Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
177 of your 267 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 72.95s for a 72.5 MB repo slow.
  • Repobility's analysis ran in 14.56s after the clone landed.

DashAISoftware/dashAI

https://github.com/DashAISoftware/dashAI · scanned 2026-06-05 17:15 UTC (4 days, 16 hours ago) · 10 languages

877 raw signals (253 security + 624 graph) 11/13 scanners ran 41st percentile · Python · large (100-500K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 16 hours ago · v2 · 354 actionable findings from 2 signal sources. 192 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
75.9
/100
Security checks
78
102 findings
System graph
74
100.0% cov · 252 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 100.0 0.25 25.00
testing_score 51.0 0.20 10.20
documentation_score 70.0 0.15 10.50
practices_score 84.0 0.15 12.60
code_quality 58.0 0.10 5.80
Overall 1.00 73.1
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 103 Medium 15 Low 176 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 102 System graph 252 Crowd 0 Layer: Software 83 Quality 109 Security 93 Cicd 6 Frontend 9 Hardware 4 Api 50
Scan summary Quality grade B (73/100). Dimensions: security 100, maintainability 60. 253 findings (77 security). 156,056 lines analyzed.

Showing 291 of 354 actionable findings. 546 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility [MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes.
Add `import array` at the top of the file.
DashAI/back/types/utils.py:356
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{job_id}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
DashAI/back/api/api_v1/endpoints/jobs.py:320
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{id}/.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
DashAI/back/api/api_v1/endpoints/components.py:239
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{job_id}.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
DashAI/back/api/api_v1/endpoints/jobs.py:110
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{job_id}/details.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
DashAI/back/api/api_v1/endpoints/jobs.py:144
high Security checks quality Quality conf 1.00 ✓ Repobility 7 occurrences [MINED108] `self.kwargs` used but never assigned in __init__: Method `set_status_as_delivered` of class `ExplainerJob` reads `self.kwargs`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.kwargs = <default>` in __init__, or add a class-level default.
2 files, 7 locations
tests/back/dataloaders/base_tabular_dataloader_tests.py:65, 113, 161, 196 (4 hits)
DashAI/back/job/explainer_job.py:36, 37, 65 (3 hits)
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED110] Blocking call `requests.get` inside async function `get_component_image`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress.
Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`.
DashAI/back/api/api_v1/endpoints/components.py:368
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI DELETE / has no auth: Handler `delete_component` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
DashAI/back/api/api_v1/endpoints/components.py:292
high Security checks quality Quality conf 0.80 ✓ Repobility 3 occurrences [MINED112] FastAPI PATCH / has no auth: Handler `update_component` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
3 files, 3 locations
DashAI/back/api/api_v1/endpoints/components.py:306
DashAI/back/api/api_v1/endpoints/explainers.py:606
DashAI/back/api/api_v1/endpoints/jobs.py:344
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST / has no auth: Handler `upload_component` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
DashAI/back/api/api_v1/endpoints/components.py:278
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST / has no auth: Handler `upload_plugin` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
DashAI/back/api/api_v1/endpoints/plugins.py:117
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /index has no auth: Handler `refresh_plugins_record` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
DashAI/back/api/api_v1/endpoints/plugins.py:144
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED112] FastAPI POST /validate_pipeline has no auth: Handler `validate_pipeline` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body.
Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional.
DashAI/back/api/api_v1/endpoints/pipelines.py:513
high Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM node:22-alpine@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
lines 2, 8
Dockerfile:2, 8 (2 hits)
high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences [MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
lines 2, 14, 22
.pre-commit-config.yaml:2, 14, 22 (3 hits)
low Security checks security Injection conf 1.00 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts.
Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders).
DashAI/back/types/utils.py:343
low Security checks security Injection conf 1.00 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts.
Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders).
