Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
82 of your 109 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 23.63s · analysis 33.23s · 100.3 MB · GitHub API rate-limit (preflight)

systemd/systemd

https://github.com/systemd/systemd · scanned 2026-06-05 17:13 UTC (1 week, 2 days ago) · 10 languages

351 raw signals (103 security + 248 graph) 11/13 scanners ran 53rd percentile · C · huge (>500K LoC) System graph score 72 (higher by 3)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 2 days ago · v2 · 161 actionable findings from 2 signal sources. 66 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
75.7
/100
Security checks
80
57 findings
System graph
72
88.9% cov · 104 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 65.0 0.15 9.75
security_score 100.0 0.25 25.00
testing_score 48.0 0.20 9.60
documentation_score 71.0 0.15 10.65
practices_score 100.0 0.15 15.00
code_quality 45.0 0.10 4.50
Overall 1.00 74.5
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: severity: low × excluding tests × Reset all
Severity: Critical 1 High 35 Medium 53 Low 45 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 57 System graph 104 Crowd 0 Layer: Quality 92 Cicd 8 Security 3 Software 25 Api 1 Network 31 Frontend 1
Scan summary Quality grade B (74/100). Dimensions: security 100, maintainability 65. 103 findings (9 security). 1,158,214 lines analyzed.

Showing 45 of 161 actionable findings. 227 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 4 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char c…
2 files, 4 locations
.github/workflows/coverage.yml:136 (2 hits)
.github/workflows/mkosi.yml:326 (2 hits)
CI/CD securitySupply chainGitHub Actions
low Security checks quality Quality conf 0.60 7 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
6 files, 7 locations
src/bless-boot/boot-check-no-failures.c:20, 21 (2 hits)
src/analyze/analyze-unit-shell.c:9
src/battery-check/battery-check.c:41
src/bootctl/bootctl-unlink.c:429
src/bootctl/bootctl.c:332
src/cgtop/cgtop.c:506
duplicationquality
low System graph quality Maintenance conf 1.00 67 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: man/check-os-release-simple.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/boot/generate-hwids-section.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/fuzz/fuzz-bootspec-gen.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/journal-remote/log-generator.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/shared/ethtool-link-mode.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/shared/generate-dns_type-gperf.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: src/shared/generate-syscall-list.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/fuzz/generate-directives.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/integration-tests/TEST-04-JOURNAL/TEST-04-JOURNAL.units/logs-filtering-syslog.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/integration-tests/TEST-74-AUX-UTILS/TEST-74-AUX-UTILS.units/proxy-echo.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: test/rule-syntax-check.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: tools/generate-gperfs.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: tools/make-autosuspend-rules.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: tools/msgmerge-no-fuzzy.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 11 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: test/networkd-test.py:test_coldplug_dhcp_ip6, test/networkd-test.py:test_coldplug_dhcp_ip6 This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
11 occurrences
repo-level (11 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 22 places
Functions with the same first-5-line body hash: test/test-network/systemd-networkd-tests.py:setUpModule, test/test-network/systemd-networkd-tests.py:setUp, test/test-network/systemd-networkd-tests.py:setUp, test/test-network/systemd-networkd-tests.py:setUp This is *the* AI-coder failure mode (4× m…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 3 occurrences Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: test/networkd-test.py:shutdown_iface, test/networkd-test.py:shutdown_iface, test/networkd-test.py:shutdown_iface This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or documen…
3 occurrences
repo-level (3 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: test/networkd-test.py:create_iface, test/networkd-test.py:create_iface, test/networkd-test.py:create_iface, test/networkd-test.py:create_iface This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hy…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: test/networkd-test.py:tearDownModule, test/networkd-test.py:tearDown, test/networkd-test.py:tearDown, test/networkd-test.py:tearDown This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Co…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: test/networkd-test.py:setUpModule, test/networkd-test.py:setUp, test/networkd-test.py:setUp, test/networkd-test.py:setUp This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 8 places
Functions with the same first-5-line body hash: test/test-network/systemd-networkd-tests.py:check_output, test/test-network/systemd-networkd-tests.py:check, test/test-network/systemd-networkd-tests.py:check, test/test-network/systemd-networkd-tests.py:check This is *the* AI-coder failure mode (4× …
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `test_parse_args_many_deprecated` in src/ukify/test/test_ukify.py:199
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `wait_online_env_copy` in test/test-network/systemd-networkd-tests.py:1901
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: FlagsForFile
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.ycm_extra_conf.py:220
low System graph software Dead code conf 1.00 Possibly dead Python function: invoke
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tools/gdb-sd_dump_hashmaps.py:14
low System graph software Dead code conf 1.00 Possibly dead Python function: mjoin
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tools/update-man-rules.py:50
low System graph software Dead code conf 1.00 Possibly dead Python function: pairwise
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/ukify/ukify.py:929
low System graph software Dead code conf 1.00 Possibly dead Python function: parse_banks
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/ukify/ukify.py:632
low System graph software Dead code conf 1.00 Possibly dead Python function: parse_phase_paths
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/ukify/ukify.py:648
low System graph software Dead code conf 1.00 Possibly dead Python function: sdio_ids_grammar
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
hwdb.d/ids_parser.py:108
low System graph software Dead code conf 1.00 Possibly dead Python function: wrap
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
src/include/override/sys/generate-syscall.py:19
low System graph quality Integrity conf 1.00 Stub function `test_hotplug_dhcp_ip6` (body is just `pass`/`return`) — test/networkd-test.py:1136
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
low System graph quality Complexity conf 1.00 Very large file: src/ukify/ukify.py (2565 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/networkd-test.py (1382 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/test-network/systemd-networkd-tests.py (11288 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/test-udev.py (2459 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-13-NSPAWN.nspawn.sh (1644 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-50-DISSECT.dissect.sh (1252 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-50-DISSECT.sysext.sh (1708 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-58-REPART.sh (2241 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-64-UDEV-STORAGE.sh (1424 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: test/units/TEST-75-RESOLVED.sh (1564 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/b700e0d3-537f-44f0-83a9-d34938a60700/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/b700e0d3-537f-44f0-83a9-d34938a60700/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.