https://github.com/sebastienrousseau/dotfiles
· scanned 2026-05-14 21:41 UTC (3 weeks ago)
· 10 languages
36 findings (12 legacy + 24 scanner) 95th percentile · Python · tiny (<2K LoC)
Last scanned 3 weeks ago · v1 · 12 findings from 1 source. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
85.0 | 0.15 | 12.75 |
security_score |
83.4 | 0.25 | 20.85 |
testing_score |
49.0 | 0.20 | 9.80 |
documentation_score |
91.0 | 0.15 | 13.65 |
practices_score |
75.0 | 0.15 | 11.25 |
code_quality |
77.9 | 0.10 | 7.79 |
| Overall | 1.00 | 76.1 |
agent: 2.1 ·
docker: 14.5
All 1437 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
typos.toml |
software | healthy | typos.toml |
run_onchange_after_fonts.sh |
software | healthy | run_onchange_after_fonts.sh |
.yamllint.yaml |
software | healthy | .yamllint.yaml |
.taplo.toml |
software | healthy | .taplo.toml |
README.md |
software | healthy | README.md |
CLAUDE.md |
software | healthy | CLAUDE.md |
mise-versions.lock.json |
software | healthy | mise-versions.lock.json |
install.sh |
software | healthy | install.sh |
package.json |
software | healthy | package.json |
mise.toml |
software | healthy | mise.toml |
.sops.yaml |
software | healthy | .sops.yaml |
CONTRIBUTING.md |
software | healthy | CONTRIBUTING.md |
Makefile |
software | healthy | Makefile |
.chezmoidata.toml |
software | healthy | .chezmoidata.toml |
OPENCODE.md |
software | healthy | OPENCODE.md |
dot_rustfmt.toml |
software | healthy | dot_rustfmt.toml |
treefmt.toml |
software | healthy | treefmt.toml |
CHANGELOG.md |
software | healthy | CHANGELOG.md |
CONFIG_STRATEGY.md |
software | healthy | CONFIG_STRATEGY.md |
run_before_cleanup.sh |
software | healthy | install/run_before_cleanup.sh |
chezmoi.sh |
software | healthy | install/lib/chezmoi.sh |
hide_menu_entries.sh |
software | healthy | install/lib/hide_menu_entries.sh |
installers.sh |
software | healthy | install/lib/installers.sh |
os_detection.sh |
software | healthy | install/lib/os_detection.sh |
install_neovim.sh |
software | healthy | install/lib/install_neovim.sh |
backup.sh |
software | healthy | install/lib/backup.sh |
install_nix_profile.sh |
software | healthy | install/lib/install_nix_profile.sh |
logging.sh |
software | healthy | install/lib/logging.sh |
upgrade_neovim_nightly.sh |
software | healthy | install/lib/upgrade_neovim_nightly.sh |
package_managers.sh |
software | healthy | install/lib/package_managers.sh |
run_onchange_50-install-fonts.sh |
software | healthy | install/provision/run_onchange_50-install-fonts.sh |
run_onchange_40-darwin-default-apps.sh |
software | healthy | install/provision/run_onchange_40-darwin-default-apps.sh |
run_onchange_30-darwin-mas.sh |
software | healthy | install/provision/run_onchange_30-darwin-mas.sh |
run_before_00-audit.sh |
software | healthy | install/provision/run_before_00-audit.sh |
run_onchange_30-vscode-extensions.sh |
software | healthy | install/provision/run_onchange_30-vscode-extensions.sh |
devcontainer.json |
software | healthy | .devcontainer/devcontainer.json |
Dockerfile |
software | healthy | .devcontainer/Dockerfile |
install-lite.sh |
software | healthy | .devcontainer/install-lite.sh |
install-full.sh |
software | healthy | .devcontainer/install-full.sh |
devcontainer.ci.json |
software | healthy | .devcontainer/devcontainer.ci.json |
README.md |
software | healthy | private_dot_ssh/config.d/README.md |
gitleaks.toml |
software | healthy | config/gitleaks.toml |
cliff.toml |
software | healthy | config/cliff.toml |
chezmoidata.schema.json |
software | healthy | config/chezmoidata.schema.json |
pre-commit-config.yaml |
software | healthy | config/pre-commit-config.yaml |
stylua.toml |
software | healthy | config/stylua.toml |
README.md |
software | healthy | tests/README.md |
test-docker.sh |
software | healthy | tests/test-docker.sh |
benchmark.sh |
software | healthy | tests/benchmark.sh |
test-aliases.sh |
software | healthy | tests/test-aliases.sh |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
install |
software | healthy | install |
lib |
software | healthy | install/lib |
provision |
