Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 3.23s · analysis 1.64s · 3.8 MB · GitHub API rate-limit (preflight)

encode/starlette

https://github.com/encode/starlette.git · scanned 2026-05-24 01:21 UTC (1 week, 5 days ago) · 10 languages

175 findings (76 legacy + 99 scanner) 84th percentile · Python · small (2-20K LoC) Scanner says 73 (higher by 9)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 5 days ago · v2 · 125 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
78.2
/100
Repobility
84
76 legacy
9-layer
73
88.9% cov · 49 gaps
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 75.0 0.15 11.25
security_score 94.4 0.25 23.60
testing_score 100.0 0.20 20.00
documentation_score 66.0 0.15 9.90
practices_score 72.0 0.15 10.80
code_quality 62.0 0.10 6.20
Overall 1.00 81.8
Severity distribution — click a segment to filter
Active filters: severity: low × excluding tests × Reset all
Severity: Critical 1 High 56 Medium 7 Low 43 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 76 9-layer 49 Crowd 0 Layer: Quality 95 Software 23 Security 2 Api 1 Network 2 Frontend 1 Cicd 1
Scan summary Repository scanned at 72.7/100 with 88.9% coverage. It contains 1381 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 49 findings — concentrated in quality (24), software (19), network (2). Risk profile is high: 1 critical, 0 high, 3 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 43 of 125 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
starlette/config.py:14 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
starlette/concurrency.py:35 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
starlette/authentication.py:94 qualitylegacy
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: starlette/types.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/schemas.py:get_schema, starlette/schemas.py:get_schema This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/formparsers.py:on_end, starlette/formparsers.py:on_end This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/formparsers.py:parse, starlette/formparsers.py:parse This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/authentication.py:async_wrapper, starlette/authentication.py:sync_wrapper This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:getlist, starlette/datastructures.py:getlist This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:keys, starlette/datastructures.py:keys This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:values, starlette/datastructures.py:values This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:items, starlette/datastructures.py:items This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:setdefault, starlette/datastructures.py:setdefault This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:append, starlette/datastructures.py:append This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:update, starlette/datastructures.py:update This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:close, starlette/datastructures.py:close This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: starlette/datastructures.py:raw, starlette/datastructures.py:raw This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: starlette/_utils.py:is_async_callable, starlette/_utils.py:is_async_callable, starlette/_utils.py:is_async_callable This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or docu…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: starlette/authentication.py:is_authenticated, starlette/authentication.py:is_authenticated, starlette/authentication.py:is_authenticated This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene)…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: starlette/authentication.py:display_name, starlette/authentication.py:display_name, starlette/authentication.py:display_name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidat…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: starlette/routing.py:app, starlette/routing.py:app, starlette/routing.py:app, starlette/routing.py:app This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: starlette/routing.py:matches, starlette/routing.py:matches, starlette/routing.py:matches, starlette/routing.py:matches This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or d…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: starlette/convertors.py:convert, starlette/convertors.py:convert, starlette/convertors.py:convert, starlette/convertors.py:convert This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Cons…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: starlette/convertors.py:to_string, starlette/convertors.py:to_string, starlette/convertors.py:to_string, starlette/convertors.py:to_string This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygien…
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: add_websocket_route
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/routing.py:740 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: coro
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/base.py:139 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: decorator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/authentication.py:32 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: empty_receive
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/requests.py:205 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: empty_send
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/requests.py:209 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: http_exception
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/exceptions.py:65 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: listen_for_disconnect
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/responses.py:242 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: method_not_allowed
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/endpoints.py:48 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: not_found
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/routing.py:606 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: receive_or_disconnect
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/base.py:113 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: send_no_error
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/base.py:132 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sender
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/_exception_handler.py:34 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sender
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/wsgi.py:114 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: websocket_exception
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/exceptions.py:71 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapped
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/responses.py:155 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapped_app
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/_exception_handler.py:31 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wrapped_receive
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/base.py:34 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: wsgi
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
starlette/middleware/wsgi.py:143 dead-code
low 9-layer quality integrity conf 1.00 Stub function `on_end` (body is just `pass`/`return`) — starlette/formparsers.py:223
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/ccc7a59c-b7cb-442a-a08a-1aa8791f8ad9/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/ccc7a59c-b7cb-442a-a08a-1aa8791f8ad9/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.