Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
71 of your 259 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 12.57s · analysis 42.28s · 22.6 MB · GitHub preflight 406ms

skyhook-io/radar

https://github.com/skyhook-io/radar · scanned 2026-06-05 22:31 UTC (4 days, 10 hours ago) · 10 languages

874 raw signals (246 security + 628 graph) 14th percentile · Typescript · large (100-500K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 10 hours ago · v2 · 390 actionable findings from 2 signal sources. 170 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
62.9
/100
Security checks
60
117 findings
System graph
66
100.0% cov · 273 findings
Critical
3
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 30.7 0.25 7.67
testing_score 75.0 0.20 15.00
documentation_score 82.0 0.15 12.30
practices_score 90.0 0.15 13.50
code_quality 36.0 0.10 3.60
Overall 1.00 64.8
Severity distribution — click a segment to filter
Active filters: source: legacy × excluding tests × Reset all
Severity: Critical 3 High 78 Medium 26 Low 90 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 117 System graph 273 Crowd 0 Layer: Security 30 Quality 148 Software 113 Cicd 4 Api 1 Frontend 89 Network 2 Hardware 3
Corpus Intelligence Cross-corpus context (cohort percentile, top patterns, fix plan) is shown only on repositories you own. Sign up and connect your repo to view it.
Scan summary Ranks in the 8th percentile among small-sized repos. Strongest documentation (61), dependencies (60); weakest testing (35), security (40). 75 findings (16 critical, 4 high). Most common pattern: ts-any-typed. ~101h tech debt (rating C).