software | healthy | install/provision |
.devcontainer |
software | healthy | .devcontainer |
private_dot_ssh |
software | healthy | private_dot_ssh |
config.d |
software | healthy | private_dot_ssh/config.d |
config |
software | healthy | config |
tests |
software | healthy | tests |
integration |
software | healthy | tests/integration |
unit |
software | healthy | tests/unit |
dot-cli |
software | healthy | tests/unit/dot-cli |
security |
software | healthy | tests/unit/security |
functions |
software | healthy | tests/unit/functions |
install |
software | healthy | tests/unit/install |
auto |
software | healthy | tests/unit/auto |
ops |
software | healthy | tests/unit/ops |
docs |
software | healthy | tests/unit/docs |
nushell |
software | healthy | tests/unit/nushell |
theme |
software | healthy | tests/unit/theme |
nvim |
software | healthy | tests/unit/nvim |
diagnostics |
software | healthy | tests/unit/diagnostics |
aliases |
software | healthy | tests/unit/aliases |
secrets |
software | healthy | tests/unit/secrets |
tools |
software | healthy | tests/unit/tools |
shell |
software | healthy | tests/unit/shell |
misc |
software | healthy | tests/unit/misc |
ci |
software | healthy | tests/unit/ci |
fish |
software | healthy | tests/unit/fish |
fuzz |
software | healthy | tests/fuzz |
performance |
software | healthy | tests/performance |
framework |
software | healthy | tests/framework |
snapshots |
software | healthy | tests/snapshots |
regression |
software | healthy | tests/regression |
docs |
software | healthy | docs |
security |
software | healthy | docs/security |
reference |
software | healthy | docs/reference |
archive |
software | healthy | docs/archive |
operations |
software | healthy | docs/operations |
architecture |
software | healthy | docs/architecture |
interop |
software | healthy | docs/interop |
themes |
software | healthy | docs/themes |
adr |
software | healthy | docs/adr |
manual |
software | healthy | docs/manual |
02-tutorials |
software | healthy | docs/manual/02-tutorials |
03-reference |
software | healthy | docs/manual/03-reference |
04-cookbook |
software | healthy | docs/manual/04-cookbook |
05-appendices |
software | healthy | docs/manual/05-appendices |
01-concepts |
software | healthy | docs/manual/01-concepts |
guides |
software | healthy | docs/guides |
dot_claude |
software | healthy | dot_claude |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
test |
cicd | healthy | templates/projects/node/.github/workflows/ci.yml |
security |
cicd | healthy | templates/projects/node/.github/workflows/ci.yml |
test |
cicd | healthy | templates/projects/python/.github/workflows/ci.yml |
security |
cicd | healthy | templates/projects/python/.github/workflows/ci.yml |
test |
cicd | healthy | templates/projects/go/.github/workflows/ci.yml |
security |
cicd | healthy | templates/projects/go/.github/workflows/ci.yml |
analyze |
cicd | healthy | .github/workflows/codeql.yml |
audit |
cicd | healthy | .github/workflows/regression-trace-audit.yml |
sbom |
cicd | healthy | .github/workflows/security-release.yml |
provenance |
cicd | healthy | .github/workflows/security-release.yml |
verify-release-integrity |
cicd | healthy | .github/workflows/security-release.yml |
nix-lint |
cicd | healthy | .github/workflows/reusable-nix-lint.yml |
security-baseline |
cicd | healthy | .github/workflows/reusable-security-baseline.yml |
coverage |
cicd | healthy | .github/workflows/coverage.yml |
check-signature |
cicd | healthy | .github/workflows/pr-signature.yml |
reliability |
cicd | healthy | .github/workflows/reliability-gate.yml |
examples-contract |
cicd | healthy | .github/workflows/reliability-gate.yml |
wsl-contract |
cicd | healthy | .github/workflows/reliability-gate.yml |
powershell-contract |
cicd | healthy | .github/workflows/reliability-gate.yml |
reliability-summary |
cicd | healthy | .github/workflows/reliability-gate.yml |
secrets-scan |
cicd | healthy | .github/workflows/security-enhanced.yml |
secrets-trufflehog |
cicd | healthy | .github/workflows/security-enhanced.yml |
dependency-scan |
