Scan timing: clone 5.54s · analysis 11.22s · 1.4 MB · GitHub API rate-limit (preflight)
https://github.com/nektos/act
· scanned 2026-06-05 08:30 UTC (5 days, 20 hours ago)
· 10 languages
294 raw signals (150 security + 144 graph) 50th percentile · Go · medium (20-100K LoC)
Last scanned 5 days, 20 hours ago · v2 · 152 actionable findings from 2 signal sources. 70 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
85.0 | 0.15 | 12.75 |
security_score |
30.0 | 0.25 | 7.50 |
testing_score |
80.0 | 0.20 | 16.00 |
documentation_score |
77.0 | 0.15 | 11.55 |
practices_score |
100.0 | 0.15 | 15.00 |
code_quality |
65.5 | 0.10 | 6.55 |
| Overall | 1.00 | 69.3 |
All 803 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
.prettierrc.yml |
software | healthy | .prettierrc.yml |
.golangci.yml |
software | healthy | .golangci.yml |
README.md |
software | healthy | README.md |
CLAUDE.md |
software | healthy | CLAUDE.md |
install.sh |
software | healthy | install.sh |
CONTRIBUTING.md |
software | healthy | CONTRIBUTING.md |
IMAGES.md |
software | healthy | IMAGES.md |
.gitleaks.toml |
software | healthy | .gitleaks.toml |
main.go |
software | healthy | main.go |
.goreleaser.yml |
software | healthy | .goreleaser.yml |
go.mod |
software | healthy | go.mod |
main_test.go |
software | healthy | main_test.go |
.mega-linter.yml |
software | healthy | .mega-linter.yml |
Makefile |
software | healthy | Makefile |
.markdownlint.yml |
software | healthy | .markdownlint.yml |
.mergify.yml |
software | healthy | .mergify.yml |
codecov.yml |
software | healthy | codecov.yml |
input.go |
software | healthy | cmd/input.go |
notices.go |
software | healthy | cmd/notices.go |
root_test.go |
software | healthy | cmd/root_test.go |
list.go |
software | healthy | cmd/list.go |
dir.go |
software | healthy | cmd/dir.go |
execute_test.go |
software | healthy | cmd/execute_test.go |
root.go |
software | healthy | cmd/root.go |
platforms.go |
software | healthy | cmd/platforms.go |
graph.go |
software | healthy | cmd/graph.go |
secrets.go |
software | healthy | cmd/secrets.go |
secrets.yml |
software | healthy | cmd/testdata/secrets.yml |
FUNDING.yml |
software | healthy | .github/FUNDING.yml |
dependabot.yml |
software | healthy | .github/dependabot.yml |
wiki_issue.yml |
software | healthy | .github/ISSUE_TEMPLATE/wiki_issue.yml |
bug_report.yml |
software | healthy | .github/ISSUE_TEMPLATE/bug_report.yml |
config.yml |
software | healthy | .github/ISSUE_TEMPLATE/config.yml |
feature_template.yml |
software | healthy | .github/ISSUE_TEMPLATE/feature_template.yml |
promote.yml |
software | healthy | .github/workflows/promote.yml |
checks.yml |
software | healthy | .github/workflows/checks.yml |
codespell.yml |
software | healthy | .github/workflows/codespell.yml |
release.yml |
software | healthy | .github/workflows/release.yml |
stale.yml |
software | healthy | .github/workflows/stale.yml |
action.yml |
software | healthy | .github/actions/choco/action.yml |
Dockerfile |
software | healthy | .github/actions/choco/Dockerfile |
entrypoint.sh |
software | healthy | .github/actions/choco/entrypoint.sh |
command_test.go |
software | healthy | pkg/runner/command_test.go |
runner_test.go |
software | healthy | pkg/runner/runner_test.go |
reusable_workflow.go |
software | healthy | pkg/runner/reusable_workflow.go |
step_docker.go |
software | healthy | pkg/runner/step_docker.go |
action_cache_test.go |
software | healthy | pkg/runner/action_cache_test.go |
action_test.go |
software | healthy | pkg/runner/action_test.go |
step_action_remote_test.go |
