Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
21 of your 30 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 1.81s · analysis 4.68s · 2.3 MB · GitHub preflight 485ms

free-programming-books

https://github.com/EbookFoundation/free-programming-books.git · scanned 2026-06-05 04:09 UTC (4 hours, 43 minutes ago) · 10 languages

127 findings (22 legacy + 105 scanner) 84th percentile · Python · tiny (<2K LoC) Scanner says 92 (lower by 18)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 hours, 43 minutes ago · v5 · 43 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
82.4
/100
Repobility
73
22 legacy
9-layer
92
100.0% cov · 21 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 45.0 0.15 6.75
security_score 100.0 0.25 25.00
testing_score 70.0 0.20 14.00
documentation_score 75.0 0.15 11.25
practices_score 81.0 0.15 12.15
code_quality 47.0 0.10 4.70
Overall 1.00 73.9
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 23 Medium 7 Low 10 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 22 9-layer 21 Crowd 0 Layer: Quality 5 Software 19 Api 1 Frontend 1 Security 1 Cicd 16
Corpus Intelligence Cross-corpus context (cohort percentile, top patterns, fix plan) is shown only on repositories you own. Sign up and connect your repo to view it.
Scan summary Repository scanned at 91.8/100 with 100.0% coverage. It contains 272 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 21 findings — concentrated in cicd (16), quality (2), api (1). Risk profile is high: 0 critical, 2 high, 6 medium. Recommended next step: open the cicd layer findings first — that's where the highest-impact wins live.

Showing 40 of 43 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions-ecosystem/action-add-labels` pinned to mutable ref `@v1`
`uses: actions-ecosystem/action-add-labels@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/issues-pinner.yml:38 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions-ecosystem/action-remove-labels` pinned to mutable ref `@v1`
`uses: actions-ecosystem/action-remove-labels@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/issues-pinner.yml:48 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/rtl-ltr-linter.yml:15 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/fpb-lint.yml:14 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:122 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:78 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:40 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/download-artifact` pinned to mutable ref `@v8`
`uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:125 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/github-script` pinned to mutable ref `@v9`
`uses: actions/github-script@v9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/comment-pr.yml:18 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v6`
`uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/fpb-lint.yml:16 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v6`
`uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/rtl-ltr-linter.yml:23 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/stale` pinned to mutable ref `@v10`
`uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/stale.yml:22 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-artifact` pinned to mutable ref `@v7`
`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/rtl-ltr-linter.yml:97 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-artifact` pinned to mutable ref `@v7`
`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/fpb-lint.yml:31 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-artifact` pinned to mutable ref `@v7`
`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:110 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `eps1lon/actions-label-merge-conflict` pinned to mutable ref `@v3.1.0`
`uses: eps1lon/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/detect-conflicting-prs.yml:32 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `ruby/setup-ruby` pinned to mutable ref `@v1`
`uses: ruby/setup-ruby@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:83 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `tj-actions/changed-files` pinned to mutable ref `@v46`
`uses: tj-actions/changed-files@v46` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/rtl-ltr-linter.yml:43 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `tj-actions/changed-files` pinned to mutable ref `@v46`
`uses: tj-actions/changed-files@v46` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/check-urls.yml:45 dependencylegacy
high 9-layer cicd supply-chain conf 1.00 tj-actions/changed-files is tag-pinned instead of SHA-pinned
The tj-actions/changed-files incident showed that mutable action tags can execute credential-stealing code across many repositories. Pin this action to a reviewed commit SHA.
.github/workflows/check-urls.yml:45 supply-chaingithub-actionspinned-dependencies
high 9-layer cicd supply-chain conf 1.00 tj-actions/changed-files is tag-pinned instead of SHA-pinned
The tj-actions/changed-files incident showed that mutable action tags can execute credential-stealing code across many repositories. Pin this action to a reviewed commit SHA.
.github/workflows/rtl-ltr-linter.yml:43 supply-chaingithub-actionspinned-dependencies
medium Legacy quality quality Average file size is 605 lines (recommend <300)
Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle — each module should have one clear purpose.
qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
scripts/rtl_ltr_linter.py:70 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
scripts/rtl_ltr_linter.py:214 qualitylegacy
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
eps1lon/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/detect-conflicting-prs.yml:32 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
ruby/setup-ruby@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/check-urls.yml:83 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions-ecosystem/action-add-labels@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/issues-pinner.yml:38 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions-ecosystem/action-remove-labels@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/issues-pinner.yml:48 supply-chaingithub-actionspinned-dependencies
medium 9-layer security coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
coverageauth
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 1 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
testscoverage
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/github-script@v9 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/comment-pr.yml:18 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/check-urls.yml:40 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/check-urls.yml:78 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/check-urls.yml:122 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v8 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/check-urls.yml:125 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/fpb-lint.yml:16 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v7 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/fpb-lint.yml:31 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v5 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/rtl-ltr-linter.yml:15 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/rtl-ltr-linter.yml:23 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v7 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/rtl-ltr-linter.yml:97 supply-chaingithub-actionspinned-dependencies
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6e12f592-776f-45a0-bace-d304b3f7903a/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6e12f592-776f-45a0-bace-d304b3f7903a/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.