DashAI/back/pipeline/validator/pipeline_validator.py:39
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 52 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…
6 files, 52 locations
.github/workflows/publish.yml:18, 22, 32, 49, 52, 58, 96, 101, +8 more (19 hits)
.github/workflows/docs.yaml:23, 26, 38, 53, 56, 63 (11 hits)
.github/workflows/build-test.yaml:13, 17, 25, 42, 44, 47, 60 (9 hits)
.github/workflows/pre-commit.yaml:8, 11, 22, 32 (8 hits)
.github/workflows/db-migrations.yaml:20, 23 (4 hits)
.github/workflows/code-review.yaml:17
CI/CD securitySupply chainGitHub Actions
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 2 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@v1`: `uses: anthropics/claude-code-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to…
2 files, 2 locations
.github/workflows/code-review.yaml:21
.github/workflows/publish.yml:281
CI/CD securitySupply chainGitHub Actions
high System graph security auth conf 1.00 FastAPI DELETE `cancel_all_jobs` without auth dependency — DashAI/back/api/api_v1/endpoints/jobs.py:302
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/jobs.py:302 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `cancel_job` without auth dependency — DashAI/back/api/api_v1/endpoints/jobs.py:320
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/jobs.py:320 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_component` without auth dependency — DashAI/back/api/api_v1/endpoints/components.py:291
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/components.py:291 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_converter` without auth dependency — DashAI/back/api/api_v1/endpoints/converters.py:176
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/converters.py:176 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:985
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:985 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_download` without auth dependency — DashAI/back/api/api_v1/endpoints/datafile.py:155
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datafile.py:155 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_explorer` without auth dependency — DashAI/back/api/api_v1/endpoints/explorers.py:248
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explorers.py:248 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_generative_process` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_process.py:184
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_process.py:184 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_generative_session` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_session.py:220
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_session.py:220 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_global_explainer` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:265
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:265 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_local_explainer` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:555
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:555 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_model_session` without auth dependency — DashAI/back/api/api_v1/endpoints/model_sessions.py:247
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/model_sessions.py:247 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_notebook` without auth dependency — DashAI/back/api/api_v1/endpoints/notebook.py:257
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/notebook.py:257 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_pipeline` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:427
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:427 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_plugin` without auth dependency — DashAI/back/api/api_v1/endpoints/plugins.py:173
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/plugins.py:173 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_prediction` without auth dependency — DashAI/back/api/api_v1/endpoints/predict.py:193
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/predict.py:193 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_run_operations` without auth dependency — DashAI/back/api/api_v1/endpoints/runs.py:581
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/runs.py:581 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI DELETE `delete_run` without auth dependency — DashAI/back/api/api_v1/endpoints/runs.py:348
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/runs.py:348 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `rename_dataset_column` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:1114
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:1114 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `reset_run_by_id` without auth dependency — DashAI/back/api/api_v1/endpoints/runs.py:493
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/runs.py:493 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_column_encoder` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:1332
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:1332 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_component` without auth dependency — DashAI/back/api/api_v1/endpoints/components.py:305
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/components.py:305 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:1041
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:1041 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_explainer` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:605
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:605 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_explorer` without auth dependency — DashAI/back/api/api_v1/endpoints/explorers.py:214
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explorers.py:214 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_generative_session` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_session.py:298
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_session.py:298 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_job` without auth dependency — DashAI/back/api/api_v1/endpoints/jobs.py:343
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/jobs.py:343 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_model_session` without auth dependency — DashAI/back/api/api_v1/endpoints/model_sessions.py:286
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/model_sessions.py:286 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_notebook` without auth dependency — DashAI/back/api/api_v1/endpoints/notebook.py:318
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/notebook.py:318 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_plugin` without auth dependency — DashAI/back/api/api_v1/endpoints/plugins.py:218
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/plugins.py:218 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `update_run` without auth dependency — DashAI/back/api/api_v1/endpoints/runs.py:403
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/runs.py:403 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PATCH `upgrade_plugin` without auth dependency — DashAI/back/api/api_v1/endpoints/plugins.py:302
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/plugins.py:302 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `copy_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:901
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:901 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:407