software | healthy | pkg/runner/step_action_remote_test.go |
job_executor_test.go |
software | healthy | pkg/runner/job_executor_test.go |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
cmd |
software | healthy | cmd |
testdata |
software | healthy | cmd/testdata |
.github |
software | healthy | .github |
ISSUE_TEMPLATE |
software | healthy | .github/ISSUE_TEMPLATE |
workflows |
software | healthy | .github/workflows |
actions |
software | healthy | .github/actions |
choco |
software | healthy | .github/actions/choco |
pkg |
software | healthy | pkg |
runner |
software | healthy | pkg/runner |
testdata |
software | healthy | pkg/runner/testdata |
services-host-network |
software | healthy | pkg/runner/testdata/services-host-network |
input-from-cli |
software | healthy | pkg/runner/testdata/input-from-cli |
node |
software | healthy | pkg/runner/testdata/node |
pull-request |
software | healthy | pkg/runner/testdata/pull-request |
parallel |
software | healthy | pkg/runner/testdata/parallel |
job-container-invalid-credentials |
software | healthy | pkg/runner/testdata/job-container-invalid-credentials |
evalmatrix |
software | healthy | pkg/runner/testdata/evalmatrix |
workflow_call_inputs |
software | healthy | pkg/runner/testdata/workflow_call_inputs |
non-existent-action |
software | healthy | pkg/runner/testdata/non-existent-action |
set-env-step-env-override |
software | healthy | pkg/runner/testdata/set-env-step-env-override |
matrix |
software | healthy | pkg/runner/testdata/matrix |
GITHUB_STATE |
software | healthy | pkg/runner/testdata/GITHUB_STATE |
issue-141 |
software | healthy | pkg/runner/testdata/issue-141 |
mysql-service-container-with-health-check |
software | healthy | pkg/runner/testdata/mysql-service-container-with-health-che… |
evalmatrixneeds |
software | healthy | pkg/runner/testdata/evalmatrixneeds |
env-and-path |
software | healthy | pkg/runner/testdata/env-and-path |
networking |
software | healthy | pkg/runner/testdata/networking |
action-cache-v2-fetch-failure-is-job-error |
software | healthy | pkg/runner/testdata/action-cache-v2-fetch-failure-is-job-er… |
localdockerimagetest_ |
software | healthy | pkg/runner/testdata/localdockerimagetest_ |
uses-github-empty |
software | healthy | pkg/runner/testdata/uses-github-empty |
evalenv |
software | healthy | pkg/runner/testdata/evalenv |
uses-composite-with-error |
software | healthy | pkg/runner/testdata/uses-composite-with-error |
composite_action2 |
software | healthy | pkg/runner/testdata/uses-composite-with-error/composite_act… |
steps-context |
software | healthy | pkg/runner/testdata/steps-context |
outcome |
software | healthy | pkg/runner/testdata/steps-context/outcome |
conclusion |
software | healthy | pkg/runner/testdata/steps-context/conclusion |
windows-add-env-powershell-5 |
software | healthy | pkg/runner/testdata/windows-add-env-powershell-5 |
action |
software | healthy | pkg/runner/testdata/windows-add-env-powershell-5/action |
uses-github-full-sha |
software | healthy | pkg/runner/testdata/uses-github-full-sha |
uses-github-short-sha |
software | healthy | pkg/runner/testdata/uses-github-short-sha |
services-with-container |
software | healthy | pkg/runner/testdata/services-with-container |
evalmatrix-merge-array |
software | healthy | pkg/runner/testdata/evalmatrix-merge-array |
commands |
software | healthy | pkg/runner/testdata/commands |
no-panic-on-invalid-composite-action |
software | healthy | pkg/runner/testdata/no-panic-on-invalid-composite-action |
path-handling |
software | healthy | pkg/runner/testdata/path-handling |
action |
