment/migration-assistant-solution/package.json
transformation/standardJavascriptTransforms/package.json
high Security checks software dependencies conf 0.90 npm package `jsondiffpatch` is minor version(s) behind (^0.6.0 -> 0.7.6)
`jsondiffpatch` is pinned/resolved at ^0.6.0 but the latest stable release on the npm registry is 0.7.6 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
schema-viewer/package.json
high Security checks software dependencies conf 0.90 npm package `yaml` is minor version(s) behind (2.8.3 -> 2.9.0)
`yaml` is pinned/resolved at 2.8.3 but the latest stable release on the npm registry is 2.9.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
deployment/cdk/opensearch-service-migration/package.json
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/createApp.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/lambda/acm-cert-importer-handler.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/migration-console-stack.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/migration-services-yaml.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/reindex-from-snapshot-stack.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/cdk/opensearch-service-migration/test/stack-composer-ordering.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/migration-assistant-solution/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: deployment/migration-assistant-solution/test/solutions-stack.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: migrationConsole/cluster_tools/setup.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: migrationConsole/lib/console_link/setup.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: migrationConsole/lib/console_link/tests/test_setup.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/containers/containerOutputs.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/contracts/coercion.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/contracts/configMapParamResolution.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/contracts/expressionEval.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/contracts/resourceConditions.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/contracts/sprigFunctions.integ.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/arrayOps.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/coercion.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/expressionBuilderOps.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/expressionEval.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/expressionUtilities.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/inlineResourceTemplate.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/jsonpath.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/logicalOps.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/paramPassthrough.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/recordOps.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/resourceConditions.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/integ/parity/stringOps.parity.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/paramConversion.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/artifactOutput.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/inlineTemplate.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/params.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/podConfig.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/resourceExpressionYaml.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/selfDag.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/selfStep.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/waitForExistingResourceRetry.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/workflowDag.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/packages/argo-workflow-builders/tests/unit/workflowStep.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: orchestrationSpecs/tsup.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/test/analysis-component-removal.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/test/es-knn-index-to-field-level-metadata.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/test/knn-nmslib-to-faiss-metadata.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/test/ngram-diff-setting.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: transformation/standardJavascriptTransforms/test/typeMappingsSanitizer.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code conf 1.00 Possibly dead Python function: action_approve_step
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:347
low System graph software Dead code conf 1.00 Possibly dead Python function: action_cancel
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/confirm_modal.py:40
low System graph software Dead code conf 1.00 Possibly dead Python function: action_collapse_node
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:373
low System graph software Dead code conf 1.00 Possibly dead Python function: action_confirm
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/confirm_modal.py:37
low System graph software Dead code conf 1.00 Possibly dead Python function: action_copy_pod_name
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:339
low System graph software Dead code conf 1.00 Possibly dead Python function: action_expand_node
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:368
low System graph software Dead code conf 1.00 Possibly dead Python function: action_follow_logs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:285
low System graph software Dead code conf 1.00 Possibly dead Python function: action_view_logs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:314
low System graph software Dead code conf 1.00 Possibly dead Python function: action_view_output
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:247
low System graph software Dead code conf 1.00 Possibly dead Python function: action_view_resource_logs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:325
low System graph software Dead code conf 1.00 3 occurrences Possibly dead Python function: compose
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
3 files, 3 locations
migrationConsole/lib/console_link/console_link/workflow/tui/confirm_modal.py:27
migrationConsole/lib/console_link/console_link/workflow/tui/container_select_modal.py:28
migrationConsole/lib/console_link/console_link/workflow/tui/workflow_manage_app.py:87
low System graph software Dead code conf 1.00 Possibly dead Python function: decorator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/middleware/error_handler.py:22
low System graph software Dead code conf 1.00 Possibly dead Python function: decorator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/middleware/json_support.py:10
low System graph software Dead code conf 1.00 Possibly dead Python function: format_date
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/models/snapshot.py:342
low System graph software Dead code conf 1.00 Possibly dead Python function: generate_log_file_path
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/models/utils.py:54
low System graph software Dead code conf 1.00 Possibly dead Python function: load_secret
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/workflow/models/secret_store.py:125
low System graph software Dead code conf 1.00 Possibly dead Python function: one_of
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/models/schema_tools.py:8
low System graph software Dead code conf 1.00 Possibly dead Python function: validate_basic_auth_options
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/models/cluster.py:34
low System graph software Dead code conf 1.00 Possibly dead Python function: wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/middleware/error_handler.py:23
low System graph software Dead code conf 1.00 Possibly dead Python function: wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
migrationConsole/lib/console_link/console_link/middleware/json_support.py:12
high Security checks software dependencies conf 0.90 2 occurrences npm package `source-map-support` is patch version(s) behind (0.5.13 -> 0.5.21)
`source-map-support` is pinned/resolved at 0.5.13 but the latest stable release on the npm registry is 0.5.21 (patch version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
deployment/cdk/opensearch-service-migration/package.json
deployment/migration-assistant-solution/package.json
high Security checks software dependencies conf 0.90 3 occurrences npm package `ts-jest` is patch version(s) behind (29.4.6 -> 29.4.11)
`ts-jest` is pinned/resolved at 29.4.6 but the latest stable release on the npm registry is 29.4.11 (patch version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
3 files, 3 locations
deployment/cdk/opensearch-service-migration/package.json
deployment/migration-assistant-solution/package.json
orchestrationSpecs/package.json
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/5c32f884-8b05-4639-9d71-04d57464a622/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/5c32f884-8b05-4639-9d71-04d57464a622/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.