Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
103 of your 143 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 51.98s for a 158.5 MB repo slow.
  • Repobility's analysis ran in 53.04s after the clone landed.

gradle/gradle

https://github.com/gradle/gradle · scanned 2026-06-05 22:43 UTC (1 week, 2 days ago) · 10 languages

398 raw signals (124 security + 274 graph) 11/13 scanners ran 27th percentile · Java · huge (>500K LoC) System graph score 77 (lower by 7)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 2 days ago · v2 · 126 actionable findings from 2 signal sources. 135 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
73.8
/100
Security checks
70
58 findings
System graph
77
100.0% cov · 68 findings
Critical
7
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 100.0 0.25 25.00
testing_score 34.0 0.20 6.80
documentation_score 78.0 0.15 11.70
practices_score 86.0 0.15 12.90
code_quality 80.0 0.10 8.00
Overall 1.00 70.4
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: severity: high × excluding tests × Reset all
Severity: Critical 7 High 34 Medium 19 Low 36 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 58 System graph 68 Crowd 0 Layer: Quality 49 Security 31 Software 31 Cicd 6 Api 1 Frontend 8
Scan summary Quality grade B (70/100). Dimensions: security 100, maintainability 40. 124 findings (54 security). 797,976 lines analyzed.

Showing 32 of 126 actionable findings. 261 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic.
Review and fix per the pattern semantics. See CWE-78 / for context.
3 files, 3 locations
platforms/core-configuration/configuration-cache/src/integTest/groovy/org/gradle/internal/cc/impl/inputs/process/ProcessInPluginIntegrationTest.groovy:114
platforms/core-configuration/configuration-cache/src/integTest/groovy/org/gradle/internal/cc/impl/inputs/process/ProcessInTransformIntegrationTest.groovy:60
platforms/core-configuration/configuration-cache/src/integTest/groovy/org/gradle/internal/cc/impl/inputs/process/instrument/AbstractProcessInstrumentationIntegrationTest.groovy:200
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety.
Review and fix per the pattern semantics. See CWE-476 / for context.
3 files, 3 locations
build-logic-commons/basics/src/main/kotlin/gradlebuild/basics/BuildEnvironment.kt:111
build-logic-commons/module-identity/src/main/kotlin/gradlebuild/identity/extension/ReleasedVersionsDetails.kt:62
build-logic-settings/architecture-docs/src/main/kotlin/gradlebuild/GeneratePackageInfoDataTask.kt:72
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `.teamcity/.mvn/wrapper/maven-wrapper.jar` committed in source repo: `.teamcity/.mvn/wrapper/maven-wrapper.jar` is a .jar binary (50,710 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
.teamcity/.mvn/wrapper/maven-wrapper.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
gradle/wrapper/gradle-wrapper.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal sourc
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal s
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-no
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwis
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherw
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/fundamentals/authoring-builds/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/reference/core-plugins/customized/groovy/additionalLibs/additional-1.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/reference/core-plugins/customized/groovy/additionalLibs/additional-1.0.jar` is a .jar binary (349 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/reference/core-plugins/customized/groovy/additionalLibs/additional-1.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/reference/core-plugins/customized/kotlin/additionalLibs/additional-1.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/reference/core-plugins/customized/kotlin/additionalLibs/additional-1.0.jar` is a .jar binary (349 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/reference/core-plugins/customized/kotlin/additionalLibs/additional-1.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences [MINED134] Binary file `platforms/documentation/docs/src/snippets/reference/dependency-management/dependency-management/customizingResolution-conditionalSubstitutionRule/common/repo/org.example/project1/1.0/project1-1.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/reference/dependency-management/dependency-management/customizingResolution-conditionalSubstitutionRule/common/repo/org.example/project1/1.0/project1-1.0.jar` is a .jar binary (261 bytes) committed to a rep
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
3 files, 3 locations
platforms/documentation/docs/src/snippets/reference/dependency-management/dependency-management/customizingResolution-conditionalSubstitutionRule/common/repo/org.example/project1/1.0/project1-1.0.jar:1
platforms/documentation/docs/src/snippets/reference/dependency-management/dependency-management/customizingResolution-conditionalSubstitutionRule/common/repo/org.example/project2/1.0/project2-1.0.jar:1
platforms/documentation/docs/src/snippets/reference/dependency-management/dependency-management/customizingResolution-conditionalSubstitutionRule/common/repo/org.example/project3/1.0/project3-1.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply-cha
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known supply