software | healthy | pkg/runner/testdata/path-handling/action |
windows-shell-cmd |
software | healthy | pkg/runner/testdata/windows-shell-cmd |
inputs-via-env-context |
software | healthy | pkg/runner/testdata/inputs-via-env-context |
action |
software | healthy | pkg/runner/testdata/inputs-via-env-context/action |
issue-597 |
software | healthy | pkg/runner/testdata/issue-597 |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
checkEnvVar |
software | healthy | pkg/runner/testdata/actions-environment-and-context-tests/j… |
time |
software | healthy | pkg/runner/testdata/actions/node12/index.js:time |
time |
software | healthy | pkg/runner/testdata/actions/node16/index.js:time |
time |
software | healthy | pkg/runner/testdata/actions/node20/index.js:time |
__webpack_modules__ |
software | healthy | pkg/runner/hashfiles/index.js:__webpack_modules__ |
__awaiter |
software | healthy | pkg/runner/hashfiles/index.js:__awaiter |
adopt |
software | healthy | pkg/runner/hashfiles/index.js:adopt |
fulfilled |
software | healthy | pkg/runner/hashfiles/index.js:fulfilled |
rejected |
software | healthy | pkg/runner/hashfiles/index.js:rejected |
step |
software | healthy | pkg/runner/hashfiles/index.js:step |
__asyncValues |
software | healthy | pkg/runner/hashfiles/index.js:__asyncValues |
verb |
software | healthy | pkg/runner/hashfiles/index.js:verb |
settle |
software | healthy | pkg/runner/hashfiles/index.js:settle |
__importStar |
software | healthy | pkg/runner/hashfiles/index.js:__importStar |
run |
software | healthy | pkg/runner/hashfiles/index.js:run |
__createBinding |
software | healthy | pkg/runner/hashfiles/index.js:__createBinding |
__setModuleDefault |
software | healthy | pkg/runner/hashfiles/index.js:__setModuleDefault |
issueCommand |
software | healthy | pkg/runner/hashfiles/index.js:issueCommand |
issue |
software | healthy | pkg/runner/hashfiles/index.js:issue |
escapeData |
software | healthy | pkg/runner/hashfiles/index.js:escapeData |
escapeProperty |
software | healthy | pkg/runner/hashfiles/index.js:escapeProperty |
exportVariable |
software | healthy | pkg/runner/hashfiles/index.js:exportVariable |
setSecret |
software | healthy | pkg/runner/hashfiles/index.js:setSecret |
addPath |
software | healthy | pkg/runner/hashfiles/index.js:addPath |
getInput |
software | healthy | pkg/runner/hashfiles/index.js:getInput |
getMultilineInput |
software | healthy | pkg/runner/hashfiles/index.js:getMultilineInput |
getBooleanInput |
software | healthy | pkg/runner/hashfiles/index.js:getBooleanInput |
setOutput |
software | healthy | pkg/runner/hashfiles/index.js:setOutput |
setCommandEcho |
software | healthy | pkg/runner/hashfiles/index.js:setCommandEcho |
setFailed |
software | healthy | pkg/runner/hashfiles/index.js:setFailed |
isDebug |
software | healthy | pkg/runner/hashfiles/index.js:isDebug |
debug |
software | healthy | pkg/runner/hashfiles/index.js:debug |
error |
software | healthy | pkg/runner/hashfiles/index.js:error |
warning |
software | healthy | pkg/runner/hashfiles/index.js:warning |
notice |
software | healthy | pkg/runner/hashfiles/index.js:notice |
info |
software | healthy | pkg/runner/hashfiles/index.js:info |
startGroup |
software | healthy | pkg/runner/hashfiles/index.js:startGroup |
endGroup |
software | healthy | pkg/runner/hashfiles/index.js:endGroup |
call |
software | healthy | pkg/runner/hashfiles/index.js:call |
itself |
software | healthy | pkg/runner/hashfiles/index.js:itself |
to |
software | healthy | pkg/runner/hashfiles/index.js:to |
group |
software | healthy | pkg/runner/hashfiles/index.js:group |
saveState |