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:407 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_download` without auth dependency — DashAI/back/api/api_v1/endpoints/datafile.py:64
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datafile.py:64 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_explorer` without auth dependency — DashAI/back/api/api_v1/endpoints/explorers.py:193
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explorers.py:193 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_model_session` without auth dependency — DashAI/back/api/api_v1/endpoints/model_sessions.py:172
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/model_sessions.py:172 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_notebook` without auth dependency — DashAI/back/api/api_v1/endpoints/notebook.py:30
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/notebook.py:30 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_pipeline` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:296
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:296 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `create_prediction` without auth dependency — DashAI/back/api/api_v1/endpoints/predict.py:31
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/predict.py:31 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `enqueue_job` without auth dependency — DashAI/back/api/api_v1/endpoints/jobs.py:172
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/jobs.py:172 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `filter_models_endpoint` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:532
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:532 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `get_explorer_results` without auth dependency — DashAI/back/api/api_v1/endpoints/explorers.py:270
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explorers.py:270 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `import_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/dataset_source.py:301
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/dataset_source.py:301 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `post_notebook_converter` without auth dependency — DashAI/back/api/api_v1/endpoints/converters.py:20
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/converters.py:20 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `preview_dataset_with_params` without auth dependency — DashAI/back/api/api_v1/endpoints/dataset_source.py:158
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/dataset_source.py:158 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `preview_manual_prediction` without auth dependency — DashAI/back/api/api_v1/endpoints/predict.py:246
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/predict.py:246 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `preview_with_types` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:1800
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:1800 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `refresh_plugins_record` without auth dependency — DashAI/back/api/api_v1/endpoints/plugins.py:143
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/plugins.py:143 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_component` without auth dependency — DashAI/back/api/api_v1/endpoints/components.py:277
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/components.py:277 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_generative_process` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_process.py:27
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_process.py:27 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_generative_session` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_session.py:29
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_session.py:29 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_global_explainer` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:204
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:204 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_local_explainer` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:487
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:487 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_plugin` without auth dependency — DashAI/back/api/api_v1/endpoints/plugins.py:116
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/plugins.py:116 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `upload_run` without auth dependency — DashAI/back/api/api_v1/endpoints/runs.py:287
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/runs.py:287 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `validate_columns` without auth dependency — DashAI/back/api/api_v1/endpoints/model_sessions.py:97
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/model_sessions.py:97 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `validate_dataset` without auth dependency — DashAI/back/api/api_v1/endpoints/explainers.py:619
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explainers.py:619 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `validate_node` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:474
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:474 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `validate_pipeline` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:511
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:511 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI POST `validate_type_changes` without auth dependency — DashAI/back/api/api_v1/endpoints/datasets.py:2023
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/datasets.py:2023 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PUT `update_explorer_results` without auth dependency — DashAI/back/api/api_v1/endpoints/explorers.py:334
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/explorers.py:334 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PUT `update_generative_session_params` without auth dependency — DashAI/back/api/api_v1/endpoints/generative_session.py:394
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/generative_session.py:394 securityAuth fastapi unauth mutation
high System graph security auth conf 1.00 FastAPI PUT `update_pipeline` without auth dependency — DashAI/back/api/api_v1/endpoints/pipelines.py:357
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
DashAI/back/api/api_v1/endpoints/pipelines.py:357 securityAuth fastapi unauth mutation
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/converters/hugging_face/embedding.py:185
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/converters/hugging_face/embedding.py:185 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/models/base_torchvision_image_classifier.py:440
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/models/base_torchvision_image_classifier.py:440 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/models/cnn_image_classifier.py:493
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/models/cnn_image_classifier.py:493 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/models/lenet5_image_classifier.py:412
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/models/lenet5_image_classifier.py:412 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/models/mlp_image_classifier.py:461
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/models/mlp_image_classifier.py:461 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in DashAI/back/models/scikit_learn/mlp_regression.py:457
Found a known-risky pattern (eval_used). Review and replace if possible.
