DashAISoftware/dashAI

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

177 of your 267 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Upstream (GitHub) caused delay on this scan — not Repobility.

GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
Clone from GitHub took 72.95s for a 72.5 MB repo slow.
Repobility's analysis ran in 14.56s after the clone landed.

https://github.com/DashAISoftware/dashAI · scanned 2026-06-05 17:15 UTC (4 days, 22 hours ago) · 10 languages

877 raw signals (253 security + 624 graph) 11/13 scanners ran 42nd percentile · Python · large (100-500K LoC)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 22 hours ago · v2 · 354 actionable findings from 2 signal sources. 192 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

100.0% cov · 252 findings

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	60.0	0.15	9.00
`security_score`	100.0	0.25	25.00
`testing_score`	51.0	0.20	10.20
`documentation_score`	70.0	0.15	10.50
`practices_score`	84.0	0.15	12.60
`code_quality`	58.0	0.10	5.80
Overall		1.00	73.1

security_score may be inflated — optional security scanners were skipped on this fast scan

Severity distribution — click a segment to filter

Active filters: layer: software × excluding tests × Reset all

Severity: Critical 0 High 103 Medium 15 Low 176 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 102 System graph 252 Crowd 0 Layer: Software 83 Quality 109 Security 93 Cicd 6 Frontend 9 Hardware 4 Api 50

Exclude dismissed / FP Exclude test files

Scan summary Quality grade B (73/100). Dimensions: security 100, maintainability 60. 253 findings (77 security). 156,056 lines analyzed.

Showing 80 of 354 actionable findings. 546 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.

Replace with: `FROM node:22-alpine@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).

lines 2, 8

Dockerfile:2, 8 (2 hits)

high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences [MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.

Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).

lines 2, 14, 22

.pre-commit-config.yaml:2, 14, 22 (3 hits)

medium Security checks software dependencies conf 0.90 ✓ Repobility 25 occurrences [MINED124] requirements.txt: `fastapi[all]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.

Replace `fastapi[all]` with `fastapi[all]==<version>` and manage upgrades through PRs / Dependabot.

2 files, 25 locations

requirements-cpu.txt:9, 10, 11, 12, 13, 16, 17, 18, +9 more (17 hits)

requirements-dev.txt:1, 2, 3, 4, 5, 6, 7, 8 (8 hits)

low System graph software Dead code candidate conf 1.00 File has no detected symbols: DashAI/front/eslint.config.js