Scan timing: clone 2.22s · analysis 3.32s · 6.7 MB · GitHub preflight 433ms
https://github.com/tukaani-project/xz.git
· scanned 2026-05-31 03:55 UTC (5 days, 9 hours ago)
· 10 languages
55 findings (31 legacy + 24 scanner) 88th percentile · C · medium (20-100K LoC) Scanner says 66 (higher by 3)
Last scanned 5 days, 9 hours ago · v3 · 39 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
80.0 | 0.15 | 12.00 |
security_score |
100.0 | 0.25 | 25.00 |
testing_score |
40.0 | 0.20 | 8.00 |
documentation_score |
50.0 | 0.15 | 7.50 |
practices_score |
67.0 | 0.15 | 10.05 |
code_quality |
62.9 | 0.10 | 6.29 |
| Overall | 1.00 | 68.8 |
All 332 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
autogen.sh |
software | healthy | autogen.sh |
test_scripts.sh |
software | healthy | tests/test_scripts.sh |
test_lzip_decoder.c |
software | healthy | tests/test_lzip_decoder.c |
test_suffix.sh |
software | healthy | tests/test_suffix.sh |
test_filter_str.c |
software | healthy | tests/test_filter_str.c |
test_index.c |
software | healthy | tests/test_index.c |
create_compress_files.c |
software | healthy | tests/create_compress_files.c |
test_hardware.c |
software | healthy | tests/test_hardware.c |
test_bcj_exact_size.c |
software | healthy | tests/test_bcj_exact_size.c |
test_check.c |
software | healthy | tests/test_check.c |
test_stream_buffer_decode.c |
software | healthy | tests/test_stream_buffer_decode.c |
code_coverage.sh |
software | healthy | tests/code_coverage.sh |
test_vli.c |
software | healthy | tests/test_vli.c |
test_filter_flags.c |
software | healthy | tests/test_filter_flags.c |
test_files.sh |
software | healthy | tests/test_files.sh |
test_index_hash.c |
software | healthy | tests/test_index_hash.c |
tests.h |
software | healthy | tests/tests.h |
test_block_header.c |
software | healthy | tests/test_block_header.c |
test_microlzma.c |
software | healthy | tests/test_microlzma.c |
test_memlimit.c |
software | healthy | tests/test_memlimit.c |
test_stream_flags.c |
software | healthy | tests/test_stream_flags.c |
tuktest.h |
software | healthy | tests/tuktest.h |
test_compress.sh |
software | healthy | tests/test_compress.sh |
fuzz_decode_alone.c |
software | healthy | tests/ossfuzz/fuzz_decode_alone.c |
fuzz_decode_stream.c |
software | healthy | tests/ossfuzz/fuzz_decode_stream.c |
fuzz_decode_stream_mt.c |
software | healthy | tests/ossfuzz/fuzz_decode_stream_mt.c |
fuzz_encode_stream.c |
software | healthy | tests/ossfuzz/fuzz_encode_stream.c |
Makefile |
software | healthy | tests/ossfuzz/Makefile |
fuzz_common.h |
software | healthy | tests/ossfuzz/fuzz_common.h |
build.bash |
software | healthy | windows/build.bash |
7z2lzma.bash |
software | healthy | extra/7z2lzma/7z2lzma.bash |
scanlzma.c |
software | healthy | extra/scanlzma/scanlzma.c |
config.h |
software | healthy | dos/config.h |
Makefile |
software | healthy | dos/Makefile |
getopt.in.h |
software | healthy | lib/getopt.in.h |
getopt-ext.h |
software | healthy | lib/getopt-ext.h |
getopt-core.h |
software | healthy | lib/getopt-core.h |
getopt.c |
software | healthy | lib/getopt.c |
getopt_int.h |
software | healthy | lib/getopt_int.h |
getopt1.c |
software | healthy | lib/getopt1.c |
getopt-cdefs.h |
software | healthy | lib/getopt-cdefs.h |
getopt-pfx-core.h |
software | healthy | lib/getopt-pfx-core.h |
getopt-pfx-ext.h |
software | healthy | lib/getopt-pfx-ext.h |
04_compress_easy_mt.c |
software | healthy | doc/examples/04_compress_easy_mt.c |
03_compress_custom.c |
software | healthy | doc/examples/03_compress_custom.c |
11_file_info.c |
software | healthy | doc/examples/11_file_info.c |
Makefile |
software | healthy | doc/examples/Makefile |
02_decompress.c |