DashAI/back/models/scikit_learn/mlp_regression.py:457 Eval used
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{datafile_id}.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/datafile.py:155
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{explorer_id}/.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/explorers.py:248
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{pipeline_id}.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/pipelines.py:427
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{plugin_id}.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/plugins.py:173
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{run_id}.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/runs.py:348
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{run_id}/operations.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/runs.py:581
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/components.py:85
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PATCH /{run_id}.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/runs.py:403
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PATCH /{run_id}/reset.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/runs.py:493
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /validate_node.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
DashAI/back/api/api_v1/endpoints/pipelines.py:474
medium Security checks security auth conf 0.72 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler.
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
DashAI/back/job/explorer_job.py:79
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
DashAI/back/api/api_v1/endpoints/hardware.py:62
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
DashAI/front/src/components/models/PredictionCard.jsx:65
DashAI/front/src/components/predictions/DatasetSelector.jsx:35
DashAI/front/src/components/predictions/ResultsTable.jsx:38
medium Security checks software dependencies conf 0.90 ✓ Repobility 25 occurrences [MINED124] requirements.txt: `fastapi[all]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
Replace `fastapi[all]` with `fastapi[all]==<version>` and manage upgrades through PRs / Dependabot.
2 files, 25 locations
requirements-cpu.txt:9, 10, 11, 12, 13, 16, 17, 18, +9 more (17 hits)
requirements-dev.txt:1, 2, 3, 4, 5, 6, 7, 8 (8 hits)
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
DashAI/back/seeds/__init__.py:50
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
DashAI/back/dataloaders/classes/dataloader.py:196
low Security checks quality Error handling conf 0.55 ✓ Repobility 18 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
8 files, 18 locations
DashAI/back/types/type_validation.py:72, 94, 107, 125, 156, 175, 196, 218, +3 more (11 hits)
DashAI/back/converters/sklearn_wrapper.py:101
DashAI/back/plugins/utils.py:44
DashAI/back/types/inf/ptype/PtypeCat.py:222
DashAI/back/types/utils.py:362
docs/scripts/generate_components.py:128
scripts/ci_alembic_check.py:13
tests/back/conftest.py:70
Error handlingquality
high Security checks cicd CI/CD security conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
Dockerfile:8 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
Tighten .dockerignore or replace COPY . with explicit COPY statements.
Dockerfile:10 CI/CD securitycontainers
high Security checks quality Quality conf 0.74 Frontend API reference is not matched by discovered backend routes
Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore.
DashAI/front/src/hooks/useHardwareMonitor.js:52
high Security checks quality Quality conf 0.74 Frontend API reference is not matched by discovered backend routes
Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore.
DashAI/front/src/components/models/LiveMetricsChart.jsx:95
high Security checks quality Quality conf 0.80 localStorage write failures are swallowed silently
Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.
DashAI/front/src/components/notebooks/dataset/MrtDatasetTableInfScroll.jsx:117
high Security checks quality Quality conf 0.80 localStorage write failures are swallowed silently
Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.
DashAI/front/src/components/jobs/JobQueueWidget.jsx:139
medium Security checks quality Quality conf 0.78 Public web service has no security.txt
Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.
.well-known/security.txt
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph quality Integrity conf 1.00 17 occurrences Frontend route `datasets/new` has no Link/navigate to it — DashAI/front/src/App.jsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
17 occurrences
repo-level (17 hits)
Orphan pageWiring
medium System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
3 files, 3 locations
.github/workflows/code-review.yaml
.github/workflows/docs.yaml
.github/workflows/publish.yml
CI/CD securitySupply chainGithub actions
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — DashAI/back/plugins/utils.py:65
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph security Coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
auth
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
75 test file(s) for 943 source file(s) (ratio 0.08). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases.
.dockerignore CI/CD securitycontainers
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 23 locations
DashAI/back/converters/scikit_learn/rbf_sampler.py:4, 5, 145 (3 hits)
DashAI/back/converters/scikit_learn/select_fdr.py:84, 89, 90 (3 hits)
DashAI/back/converters/imbalanced_learn/smoteenn_converter.py:2, 4 (2 hits)
DashAI/back/converters/scikit_learn/generic_univariate_select.py:6, 77 (2 hits)
DashAI/back/converters/scikit_learn/knn_imputer.py:135, 136 (2 hits)
DashAI/back/converters/scikit_learn/min_max_scaler.py:108, 109 (2 hits)
DashAI/back/converters/scikit_learn/nystroem.py:8, 214 (2 hits)
DashAI/back/converters/scikit_learn/ordinal_encoder.py:3, 4 (2 hits)
duplicationquality
low Security checks quality Documentation No LICENSE file
Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).
low Security checks quality Quality conf 0.74 robots.txt does not advertise a sitemap
Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt.