Showing 89 of 390 actionable findings. 560 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks quality Quality conf 1.00 ✓ Repobility [MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context.
internal/version/version.go:300
high Security checks software dependencies conf 0.90 ✓ Repobility 4 occurrences Dockerfile FROM `node:20-alpine` not pinned by digest
`FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
lines 11, 29, 64, 83
Dockerfile:11, 29, 64, 83 (4 hits)
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5005
Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5006
Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5013
Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5014
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5015
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5016
Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5017
Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5018
Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5019
Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5020
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5021
Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5023
Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/crypto: GO-2026-5033
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5025
Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5026
Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5027
Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5028
Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5029
Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/net: GO-2026-5030
Invoking duplicate attributes can cause XSS in golang.org/x/net/html
pkg/go.mod
high Security checks software dependencies conf 0.88 golang.org/x/sys: GO-2026-5024
Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4599
Incorrect enforcement of email constraints in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4600
Panic in name constraint checking for malformed certificates in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4601
Incorrect parsing of IPv6 host literals in net/url
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4602
FileInfo can escape from a Root in os
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4603
URLs in meta content attribute actions are not escaped in html/template
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4864
TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4865
JsBraceDepth Context Tracking Bugs (XSS) in html/template
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4866
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4869
Unbounded allocation for old GNU sparse in archive/tar
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4870
Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4918
Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4946
Inefficient policy validation in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4947
Unexpected work during chain building in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4971
Panic in Dial and LookupPort when handling NUL byte on Windows in net
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4976
ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4977
Quadratic string concatenation in consumePhrase in net/mail
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4980
Escaper bypass leads to XSS in html/template
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4981
Crash when handling long CNAME response in net
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4982
Bypass of meta content URL escaping causes XSS in html/template
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-4986
Quadratic string concatentation in consumeComment in net/mail
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-5037
Inefficient candidate hostname parsing in crypto/x509
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-5038
Quadratic complexity in WordDecoder.DecodeHeader in mime
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks software dependencies conf 0.88 2 occurrences stdlib: GO-2026-5039
Arbitrary inputs are included in errors without any escaping in net/textproto
2 files, 2 locations
go.mod
pkg/go.mod
high Security checks security prompt injection conf 0.80 User-editable role instructions are inserted into the system prompt
Fleet or role instructions that users can edit should be treated as untrusted configuration. Prepending them to every system prompt lets stored text override runtime behavior.
packages/k8s-ui/src/components/resources/ResourcesView.tsx:1786
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
high Security checks security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 13.9% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
Only 13.9% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /gitops/managed-resources.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /gitops/managed-resources.
internal/server/server.go:274
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /include_managed.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /include_managed.
internal/server/server.go:2338
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /namespace.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /namespace.
internal/server/traffic_handlers.go:102
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /settings.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /settings.
internal/server/server.go:478
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /settings/audit.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /settings/audit.
internal/server/server.go:318
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /settings.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /settings.
internal/server/server.go:479
high Security checks security auth conf 0.66 [AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /settings/audit.
An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /settings/audit.
internal/server/server.go:319
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /releases/{namespace}/{name}.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /releases/{namespace}/{name}.
internal/helm/handlers.go:63
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /charts.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /charts.
internal/helm/handlers.go:68
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /repositories.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /repositories.
internal/helm/handlers.go:66
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/rollback-stream.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/rollback-stream.
internal/helm/handlers.go:58
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/rollback.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/rollback.
internal/helm/handlers.go:57
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/upgrade-stream.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/upgrade-stream.
internal/helm/handlers.go:60
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/upgrade.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/upgrade.
internal/helm/handlers.go:59
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/values/preview.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /releases/{namespace}/{name}/values/preview.
internal/helm/handlers.go:61
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /repositories/{name}/update.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /repositories/{name}/update.
internal/helm/handlers.go:67
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /releases/{namespace}/{name}/values.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /releases/{namespace}/{name}/values.
internal/helm/handlers.go:62
medium Security checks quality Error handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
packages/k8s-ui/src/components/dock/NodeTerminalTab.tsx:75
medium Security checks security Security conf 1.00 [SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets.
Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only).
internal/updater/apply_linux.go:68
medium Security checks quality Quality conf 0.74 Audit export may include unredacted sensitive metadata
Audit logs can be useful live state, but exported debug bundles should redact user messages, transcripts, connector payloads, and large metadata values before sharing.
packages/k8s-ui/src/types/core.ts:6
high Security checks quality Quality conf 0.80 5 occurrences localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
5 files, 5 locations
packages/k8s-ui/src/components/logs/LogCore.tsx:155
packages/k8s-ui/src/components/resources/ResourcesView.tsx:1674
web/src/api/client.ts:1412
web/src/components/ui/UpdateNotification.tsx:78
web/src/hooks/useFavorites.ts:24
medium Security checks software dependencies conf 0.90 2 occurrences npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0)
`@types/diff` is pinned/resolved at 7.0.2 but the latest stable release on the npm registry is 8.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
packages/k8s-ui/package.json
web/package.json
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
install.sh:3
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
README.md:27
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore CI/CD securitycontainers
low Security checks quality Error handling conf 1.00 3 occurrences [ERR003] Ignored Error (Go): Ignoring error return values.
Handle the error or use errcheck linter.
3 files, 3 locations
cmd/desktop/main.go:58
internal/cloud/serve.go:35
internal/k8s/detect_capi.go:111
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 15 locations
packages/k8s-ui/src/components/resources/renderers/CAPIMachineRenderer.tsx:94, 121 (2 hits)
packages/k8s-ui/src/components/resources/renderers/CAPIMachineSetRenderer.tsx:38, 54 (2 hits)
packages/k8s-ui/src/components/resources/renderers/HelmRepositoryRenderer.tsx:25, 99 (2 hits)
internal/k8s/detect_missing_refs.go:36
internal/mcp/tools_diagnose.go:289
internal/search/provider.go:9
internal/server/ai_handlers.go:28
internal/server/github_star.go:60
duplicationquality
low Security checks quality Quality conf 0.70 Generated build artifact directory is present at repository root
Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate.
build:1
high Security checks software dependencies conf 0.90 9 occurrences GitHub Action `actions/setup-go@v6` is minor version(s) behind (latest v6.4.0)
`uses: actions/setup-go@v6` is minor version(s) behind the latest published release v6.4.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
6 files, 9 locations
.github/workflows/ci.yml:20, 60 (2 hits)
.github/workflows/release-desktop.yml:19, 24 (2 hits)
.github/workflows/release.yml:39, 44 (2 hits)
.github/workflows/codeql.yml:31
.github/workflows/publish-k8s-ui.yml:30
.github/workflows/publish-radar-app.yml:37
high Security checks software dependencies conf 0.90 GitHub Action `goreleaser/goreleaser-action@v7` is minor version(s) behind (latest v7.2.2)
`uses: goreleaser/goreleaser-action@v7` is minor version(s) behind the latest published release v7.2.2. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverag…
.github/workflows/release.yml:51
high Security checks software dependencies conf 0.90 GitHub Action `helmfile/[email protected]` is minor version(s) behind (latest v2.4.4)
`uses: helmfile/[email protected]` is minor version(s) behind the latest published release v2.4.4. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverag…
.github/workflows/ci.yml:139
low Security checks software dependencies conf 0.90 npm package `@tanstack/react-query` is minor version(s) behind (5.100.14 -> 5.101.0)
`@tanstack/react-query` is pinned/resolved at 5.100.14 but the latest stable release on the npm registry is 5.101.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs …
web/package.json
low Security checks software dependencies conf 0.90 2 occurrences npm package `@xyflow/react` is minor version(s) behind (12.10.2 -> 12.11.0)
`@xyflow/react` is pinned/resolved at 12.10.2 but the latest stable release on the npm registry is 12.11.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
packages/k8s-ui/package.json
web/package.json
low Security checks software dependencies conf 0.90 2 occurrences npm package `shiki` is minor version(s) behind (4.0.2 -> 4.2.0)
`shiki` is pinned/resolved at 4.0.2 but the latest stable release on the npm registry is 4.2.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
packages/k8s-ui/package.json
web/package.json
high Security checks quality Quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
internal/server/desktop_update.go:1
high Security checks software dependencies conf 0.90 7 occurrences GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)
`uses: actions/checkout@v6` is patch version(s) behind the latest published release v6.0.3. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
7 files, 7 locations
.github/workflows/ci.yml:17
.github/workflows/codeql.yml:27
.github/workflows/docker-build.yml:22
.github/workflows/publish-k8s-ui.yml:20
.github/workflows/publish-radar-app.yml:27
.github/workflows/release-desktop.yml:16
.github/workflows/release.yml:23
high Security checks software dependencies conf 0.90 GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)
`uses: actions/download-artifact@v8` is patch version(s) behind the latest published release v8.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage f…
.github/workflows/release.yml:103
high Security checks software dependencies conf 0.90 GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)
`uses: actions/download-artifact@v8` is patch version(s) behind the latest published release v8.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage f…
.github/workflows/release-desktop.yml:330
high Security checks software dependencies conf 0.90 GitHub Action `actions/upload-artifact@v7` is patch version(s) behind (latest v7.0.1)
`uses: actions/upload-artifact@v7` is patch version(s) behind the latest published release v7.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
.github/workflows/release.yml:61
high Security checks software dependencies conf 0.90 GitHub Action `actions/upload-artifact@v7` is patch version(s) behind (latest v7.0.1)
`uses: actions/upload-artifact@v7` is patch version(s) behind the latest published release v7.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
.github/workflows/release-desktop.yml:113
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/bcdc3430-6099-4232-a0a7-f9df8ed4e7f0/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/bcdc3430-6099-4232-a0a7-f9df8ed4e7f0/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.