software | healthy | doc/examples/02_decompress.c |
01_compress_easy.c |
software | healthy | doc/examples/01_compress_easy.c |
coverity.yml |
software | healthy | .github/workflows/coverity.yml |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
tests |
software | healthy | tests |
ossfuzz |
software | healthy | tests/ossfuzz |
windows |
software | healthy | windows |
extra |
software | healthy | extra |
7z2lzma |
software | healthy | extra/7z2lzma |
scanlzma |
software | healthy | extra/scanlzma |
dos |
software | healthy | dos |
lib |
software | healthy | lib |
doc |
software | healthy | doc |
examples |
software | healthy | doc/examples |
.github |
software | healthy | .github |
workflows |
software | healthy | .github/workflows |
build-aux |
software | healthy | build-aux |
debug |
software | healthy | debug |
src |
software | healthy | src |
common |
software | healthy | src/common |
xzdec |
software | healthy | src/xzdec |
liblzma |
software | healthy | src/liblzma |
simple |
software | healthy | src/liblzma/simple |
api |
software | healthy | src/liblzma/api |
lzma |
software | healthy | src/liblzma/api/lzma |
common |
software | healthy | src/liblzma/common |
lz |
software | healthy | src/liblzma/lz |
lzma |
software | healthy | src/liblzma/lzma |
rangecoder |
software | healthy | src/liblzma/rangecoder |
delta |
software | healthy | src/liblzma/delta |
check |
software | healthy | src/liblzma/check |
lzmainfo |
software | healthy | src/lzmainfo |
xz |
software | healthy | src/xz |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::coverity |
cicd | healthy | .github/workflows/coverity.yml |
gha::openbsd |
cicd | healthy | .github/workflows/openbsd.yml |
gha::msvc |
cicd | healthy | .github/workflows/msvc.yml |
gha::netbsd |
cicd | healthy | .github/workflows/netbsd.yml |
gha::freebsd |
cicd | healthy | .github/workflows/freebsd.yml |
gha::msys2 |
cicd | healthy | .github/workflows/msys2.yml |
gha::haiku |
cicd | healthy | .github/workflows/haiku.yml |
gha::ci |
cicd | healthy | .github/workflows/ci.yml |
gha::dragonflybsd |
cicd | healthy | .github/workflows/dragonflybsd.yml |
gha::cifuzz |
cicd | healthy | .github/workflows/cifuzz.yml |
gha::solaris |
cicd | healthy | .github/workflows/solaris.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
coverity |
cicd | healthy | .github/workflows/coverity.yml |
OpenBSD |
cicd | healthy | .github/workflows/openbsd.yml |
MSVC |
cicd | healthy | .github/workflows/msvc.yml |
NetBSD |
cicd | healthy | .github/workflows/netbsd.yml |
FreeBSD |
cicd | healthy | .github/workflows/freebsd.yml |
MSYS2 |
cicd | healthy | .github/workflows/msys2.yml |
Haiku |
cicd | healthy | .github/workflows/haiku.yml |
POSIX |
cicd | healthy | .github/workflows/ci.yml |
DragonflyBSD |
cicd | healthy | .github/workflows/dragonflybsd.yml |
CIFuzz |
cicd | healthy | .github/workflows/cifuzz.yml |
Solaris |
cicd | healthy | .github/workflows/solaris.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
port:14 |
network | healthy | extra/7z2lzma/7z2lzma.bash |
port:25 |
network | healthy | extra/7z2lzma/7z2lzma.bash |
| Label | Layer | Status | Path |
|---|---|---|---|
COVERITY_SCAN_EMAIL |
cicd | healthy | — |
COVERITY_SCAN_TOKEN |
cicd | healthy | — |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-tvoxnx2h |
software | healthy | /tmp/repobility-clone-tvoxnx2h |
| Label | Layer | Status | Path |
|---|---|---|---|
password_literal::debug/translation.bash |
security | healthy | debug/translation.bash |
This page is publicly accessible at:
https://repobility.com/scan/8cda9cc0-bfdb-41ae-adf8-e09d6275c1f7/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/8cda9cc0-bfdb-41ae-adf8-e09d6275c1f7/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.