Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
20 of your 96 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 2.1s · analysis 40.89s · 10.3 MB · GitHub API rate-limit (preflight)

eclipse-sw360/sw360

https://github.com/eclipse-sw360/sw360 · scanned 2026-06-05 14:53 UTC (5 days, 3 hours ago) · 10 languages

274 raw signals (78 security + 196 graph) 14th percentile · Java · large (100-500K LoC) System graph score 70 (lower by 4)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 3 hours ago · v2 · 129 actionable findings from 2 signal sources. 44 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
60.6
/100
Security checks
51
34 findings
System graph
70
100.0% cov · 95 findings
Critical
9
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 26.9 0.25 6.72
testing_score 80.0 0.20 16.00
documentation_score 96.0 0.15 14.40
practices_score 89.0 0.15 13.35
code_quality 66.5 0.10 6.65
Overall 1.00 66.1
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 9 High 7 Medium 13 Low 85 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 34 System graph 95 Crowd 0 Layer: Security 15 Cicd 11 Software 54 Quality 41 Api 1 Network 3 Hardware 3 Frontend 1
Scan summary Quality grade B- (66/100). Dimensions: security 27, maintainability 60. 78 findings (4 security). 186,465 lines analyzed.

Showing 108 of 129 actionable findings. 173 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks security secrets conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
config/couchdb/sw360_setup.ini:9
critical Security checks security secrets conf 0.95 Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
Gitleaks detected a committed secret or credential pattern.
rest/resource-server/src/docs/asciidoc/api-guide.adoc:142
critical Security checks security secrets conf 0.95 Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
Gitleaks detected a committed secret or credential pattern.
rest/resource-server/src/docs/asciidoc/api-guide.adoc:161
critical System graph security Secrets conf 1.00 Possible secret in clients/client/src/main/java/org/eclipse/sw360/clients/rest/resource/SW360Attributes.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
clients/client/src/main/java/org/eclipse/sw360/clients/rest/resource/SW360Attributes.java:35
high Security checks software Xxe conf 1.00 [SEC024] XML External Entity (XXE) — Java parser default: Java XML parsers accept external entity references by default. An attacker can craft XML input that reads server files (file://), exfiltrates data via DNS, or causes denial of service via the 'billion laughs' attack.
Disable DTDs and external entities before parsing: factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities"…
backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/parsers/AbstractCLIParser.java:116
high Security checks cicd CI/CD security conf 0.90 Database service has no persistent data volume
Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state.
docker-compose.yml:35 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.84 2 occurrences Database service publishes a host port
Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports.
lines 35, 43
docker-compose.yml:35, 43 (2 hits)
CI/CD securitycontainers
high Security checks software dependencies conf 0.88 org.apache.thrift:libthrift: GHSA-7pwc-h2j2-rjgj
Apache Thrift has an Improper Validation of Certificate with Host Mismatch Vulnerability
keycloak/sw360-keycloak-common/pom.xml
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
libraries/exporters/src/main/java/org/eclipse/sw360/exporter/utils/ZipTools.java:52
medium Security checks cicd CI/CD security conf 0.86 App service does not wait for database health
depends_on controls startup order, but without condition: service_healthy an app can start while the database is still initializing and fail intermittently.
docker-compose.yml:10 CI/CD securitycontainers
low Security checks quality Error handling conf 0.55 ✓ Repobility 5 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
5 files, 5 locations
scripts/migrations/053_remove_whitespace_component_name.py:206
scripts/migrations/062_update_packagIds_to_map.py:44
scripts/migrations/063_migrate_oauth_client_owner_email.py:189
scripts/migrations/064_migrate_unified_mail_export_config_key.py:70
third-party/keycloak-tf/export_clients.py:46
Error handlingquality
medium Security checks cicd CI/CD security conf 0.84 Database data bind mount is inside the Docker build context
Keeping live database files under the repository/build context can leak data into Docker builds, slow context loading, and make accidental commits more likely.
docker-compose.yml:43 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.88 Database service has no healthcheck
Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy.
docker-compose.yml:35 CI/CD securitycontainers
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: third-party/thrift/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
3 files, 3 locations
.github/workflows/scorecard.yml
.github/workflows/sw360_container.yml
.github/workflows/thrift_container.yml
CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in backend/fossology/src/main/java/org/eclipse/sw360/fossology/rest/FossologyRestClient.java:735
Found a known-risky pattern (weak_hash). Review and replace if possible.
backend/fossology/src/main/java/org/eclipse/sw360/fossology/rest/FossologyRestClient.java:735 Weak hash
medium System graph network Security conf 1.00 Privileged port 256 in use
Port 256 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
Dockerfile Ports
medium System graph network Security conf 1.00 Privileged port 59 in use
Port 59 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
Dockerfile Ports
medium System graph network Security conf 1.00 Privileged port 98 in use
Port 98 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
third-party/thrift/Dockerfile Ports
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 72 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.68 App service does not wait for database health
depends_on controls startup order, but without condition: service_healthy an app can start while the database is still initializing and fail intermittently.
docker-compose.yml:43 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.56 3 occurrences Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
lines 10, 35, 43
docker-compose.yml:10, 35, 43 (3 hits)
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 3 occurrences Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
lines 10, 35, 43
docker-compose.yml:10, 35, 43 (3 hits)
CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.74 Dockerfile leaves apt package indexes in the image layer
Package indexes increase image size and can expose stale metadata in the final image layer.
Dockerfile:28 CI/CD securitycontainers
low Security checks quality Quality conf 0.60 21 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 17 locations
backend/common/src/main/java/org/eclipse/sw360/datahandler/db/spdx/packageinfo/SpdxPackageInfoDatabaseHandler.java:243, 244 (2 hits)
libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/ReleasePermissions.java:49, 56 (2 hits)
libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/SpdxDocumentPermissions.java:21, 26 (2 hits)
libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/SpdxPackageInfoPermissions.java:22, 26 (2 hits)
libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/permissions/VulnerabilityPermissions.java:18, 22 (2 hits)
backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectRepository.java:210
backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ReleaseRepository.java:72
backend/common/src/main/java/org/eclipse/sw360/datahandler/db/spdx/documentcreationinfo/SpdxDocumentCreationInfoDatabaseHandler.java:174
duplicationquality