DashAI/front/public/robots.txt
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-alpine
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:2 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: python:3.11-slim
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:8 containersPinned dependencies
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/eslint.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/i18next.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/api/api.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/components/HomeButton.test.jsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/components/predictions/inputFieldConstants.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/components/ResponsiveAppBar.test.jsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/components/shared/FormSchemaRangeInput.jsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/components/shared/FromSchemaFixedInput.jsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/flags.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/schema.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/timestamp.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/datasetsTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/datasetViewTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/experimentsTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/generativeTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/homeTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/modelsSessionTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/modelsTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/constants/tours/notebookTour.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/index.jsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/setupTests.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/component.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/configurableObject.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/converter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/dataloader.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/dataset.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/explainer.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/exploration.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/explorer.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/generativeTask.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/modelSession.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/notebook.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/pipeline.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/plugin.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/predict.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/process.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/run.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/session.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/types/task.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/utils/metadataRecommendation.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/src/utils/typesLists.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/webview.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: docs/babel.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: docs/docusaurus.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: docs/sidebars.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: hooks/hook-imblearn.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: hooks/hook-llama-cpp-cpu.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: hooks/hook-py4j.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: hooks/hook-transformers.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/ci_alembic_check.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 10 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: DashAI/back/types/inf/inference_methods.py:infer_types, DashAI/back/types/inf/inference_methods.py:infer_types This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document …
10 occurrences
repo-level (10 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: DashAI/back/models/base_torchvision_image_classifier.py:predict, DashAI/back/models/lenet5_image_classifier.py:predict, DashAI/back/models/cnn_image_classifier.py:predict This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — …
duplicatesduplication
low System graph quality Integrity conf 1.00 5 occurrences Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: DashAI/back/models/base_torchvision_image_classifier.py:num_classes, DashAI/back/models/mlp_image_classifier.py:num_classes, DashAI/back/models/lenet5_image_classifier.py:num_classes, DashAI/back/models/cnn_image_classifier.py:num_classes This is *th…
5 occurrences
repo-level (5 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: DashAI/back/models/hugging_face/mixtral_model.py:generate, DashAI/back/models/hugging_face/llama_model.py:generate, DashAI/back/models/hugging_face/qwen_model.py:generate, DashAI/back/models/hugging_face/mistral_model.py:generate This is *the* AI-cod…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: DashAI/back/models/base_model.py:train, DashAI/back/models/hugging_face/m2m100_transformer.py:train, DashAI/back/models/hugging_face/nllb_transformer.py:train, DashAI/back/models/hugging_face/base_opus_mt_transformer.py:train This is *the* AI-coder f…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 7 places
Functions with the same first-5-line body hash: DashAI/back/types/inf/ptype/Machine.py:probability, DashAI/back/types/inf/ptype/Machine.py:probability, DashAI/back/types/inf/ptype/Machine.py:probability, DashAI/back/types/inf/ptype/Machine.py:probability This is *the* AI-coder failure mode (4× mor…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 9 places
Functions with the same first-5-line body hash: DashAI/back/types/value_types.py:to_string, DashAI/back/types/value_types.py:to_string, DashAI/back/types/value_types.py:to_string, DashAI/back/types/value_types.py:to_string This is *the* AI-coder failure mode (4× more duplication in vibe-coded repo…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/api.py:3
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/converters.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/datasets.py:20
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/explainers.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/explorers.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/generative_session.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/model_sessions.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/notebook.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/pipelines.py:8
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/plugins.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/predict.py:10