cicd | healthy | .github/workflows/security-enhanced.yml |
infrastructure-scan |
cicd | healthy | .github/workflows/security-enhanced.yml |
container-scan |
cicd | healthy | .github/workflows/security-enhanced.yml |
policy-enforcement |
cicd | healthy | .github/workflows/security-enhanced.yml |
security-attestation |
cicd | healthy | .github/workflows/security-enhanced.yml |
security-summary |
cicd | healthy | .github/workflows/security-enhanced.yml |
cross-platform-test |
cicd | healthy | .github/workflows/cross-platform-test.yml |
compatibility-report |
cicd | healthy | .github/workflows/cross-platform-test.yml |
publish-npm |
cicd | healthy | .github/workflows/npm-publish.yml |
publish-gpr |
cicd | healthy | .github/workflows/npm-publish.yml |
lint-shell |
cicd | healthy | .github/workflows/ci-enforced.yml |
lint-lua |
cicd | healthy | .github/workflows/ci-enforced.yml |
lint-nix |
cicd | healthy | .github/workflows/ci-enforced.yml |
lint-copyright |
cicd | healthy | .github/workflows/ci-enforced.yml |
security-secrets |
cicd | healthy | .github/workflows/ci-enforced.yml |
security-dependency-audit |
cicd | healthy | .github/workflows/ci-enforced.yml |
security-infrastructure |
cicd | healthy | .github/workflows/ci-enforced.yml |
test-matrix |
cicd | healthy | .github/workflows/ci-enforced.yml |
test-unit |
cicd | healthy | .github/workflows/ci-enforced.yml |
merge-gate |
cicd | healthy | .github/workflows/ci-enforced.yml |
nightly |
cicd | healthy | .github/workflows/ci-enforced.yml |
lua-lint |
cicd | healthy | .github/workflows/reusable-lua-lint.yml |
fuzz |
cicd | healthy | .github/workflows/install-fuzz.yml |
test-suite |
cicd | healthy | .github/workflows/reusable-test-suite.yml |
secrets-scan |
cicd | healthy | .github/workflows/reusable-secrets-scan.yml |
generate-sbom |
cicd | healthy | .github/workflows/sbom-diff.yml |
cve-scan |
cicd | healthy | .github/workflows/sbom-diff.yml |
analysis |
cicd | healthy | .github/workflows/scorecard.yml |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
srgb_to_linear |
software | healthy | scripts/theme/extract-theme.py:26 |
linear_to_srgb |
software | healthy | scripts/theme/extract-theme.py:31 |
rgb_to_xyz |
software | healthy | scripts/theme/extract-theme.py:37 |
xyz_to_lab |
software | healthy | scripts/theme/extract-theme.py:48 |
f |
software | healthy | scripts/theme/extract-theme.py:52 |
lab_to_xyz |
software | healthy | scripts/theme/extract-theme.py:62 |
inv_f |
software | healthy | scripts/theme/extract-theme.py:69 |
xyz_to_rgb |
software | healthy | scripts/theme/extract-theme.py:75 |
rgb_to_lab |
software | healthy | scripts/theme/extract-theme.py:86 |
lab_to_rgb |
software | healthy | scripts/theme/extract-theme.py:90 |
rgb_to_hex |
software | healthy | scripts/theme/extract-theme.py:94 |
hex_to_rgb |
software | dead | scripts/theme/extract-theme.py:98 |
lab_distance |
software | healthy | scripts/theme/extract-theme.py:107 |
relative_luminance |
software | healthy | scripts/theme/extract-theme.py:112 |
ch |
software | healthy | scripts/theme/extract-theme.py:114 |
contrast_ratio |
software | healthy | scripts/theme/extract-theme.py:120 |
lab_chroma |
software | healthy | scripts/theme/extract-theme.py:126 |
lab_hue |
software | healthy | scripts/theme/extract-theme.py:131 |
_kmeans_init |
software | healthy | scripts/theme/extract-theme.py:141 |
_assign_labels |
software | healthy | scripts/theme/extract-theme.py:161 |
_update_centroids |
software | healthy | scripts/theme/extract-theme.py:178 |
_kmeans_single_run |
software | healthy | scripts/theme/extract-theme.py:189 |
kmeans_lab |
software | healthy | scripts/theme/extract-theme.py:204 |
extract_pixels |
software | healthy | scripts/theme/extract-theme.py:240 |
find_nearest_hue |
software | healthy | scripts/theme/extract-theme.py:293 |
adjust_lightness |
software | healthy | scripts/theme/extract-theme.py:305 |
ensure_contrast |
software | healthy | scripts/theme/extract-theme.py:314 |
_nvim_from_hue |
software | healthy | scripts/theme/extract-theme.py:331 |
_macos_accent_from_hue |
