cderv/r-bucket

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

7 of your 9 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 2.46s · analysis 0.61s · 0.1 MB · GitHub API rate-limit (preflight)

https://github.com/cderv/r-bucket · scanned 2026-06-05 21:07 UTC (4 days, 11 hours ago) · 10 languages

18 raw signals (8 security + 10 graph) 25th percentile · Unknown · System graph score 88 (lower by 20)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 11 hours ago · v2 · 6 actionable findings from 2 signal sources. 7 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

66.7% cov · 3 findings

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	30.0	0.15	4.50
`security_score`	100.0	0.25	25.00
`testing_score`	70.0	0.20	14.00
`documentation_score`	40.0	0.15	6.00
`practices_score`	70.0	0.15	10.50
`code_quality`	80.0	0.10	8.00
Overall		1.00	68.0

Severity distribution — click a segment to filter

Active filters: excluding tests × Reset all

Severity: Critical 0 High 2 Medium 0 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 3 System graph 3 Crowd 0 Layer: Quality 1 Cicd 3 Api 1 Frontend 1

Exclude dismissed / FP Exclude test files

Scan summary Quality grade B- (68/100). Dimensions: security 100, maintainability 30. 8 findings (7 security).

Showing 4 of 6 actionable findings. 13 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks cicd CI/CD security conf 0.90 ✓ Repobility 5 occurrences GitHub Action is tag-pinned rather than SHA-pinned

Action `actions/checkout` pinned to mutable ref `@main` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.

3 files, 5 locations

.github/workflows/comment-commands.yml:10, 12 (2 hits)

.github/workflows/pull-request.yml:10, 12 (2 hits)

.github/workflows/schedule.yml:15

CI/CD securitySupply chainGitHub Actions

low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 2 occurrences GitHub Action is tag-pinned rather than SHA-pinned

Action `actions/checkout` pinned to mutable ref `@v3` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.

lines 13, 26

.github/workflows/schedule.yml:13, 26 (2 hits)

CI/CD securitySupply chainGitHub Actions

high System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Action tracks a moving branch

ScoopInstaller/Scoop-GithubActions@main can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

3 files, 3 locations

.github/workflows/comment-commands.yml:12

.github/workflows/pull-request.yml:12

.github/workflows/schedule.yml:15

CI/CD securitySupply chainGithub actions

low Security checks quality Documentation No LICENSE file

Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/a0df18df-bcfc-4687-9311-87002f381513/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/a0df18df-bcfc-4687-9311-87002f381513/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.