low System graph quality Maintenance conf 1.00 34 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/001_migrate_license_shortname_to_id.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/002_remove_project_comoderators.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/003_rename_release_contacts_to_contributors.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/004_move_release_ecc_fields_to_release_information.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/005_convert_compatibility_fields_to_ternary.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/006_convert_project_release_relationship_to_enums.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/007_add_submitters_usergroup_to_moderation_request.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/008_add_component_type_to_moderation_requests.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/009_overwrite_release_name_with_component_name.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/010_repair_missing_vendorId_links_in_releases.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/011_migrate_attachment_usages_license_info.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/012_migrate_todoid_to_title.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/013_migrate_releases_external_tool_requests.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/015_update_fullmyprojects_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/016_update_byExternalIds_component_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/017_update_empty_release_clearing_state_to_default_value.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/018_remove_unwanted_field_from_clearing_request.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/020_update_byExternalIds_release_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/021_update_byexternalids_project_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/022_migrate_todo_to_obligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/023_rename_obligationType_to_obligationLevel.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/024_update_type_from_obligations_to_obligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/025_remove_old_obligations_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/026_licenseObligation_populate_text_field.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/027_licenseObligation_field_update.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/028_update_type_from_licenseObligation_to_obligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/029_remove_old_licenseobligation_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/030_obligation_field_update.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/031_update_obligationLevel_from_productObligation_to_projectObligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/032_rename_linkedObligation_to_linkedObligationStatus_in_ProjectObligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/033_update_type_from_projectObligation_to_obligationList.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/034_remove_old_projectObligation_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/035_risk_field_updates.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/036_drop_old_views_and_license_field_update.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/037_checkfor_project_todos_in_moderations.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/038_convert_ObligationStatusInfo_type_to_obligationType.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/039_projecttodo_to_obligationlist.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/040_rename_downloadurl_to_sourceCodeDownloadurl_in_Release.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/041_update_release_moderation_with_downloadurl.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/043_migrate_project_homepage_wiki_to_externalUrls.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/045_migrate_project_linked_project_relation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/046_migrate_project_moderation_request_linked_project_relation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/047_migrate_obligation_status.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/049_migrate_admin_obligation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/052_migrate_clearing_request_status.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/migrations/repair_missing_sha1_hashes.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/utilities/001_update_project_field_value_couchdb_1_x.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/utilities/002_update_view.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/utilities/003_update_project_field_value_couchdb_2_x.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/utilities/004_recompute_clearing_state_of_release.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: scripts/migrations/062_update_packagIds_to_map.py:update_package_ids_structure, scripts/migrations/064_migrate_unified_mail_export_config_key.py:migrate_mail_export_config_key This is *the* AI-coder failure mode (4× more duplication in vibe-coded rep…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `cloudant_v1` in scripts/migrations/063_migrate_oauth_client_owner_email.py:49
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `cloudant_v1` in third-party/keycloak-tf/export_clients.py:21
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `HOld` in scripts/migrations/052_migrate_clearing_request_status.py:76
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Complexity conf 1.00 Very large file: backend/common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java (1178 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java (3445 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/common/src/main/java/org/eclipse/sw360/datahandler/db/DatabaseHandlerUtil.java (1121 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java (2924 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/common/src/main/java/org/eclipse/sw360/spdx/SpdxBOMImporter.java (1114 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/components/src/test/java/org/eclipse/sw360/components/db/BulkDeleteUtilTest.java (1511 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/components/src/test/java/org/eclipse/sw360/components/db/ComponentDatabaseHandlerTest.java (1193 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/LicenseInfoHandler.java (1153 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/licenseinfo/src/main/java/org/eclipse/sw360/licenseinfo/outputGenerators/DocxGenerator.java (1055 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/licenses-core/src/main/java/org/eclipse/sw360/licenses/db/LicenseDatabaseHandler.java (1485 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: backend/moderation/src/main/java/org/eclipse/sw360/moderation/db/ModerationDatabaseHandler.java (1086 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Utils.java (1194 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/resourcelists/ResourceComparatorGenerator.java (934 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/component/ComponentController.java (1424 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java (2961 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/RestControllerHelper.java (1810 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java (4822 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java (2501 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/release/ReleaseController.java (2275 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/release/Sw360ReleaseService.java (1674 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/integration/ProjectTest.java (1639 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ComponentSpecTest.java (1432 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ProjectSpecTest.java (3428 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: rest/resource-server/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/ReleaseSpecTest.java (1844 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/7f6605cc-6a16-4dff-84b8-571aaccfc3aa/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/7f6605cc-6a16-4dff-84b8-571aaccfc3aa/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.