software | healthy | scripts/theme/extract-theme.py:340 |
_compute_bg_fg |
software | healthy | scripts/theme/extract-theme.py:357 |
_compute_accent |
software | healthy | scripts/theme/extract-theme.py:373 |
_compute_panel_border |
software | healthy | scripts/theme/extract-theme.py:390 |
_build_ansi_color |
software | healthy | scripts/theme/extract-theme.py:412 |
_ansi_palette |
software | healthy | scripts/theme/extract-theme.py:427 |
_structural_colors |
software | healthy | scripts/theme/extract-theme.py:448 |
generate_theme |
software | healthy | scripts/theme/extract-theme.py:465 |
theme_to_toml |
software | healthy | scripts/theme/extract-theme.py:555 |
determine_mode |
software | healthy | scripts/theme/extract-theme.py:592 |
derive_name |
software | healthy | scripts/theme/extract-theme.py:600 |
main |
software | healthy | scripts/theme/extract-theme.py:612 |
scan_file |
software | healthy | scripts/tools/detect-collisions.py:17 |
record_definition |
software | healthy | scripts/tools/detect-collisions.py:39 |
main |
software | healthy | scripts/tools/detect-collisions.py:59 |
test_smoke |
software | healthy | templates/projects/python/tests/test_basic.py:2 |
showCollections |
software | healthy | dot_config/mongosh/mongoshrc.js:showCollections |
showDatabases |
software | healthy | dot_config/mongosh/mongoshrc.js:showDatabases |
findOne |
software | healthy | dot_config/mongosh/mongoshrc.js:findOne |
countDocs |
software | healthy | dot_config/mongosh/mongoshrc.js:countDocs |
serverStatus |
software | healthy | dot_config/mongosh/mongoshrc.js:serverStatus |
currentOps |
software | healthy | dot_config/mongosh/mongoshrc.js:currentOps |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
gha::ci |
cicd | healthy | templates/projects/node/.github/workflows/ci.yml |
gha::ci |
cicd | healthy | templates/projects/python/.github/workflows/ci.yml |
gha::ci |
cicd | healthy | templates/projects/go/.github/workflows/ci.yml |
gha::codeql |
cicd | healthy | .github/workflows/codeql.yml |
gha::regression-trace-audit |
cicd | healthy | .github/workflows/regression-trace-audit.yml |
gha::security-release |
cicd | healthy | .github/workflows/security-release.yml |
gha::reusable-nix-lint |
cicd | healthy | .github/workflows/reusable-nix-lint.yml |
gha::reusable-security-baseline |
cicd | healthy | .github/workflows/reusable-security-baseline.yml |
gha::coverage |
cicd | healthy | .github/workflows/coverage.yml |
gha::pr-signature |
cicd | healthy | .github/workflows/pr-signature.yml |
gha::reliability-gate |
cicd | healthy | .github/workflows/reliability-gate.yml |
gha::security-enhanced |
cicd | healthy | .github/workflows/security-enhanced.yml |
gha::cross-platform-test |
cicd | healthy | .github/workflows/cross-platform-test.yml |
gha::npm-publish |
cicd | healthy | .github/workflows/npm-publish.yml |
gha::ci-enforced |
cicd | healthy | .github/workflows/ci-enforced.yml |
gha::reusable-lua-lint |
cicd | healthy | .github/workflows/reusable-lua-lint.yml |
gha::install-fuzz |
cicd | healthy | .github/workflows/install-fuzz.yml |
gha::reusable-test-suite |
cicd | healthy | .github/workflows/reusable-test-suite.yml |
gha::reusable-secrets-scan |
cicd | healthy | .github/workflows/reusable-secrets-scan.yml |
gha::sbom-diff |
cicd | healthy | .github/workflows/sbom-diff.yml |
gha::scorecard |
cicd | healthy | .github/workflows/scorecard.yml |
gha::ci |
cicd | healthy | .github/workflows/ci.yml |
gha::manual-publish |
cicd | healthy | .github/workflows/manual-publish.yml |
gha::nightly |
cicd | healthy | .github/workflows/nightly.yml |
gha::drift-detection |
cicd | healthy | .github/workflows/drift-detection.yml |
gha::reusable-copyright-lint |
cicd | healthy | .github/workflows/reusable-copyright-lint.yml |
gha::pages |
cicd | healthy | .github/workflows/pages.yml |
gha::perf-baseline |
cicd | healthy | .github/workflows/perf-baseline.yml |
gha::devcontainer-prebuild |
cicd | healthy | .github/workflows/devcontainer-prebuild.yml |
gha::sync-versions |
cicd | healthy | .github/workflows/sync-versions.yml |
gha::pre-commit |
cicd | healthy | .github/workflows/pre-commit.yml |