software | healthy | pkg/runner/hashfiles/index.js:saveState |
getState |
software | healthy | pkg/runner/hashfiles/index.js:getState |
getIDToken |
software | healthy | pkg/runner/hashfiles/index.js:getIDToken |
id_token |
software | healthy | pkg/runner/hashfiles/index.js:id_token |
toPosixPath |
software | healthy | pkg/runner/hashfiles/index.js:toPosixPath |
toWin32Path |
software | healthy | pkg/runner/hashfiles/index.js:toWin32Path |
toPlatformPath |
software | healthy | pkg/runner/hashfiles/index.js:toPlatformPath |
toCommandValue |
software | healthy | pkg/runner/hashfiles/index.js:toCommandValue |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
Command |
software | healthy | pkg/runner/hashfiles/index.js:Command |
OidcClient |
software | healthy | pkg/runner/hashfiles/index.js:OidcClient |
Summary |
software | healthy | pkg/runner/hashfiles/index.js:Summary |
DefaultGlobber |
software | healthy | pkg/runner/hashfiles/index.js:DefaultGlobber |
for |
software | healthy | pkg/runner/hashfiles/index.js:for |
Path |
software | healthy | pkg/runner/hashfiles/index.js:Path |
Pattern |
software | healthy | pkg/runner/hashfiles/index.js:Pattern |
SearchState |
software | healthy | pkg/runner/hashfiles/index.js:SearchState |
BasicCredentialHandler |
software | healthy | pkg/runner/hashfiles/index.js:BasicCredentialHandler |
BearerCredentialHandler |
software | healthy | pkg/runner/hashfiles/index.js:BearerCredentialHandler |
PersonalAccessTokenCredentialHandler |
software | healthy | pkg/runner/hashfiles/index.js:PersonalAccessTokenCredential… |
HttpClientError |
software | healthy | pkg/runner/hashfiles/index.js:HttpClientError |
HttpClientResponse |
software | healthy | pkg/runner/hashfiles/index.js:HttpClientResponse |
HttpClient |
software | healthy | pkg/runner/hashfiles/index.js:HttpClient |
open |
software | healthy | pkg/runner/hashfiles/index.js:open |
to |
software | healthy | pkg/runner/hashfiles/index.js:to |
| Label | Layer | Status | Path |
|---|---|---|---|
release |
cicd | healthy | .github/workflows/promote.yml |
lint |
cicd | healthy | .github/workflows/checks.yml |
test-linux |
cicd | healthy | .github/workflows/checks.yml |
test-host |
cicd | healthy | .github/workflows/checks.yml |
snapshot |
cicd | healthy | .github/workflows/checks.yml |
codespell |
cicd | healthy | .github/workflows/codespell.yml |
release |
cicd | healthy | .github/workflows/release.yml |
stale |
cicd | healthy | .github/workflows/stale.yml |
reusable_workflow_job |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
reusable_workflow_job |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
reusable_workflow_job |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-and-di… |
reusable_workflow_job |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
| Label | Layer | Status | Path |
|---|---|---|---|
2.8.3.2 |
network | healthy | pkg/runner/hashfiles/index.js |
4.2.1.2 |
network | healthy | pkg/runner/hashfiles/index.js |
8.8.8.8 |
network | healthy | pkg/common/outbound_ip.go |
127.0.0.1 |
network | healthy | pkg/artifactcache/handler_test.go |
127.0.0.999 |
network | healthy | pkg/artifactcache/handler_test.go |
172.20.88.22 |
network | healthy | pkg/container/docker_cli_test.go |
169.254.2.2 |
network | healthy | pkg/container/docker_cli_test.go |
169.254.169.254 |
network | healthy | pkg/container/docker_cli_test.go |
169.254.10.8 |
network | healthy | pkg/container/docker_cli_test.go |
172.30.100.104 |
network | healthy | pkg/container/docker_cli.go |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::promote |
