docloulou/Wayland-Wheeltani — Repobility public scan

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

Sign up free Scan another repo

3 of your 4 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

docloulou/Wayland-Wheeltani

https://github.com/docloulou/Wayland-Wheeltani · scanned 2026-05-18 14:47 UTC (2 weeks, 3 days ago) · 10 languages

61 findings (4 legacy + 57 scanner) Scanner says 85 (lower by 22)

File as issue Image v2 schema

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 3 days ago · v3 · 23 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON

66.7% cov · 19 gaps

click to filter

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	75.0	0.15	11.25
`security_score`	100.0	0.25	25.00
`testing_score`	0.0	0.20	0.00
`documentation_score`	60.0	0.15	9.00
`practices_score`	73.0	0.15	10.95
`code_quality`	70.0	0.10	7.00
Overall		1.00	63.2

Severity distribution — click a segment to filter

Active filters: excluding tests × Reset all

Severity: Critical 0 High 0 Medium 10 Low 7 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 4 9-layer 19 Crowd 0 Layer: Quality 5 Api 1 Frontend 1 Security 1 Cicd 15

Exclude dismissed / FP Exclude test files

Scan summary Repository scanned at 85.3/100 with 66.7% coverage. It contains 43 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 19 findings — concentrated in cicd (15), api (1), frontend (1). Risk profile is low: 0 critical, 0 high, 10 medium. Recommended next step: open the cicd layer findings first — that's where the highest-impact wins live.

Showing 17 of 23 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

github/codeql-action/init@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/codeql.yml:70 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

github/codeql-action/analyze@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/codeql.yml:99 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

dtolnay/rust-toolchain@stable can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:50 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

mlugg/setup-zig@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:55 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

taiki-e/install-action@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:71 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

dtolnay/rust-toolchain@stable can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:157 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

katyo/publish-crates@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:160 supply-chaingithub-actionspinned-dependencies

medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/release.yml supply-chaingithub-actionsleast-privilege

medium 9-layer security coverage conf 1.00 No auth library detected

The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.

coverageauth

medium 9-layer quality tests conf 1.00 Very low test-to-source ratio

1 test file(s) for 15 source file(s) (ratio 0.07). Consider adding integration or unit tests for critical paths.

testscoverage

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/codeql.yml:60 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:47 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:60 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:94 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:109 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:112 supply-chaingithub-actionspinned-dependencies

low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned

actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

.github/workflows/release.yml:152 supply-chaingithub-actionspinned-dependencies

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/5e138d22-79f4-47be-9cce-509d04dc76b7/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/5e138d22-79f4-47be-9cce-509d04dc76b7/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.