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/api/api_v1/endpoints/runs.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/app.py:11
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/dependencies/database/utils.py:10
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/job/converter_job.py:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `api_v1` in DashAI/back/job/dataset_job.py:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `task_copy` in DashAI/back/dependencies/job_queues/huey_job_queue.py:143
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: as_normal
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/Schema.py:70
low System graph software Dead code conf 1.00 Possibly dead Python function: chop_microseconds
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:32
low System graph software Dead code conf 1.00 Possibly dead Python function: convert_to_bold
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:36
low System graph software Dead code conf 1.00 Possibly dead Python function: convert_to_bold_for_latex
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:40
low System graph software Dead code conf 1.00 Possibly dead Python function: copy_columns_between_dicts
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:203
low System graph software Dead code conf 1.00 Possibly dead Python function: create_folders
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:145
low System graph software Dead code conf 1.00 Possibly dead Python function: is_image_path
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/utils.py:313
low System graph software Dead code conf 1.00 Possibly dead Python function: llhoods_with_precision
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:62
low System graph software Dead code conf 1.00 Possibly dead Python function: load_logic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/__main__.py:213
low System graph software Dead code conf 1.00 Possibly dead Python function: logdot
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:110
low System graph software Dead code conf 1.00 Possibly dead Python function: ma_multidot
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:118
low System graph software Dead code conf 1.00 Possibly dead Python function: multi_logdot
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:122
low System graph software Dead code conf 1.00 Possibly dead Python function: open_browser
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/__main__.py:67
low System graph software Dead code conf 1.00 Possibly dead Python function: plot_matrix
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:212
low System graph software Dead code conf 1.00 Possibly dead Python function: print_to_file
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:140
low System graph software Dead code conf 1.00 Possibly dead Python function: project_root
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:27
low System graph software Dead code conf 1.00 Possibly dead Python function: pyarrow_date_conversion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/utils.py:248
low System graph software Dead code conf 1.00 Possibly dead Python function: pyarrow_time_conversion
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/utils.py:280
low System graph software Dead code conf 1.00 Possibly dead Python function: remove_digits
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:44
low System graph software Dead code conf 1.00 Possibly dead Python function: remove_whitespaces_head_and_tail
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:48
low System graph software Dead code conf 1.00 Possibly dead Python function: save_file
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/__main__.py:140
low System graph software Dead code conf 1.00 Possibly dead Python function: set_additional_an_values
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/Ptype.py:99
low System graph software Dead code conf 1.00 Possibly dead Python function: set_na_values
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/Ptype.py:93
low System graph software Dead code conf 1.00 Possibly dead Python function: set_string_alphabet
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/Ptype.py:109
low System graph software Dead code conf 1.00 Possibly dead Python function: show_ratios
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/Schema.py:53
low System graph software Dead code conf 1.00 Possibly dead Python function: validate_categorical_suitability
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/type_validation.py:331
low System graph software Dead code conf 1.00 Possibly dead Python function: write_data
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
DashAI/back/types/inf/ptype/utils.py:134
low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — DashAI/front/src/components/pipelines/PipelineDesigner.jsx:168
`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg
Fq controls no bg
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/components/explorations/ExplorationsTable.jsx:42
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/components/models/LiveMetricsChart.jsx:178
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/components/predictions/ManualInput.jsx:32
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/pages/results/components/LiveMetricsChart.jsx:159
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/pages/results/components/ResultsTable.jsx:86
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — DashAI/front/src/pages/results/constants/extractColumns.jsx:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph quality Integrity conf 1.00 Stub function `dummy_signal` (body is just `pass`/`return`) — DashAI/__main__.py:76
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
low System graph quality Integrity conf 1.00 Stub function `set_status_as_delivered` (body is just `pass`/`return`) — DashAI/back/job/pipeline_job.py:18
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
low System graph quality Integrity conf 1.00 Stub function `upgrade` (body is just `pass`/`return`) — DashAI/alembic/versions/3db684f4090a_merge_datafile_and_dataset_heads.py:21
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /
`DashAI/back/api/api_v1/endpoints/components.py` declares `DELETE /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{datafile_id}
`DashAI/back/api/api_v1/endpoints/datafile.py` declares `DELETE /{datafile_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{dataset_id}
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `DELETE /{dataset_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{explorer_id}/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `DELETE /{explorer_id}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{pipeline_id}
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `DELETE /{pipeline_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{plugin_id}