gha::deps-dev-validation |
cicd | healthy | .github/workflows/deps-dev-validation.yml |
gha::policy-bundle-release |
cicd | healthy | .github/workflows/policy-bundle-release.yml |
gha::update-deps |
cicd | healthy | .github/workflows/update-deps.yml |
gha::reusable-shell-lint |
cicd | healthy | .github/workflows/reusable-shell-lint.yml |
gha::compliance-guard |
cicd | healthy | .github/workflows/compliance-guard.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
password_literal::tests/unit/functions/test_genpass_behavio… |
security | healthy | tests/unit/functions/test_genpass_behavior.sh |
password_literal::tests/unit/functions/test_property_genpas… |
security | healthy | tests/unit/functions/test_property_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
password_literal::tests/unit/functions/test_genpass.sh |
security | healthy | tests/unit/functions/test_genpass.sh |
generic_api_key::scripts/diagnostics/smoke-test.sh |
security | healthy | scripts/diagnostics/smoke-test.sh |
| Label | Layer | Status | Path |
|---|---|---|---|
port:06 |
network | healthy | .github/dependabot.yml |
port:15 |
network | healthy | .github/dependabot.yml |
port:30 |
network | healthy | .github/dependabot.yml |
port:45 |
network | healthy | .github/dependabot.yml |
port:07 |
network | healthy | .github/dependabot.yml |
port:05 |
network | healthy | .github/workflows/regression-trace-audit.yml |
port:03 |
network | healthy | .github/workflows/install-fuzz.yml |
port:02 |
network | healthy | .github/workflows/nightly.yml |
port:04 |
network | healthy | .github/workflows/drift-detection.yml |
port:6924 |
network | healthy | dot_config/pueue/pueue.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
auth::tests/unit/tools/test_public_entrypoints.sh |
security | healthy | tests/unit/tools/test_public_entrypoints.sh |
auth::.github/workflows/ci.yml |
security | healthy | .github/workflows/ci.yml |
auth::.github/workflows/ci-enforced.yml |
security | healthy | .github/workflows/ci-enforced.yml |
auth::tests/unit/diagnostics/test_diagnostics_mcp_doctor.sh |
security | healthy | tests/unit/diagnostics/test_diagnostics_mcp_doctor.sh |
auth::.github/workflows/npm-publish.yml |
security | healthy | .github/workflows/npm-publish.yml |
auth::scripts/qa/docs-coverage.sh |
security | healthy | scripts/qa/docs-coverage.sh |
| Label | Layer | Status | Path |
|---|---|---|---|
TRIVY_VERSION |
cicd | healthy | — |
GRYPE_VERSION |
cicd | healthy | — |
CHEZMOI_VERSION |
cicd | healthy | — |
ACTIONS_BOT_SIGNING_KEY |
cicd | healthy | — |
GITHUB_TOKEN |
cicd | healthy | — |
| Label | Layer | Status | Path |
|---|---|---|---|
5.15.90.1 |
network | healthy | tests/unit/functions/test_platform_detection_behavior.sh |
1.1.1.1 |
network | healthy | scripts/security/dns-doh.sh |
1.0.0.1 |
network | healthy | scripts/security/dns-doh.sh |
127.0.0.1 |
network | healthy | .github/workflows/ci.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
redis |
data | healthy | dot_config/.module-manifest.json |
mongodb |
data | healthy | dot_config/mongosh/mongoshrc.js |
sqlite |
data | healthy | dot_config/dotfiles/mcp-registry.json |
| Label | Layer | Status | Path |
|---|---|---|---|
vps::aws |
hardware | healthy | config/gitleaks.toml |
vps::gcp |
hardware | healthy | config/gitleaks.toml |
vps::azure |
hardware | healthy | config/gitleaks.toml |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-qk8kr_il |
software | healthy | /tmp/repobility-clone-qk8kr_il |
| Label | Layer | Status | Path |
|---|---|---|---|
sidekiq |
data | healthy | config/gitleaks.toml |
| Label | Layer | Status | Path |
|---|---|---|---|
image::.devcontainer/Dockerfile |
hardware | healthy | .devcontainer/Dockerfile |
| Label | Layer | Status | Path |
|---|---|---|---|
gpu (detected) |
hardware | healthy | tests/unit/tools/test_new_configs.sh |
This page is publicly accessible at:
https://repobility.com/scan/9a775c3b-246f-4433-aab8-71400ad1d310/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/9a775c3b-246f-4433-aab8-71400ad1d310/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.