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/consuming/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a known
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/multiproject/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a kn
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/pluginVersions/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a know
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/ivy-repo/com.example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` committed in source repo: `platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar` is a .jar binary (4,098 bytes) committed to a repo that otherwise has 12989 source files. Trojan binaries inside otherwise-normal source repos are a
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
platforms/documentation/docs/src/snippets/unused/plugins/resolutionRules/common/maven-repo/com/example/sample-plugins/1.0.0/sample-plugins-1.0.0.jar:1
high Security checks software Xxe conf 1.00 3 occurrences [SEC024] XML External Entity (XXE) — Java parser default: Java XML parsers accept external entity references by default. An attacker can craft XML input that reads server files (file://), exfiltrates data via DNS, or causes denial of service via the 'billion laughs' attack.
Disable DTDs and external entities before parsing: factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities"…
3 files, 3 locations
build-logic/build-update-utils/src/main/kotlin/gradlebuild/buildutils/tasks/AbstractVersionsUpdateTask.kt:67
build-logic/documentation/src/main/groovy/gradlebuild/docs/XIncludeAwareXmlProvider.groovy:39
build-logic/documentation/src/main/groovy/gradlebuild/docs/dsl/docbook/ClassDocExtensionsBuilder.java:75
high Security checks cicd CI/CD security conf 0.90 ✓ Repobility GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `gradle/update-jdks-action` pinned to mutable ref `@main`: `uses: gradle/update-jdks-action@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 4…
.github/workflows/update-jdks.yml:26 CI/CD securitySupply chainGitHub Actions
high System graph cicd CI/CD security conf 1.00 GitHub Action tracks a moving branch
gradle/update-jdks-action@main can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-jdks.yml:26 CI/CD securitySupply chainGithub actions
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/core-configuration/model-core/src/main/java/org/gradle/api/internal/provider/DefaultProviderFactory.java:227
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/core-configuration/model-core/src/main/java/org/gradle/api/internal/provider/DefaultProviderFactory.java:227 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/core-runtime/classpath/src/main/java/org/gradle/internal/classpath/Instrumented.java:238
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/core-runtime/classpath/src/main/java/org/gradle/internal/classpath/Instrumented.java:238 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/core-runtime/process-services/src/main/java/org/gradle/api/internal/ProcessOperations.java:27
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/core-runtime/process-services/src/main/java/org/gradle/api/internal/ProcessOperations.java:27 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/core-runtime/process-services/src/main/java/org/gradle/process/internal/DefaultExecActionFactory.java:213
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/core-runtime/process-services/src/main/java/org/gradle/process/internal/DefaultExecActionFactory.java:213 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/core-runtime/process-services/src/main/java/org/gradle/process/internal/DefaultExecOperations.java:36
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/core-runtime/process-services/src/main/java/org/gradle/process/internal/DefaultExecOperations.java:36 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in platforms/jvm/language-java/src/main/java/org/gradle/api/tasks/JavaExec.java:155
Found a known-risky pattern (exec_used). Review and replace if possible.
platforms/jvm/language-java/src/main/java/org/gradle/api/tasks/JavaExec.java:155 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in subprojects/core-api/src/main/java/org/gradle/api/provider/ProviderFactory.java:280
Found a known-risky pattern (exec_used). Review and replace if possible.
subprojects/core-api/src/main/java/org/gradle/api/provider/ProviderFactory.java:280 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in subprojects/core-api/src/main/java/org/gradle/process/ExecOperations.java:40
Found a known-risky pattern (exec_used). Review and replace if possible.
subprojects/core-api/src/main/java/org/gradle/process/ExecOperations.java:40 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in subprojects/core/src/main/java/org/gradle/api/tasks/AbstractExecTask.java:65
Found a known-risky pattern (exec_used). Review and replace if possible.
subprojects/core/src/main/java/org/gradle/api/tasks/AbstractExecTask.java:65 Exec used
high Security checks quality Quality conf 0.80 localStorage write failures are swallowed silently
Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.
platforms/documentation/docs/src/docs/userguide/js/theme.js:12
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/72589fb3-5d28-4958-82db-c6e0f8c38110/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/72589fb3-5d28-4958-82db-c6e0f8c38110/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.