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `DELETE /{plugin_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{run_id}
`DashAI/back/api/api_v1/endpoints/runs.py` declares `DELETE /{run_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /{run_id}/operations
`DashAI/back/api/api_v1/endpoints/runs.py` declares `DELETE /{run_id}/operations` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `GET /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /app/{full_path:path}
`DashAI/back/api/front_api.py` declares `GET /app/{full_path:path}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /exploration/{exploration_id}/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `GET /exploration/{exploration_id}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting w…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /file/info
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /file/info` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /filter/
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /filter/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /image/{component_name}/
`DashAI/back/api/api_v1/endpoints/components.py` declares `GET /image/{component_name}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /nodes
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `GET /nodes` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /plot/{run_id}/{plot_type}
`DashAI/back/api/api_v1/endpoints/runs.py` declares `GET /plot/{run_id}/{plot_type}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /predict_summary
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `GET /predict_summary` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /sample/file
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /sample/file` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /types/file
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /types/file` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{datafile_id}
`DashAI/back/api/api_v1/endpoints/datafile.py` declares `GET /{datafile_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{datafile_id}/files
`DashAI/back/api/api_v1/endpoints/datafile.py` declares `GET /{datafile_id}/files` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{dataset_id}
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /{dataset_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{dataset_id}/info
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /{dataset_id}/info` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{dataset_id}/model-sessions-exist
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /{dataset_id}/model-sessions-exist` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documentin…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{dataset_id}/sample
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /{dataset_id}/sample` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{dataset_id}/types
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `GET /{dataset_id}/types` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{explorer_id}/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `GET /{explorer_id}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{file:path}
`DashAI/back/api/front_api.py` declares `GET /{file:path}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{id}/
`DashAI/back/api/api_v1/endpoints/components.py` declares `GET /{id}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{pipeline_id}
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `GET /{pipeline_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{pipeline_id}/dataexploration/results/
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `GET /{pipeline_id}/dataexploration/results/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docu…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{plugin_id}
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `GET /{plugin_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{run_id}
`DashAI/back/api/api_v1/endpoints/runs.py` declares `GET /{run_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /{run_id}/operations/count
`DashAI/back/api/api_v1/endpoints/runs.py` declares `GET /{run_id}/operations/count` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /
`DashAI/back/api/api_v1/endpoints/components.py` declares `PATCH /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{dataset_id}
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `PATCH /{dataset_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{explorer_id}/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `PATCH /{explorer_id}/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{plugin_id}
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `PATCH /{plugin_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{plugin_id}/upgrade
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `PATCH /{plugin_id}/upgrade` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consume…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{run_id}
`DashAI/back/api/api_v1/endpoints/runs.py` declares `PATCH /{run_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /{run_id}/reset
`DashAI/back/api/api_v1/endpoints/runs.py` declares `PATCH /{run_id}/reset` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `POST /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /copy
`DashAI/back/api/api_v1/endpoints/datasets.py` declares `POST /copy` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /filter_models
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `POST /filter_models` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /index
`DashAI/back/api/api_v1/endpoints/plugins.py` declares `POST /index` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /validate_node
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `POST /validate_node` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /validate_pipeline
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `POST /validate_pipeline` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /{explorer_id}/results/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `POST /{explorer_id}/results/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PUT /{explorer_id}/results/
`DashAI/back/api/api_v1/endpoints/explorers.py` declares `PUT /{explorer_id}/results/` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PUT /{pipeline_id}
`DashAI/back/api/api_v1/endpoints/pipelines.py` declares `PUT /{pipeline_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph quality Complexity conf 1.00 Very large file: DashAI/back/api/api_v1/endpoints/datasets.py (2090 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: DashAI/back/dataloaders/classes/dashai_dataset.py (1654 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/c45b5ec7-418d-40b0-b823-e292303fb389/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/c45b5ec7-418d-40b0-b823-e292303fb389/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.