cicd | healthy | .github/workflows/promote.yml |
gha::checks |
cicd | healthy | .github/workflows/checks.yml |
gha::codespell |
cicd | healthy | .github/workflows/codespell.yml |
gha::release |
cicd | healthy | .github/workflows/release.yml |
gha::stale |
cicd | healthy | .github/workflows/stale.yml |
gha::local-reusable-workflow-no-inputs-array |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
gha::local-reusable-workflow-no-inputs-string |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
gha::local-reusable-and-dispatch |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-and-di… |
gha::local-reusable-workflow |
cicd | healthy | pkg/runner/testdata/.github/workflows/local-reusable-workfl… |
| Label | Layer | Status | Path |
|---|---|---|---|
image::.github/actions/choco/Dockerfile |
hardware | healthy | .github/actions/choco/Dockerfile |
image::pkg/runner/testdata/localdockerimagetest_/Dockerfile |
hardware | healthy | pkg/runner/testdata/localdockerimagetest_/Dockerfile |
image::pkg/runner/testdata/docker-action-host-env/action/Do… |
hardware | healthy | pkg/runner/testdata/docker-action-host-env/action/Dockerfile |
image::pkg/runner/testdata/actions-environment-and-context-… |
hardware | healthy | pkg/runner/testdata/actions-environment-and-context-tests/d… |
image::pkg/runner/testdata/actions/docker-local-noargs/Dock… |
hardware | healthy | pkg/runner/testdata/actions/docker-local-noargs/Dockerfile |
image::pkg/runner/testdata/actions/docker-local/Dockerfile |
hardware | healthy | pkg/runner/testdata/actions/docker-local/Dockerfile |
image::pkg/runner/testdata/actions/action1/Dockerfile |
hardware | healthy | pkg/runner/testdata/actions/action1/Dockerfile |
image::pkg/container/testdata/Dockerfile |
hardware | healthy | pkg/container/testdata/Dockerfile |
| Label | Layer | Status | Path |
|---|---|---|---|
GITHUB_TOKEN |
cicd | healthy | — |
GH_ACT_TOKEN |
cicd | healthy | — |
CHOCO_APIKEY |
cicd | healthy | — |
WINGET_TOKEN |
cicd | healthy | — |
PROMOTE_TOKEN |
cicd | healthy | — |
CODECOV_TOKEN |
cicd | healthy | — |
| Label | Layer | Status | Path |
|---|---|---|---|
auth::go.mod |
security | healthy | go.mod |
auth::pkg/common/auth.go |
security | healthy | pkg/common/auth.go |
auth::pkg/runner/hashfiles/index.js |
security | healthy | pkg/runner/hashfiles/index.js |
auth::pkg/runner/run_context_test.go |
security | healthy | pkg/runner/run_context_test.go |
auth::pkg/common/auth_test.go |
security | healthy | pkg/common/auth_test.go |
| Label | Layer | Status | Path |
|---|---|---|---|
mysql |
data | healthy | pkg/runner/testdata/mysql-service-container-with-health-che… |
postgres |
data | healthy | pkg/runner/testdata/services/push.yaml |
redis |
data | healthy | pkg/schema/workflow_schema.json |
| Label | Layer | Status | Path |
|---|---|---|---|
port:16 |
network | healthy | install.sh |
port:10 |
network | healthy | install.sh |
| Label | Layer | Status | Path |
|---|---|---|---|
.env in repo |
security | healthy | pkg/runner/testdata/secrets/.env |
password_literal::pkg/container/docker_pull_test.go |
security | healthy | pkg/container/docker_pull_test.go |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-j27rvci4 |
software | healthy | /tmp/repobility-clone-j27rvci4 |
| Label | Layer | Status | Path |
|---|---|---|---|
nginx |
network | healthy | pkg/model/workflow_test.go |
This page is publicly accessible at:
https://repobility.com/scan/aac9bb52-1a7d-4860-b0f2-e656ed715089/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/aac9bb52-1a7d-4860-b0f2-e656ed715089/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.