Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
74 of your 168 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 160.55s for a 409.1 MB repo slow.
  • Repobility's analysis ran in 66.06s after the clone landed.

elastic/elasticsearch

https://github.com/elastic/elasticsearch · scanned 2026-06-05 07:40 UTC (5 days, 20 hours ago) · 10 languages

2776 raw signals (132 security + 2644 graph) 11/13 scanners ran 91st percentile · Java · huge (>500K LoC) System graph score 66 (higher by 19)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 20 hours ago · v2 · 1339 actionable findings from 2 signal sources. 114 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
70.2
/100
Security checks
75
67 findings
System graph
66
100.0% cov · 1272 findings
Critical
86
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 100.0 0.25 25.00
testing_score 100.0 0.20 20.00
documentation_score 91.0 0.15 13.65
practices_score 77.0 0.15 11.55
code_quality 80.0 0.10 8.00
Overall 1.00 84.2
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 86 High 135 Medium 39 Low 620 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 67 System graph 1272 Crowd 0 Layer: Cicd 22 Software 20 Quality 630 Security 636 Api 1 Network 13 Hardware 16 Frontend 1
Scan summary Quality grade A- (84/100). Dimensions: security 100, maintainability 40. 132 findings (33 security). 2,279,086 lines analyzed.

Showing 752 of 1339 actionable findings. 1453 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks cicd CI/CD security conf 0.96 4 occurrences Compose service contains a literal secret environment value
Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file.
2 files, 4 locations
dev-tools/prometheus-local/docker-compose.yml:59, 82 (2 hits)
qa/remote-clusters/docker-compose.yml:3, 58 (2 hits)
CI/CD securitycontainers
critical Security checks cicd CI/CD security conf 0.98 Compose service mounts the Docker socket
Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials.
dev-tools/prometheus-local/docker-compose.yml:1 CI/CD securitycontainers
critical System graph security security conf 1.00 Insecure pattern 'private_key_in_repo' in libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java:63
Found a known-risky pattern (private_key_in_repo). Review and replace if possible.
libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java:63 Private key in repo
critical System graph security Secrets conf 1.00 Possible secret in dev-tools/prometheus-local/prometheus.yml
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
dev-tools/prometheus-local/prometheus.yml:14
critical System graph security Secrets conf 1.00 6 occurrences Possible secret in libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationKeys.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 59, 64, 90, 95, 100, 106
libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslConfigurationKeys.java:59, 64, 90, 95, 100, 106 (6 hits)
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 219, 220
libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java:219, 220 (2 hits)
critical System graph security Secrets conf 1.00 Possible secret in libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java:159
critical System graph security Secrets conf 1.00 Possible secret in libs/web-utils/src/main/java/org/elasticsearch/web/UriParts.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
libs/web-utils/src/main/java/org/elasticsearch/web/UriParts.java:35
critical System graph security Secrets conf 1.00 Possible secret in x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/support/xcontent/WatcherXContentParser.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/support/xcontent/WatcherXContentParser.java:32
critical System graph security Secrets conf 1.00 Possible secret in x-pack/plugin/eql/qa/correctness/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/plugin/eql/qa/correctness/build.gradle:41
critical System graph security Secrets conf 1.00 4 occurrences Possible secret in x-pack/plugin/ml/qa/ml-with-security/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 256, 257, 258, 259
x-pack/plugin/ml/qa/ml-with-security/build.gradle:256, 257, 258, 259 (4 hits)
critical System graph security Secrets conf 1.00 Possible secret in x-pack/plugin/searchable-snapshots/qa/rest/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/plugin/searchable-snapshots/qa/rest/build.gradle:33
critical System graph security Secrets conf 1.00 Possible secret in x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommand.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/HttpCertificateCommand.java:983
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 494, 499
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java:494, 499 (2 hits)
critical System graph security Secrets conf 1.00 Possible secret in x-pack/plugin/shutdown/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/plugin/shutdown/build.gradle:30
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in x-pack/plugin/shutdown/qa/rolling-upgrade/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 79, 82
x-pack/plugin/shutdown/qa/rolling-upgrade/build.gradle:79, 82 (2 hits)
critical System graph security Secrets conf 1.00 4 occurrences Possible secret in x-pack/plugin/sql/qa/server/src/main/java/org/elasticsearch/xpack/sql/qa/cli/EmbeddedCli.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 164, 166, 183, 193
x-pack/plugin/sql/qa/server/src/main/java/org/elasticsearch/xpack/sql/qa/cli/EmbeddedCli.java:164, 166, 183, 193 (4 hits)
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/ConnectionBuilder.java
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 91, 116
x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/ConnectionBuilder.java:91, 116 (2 hits)
critical System graph security Secrets conf 1.00 3 occurrences Possible secret in x-pack/plugin/text-structure/qa/text-structure-with-security/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 22, 23, 24
x-pack/plugin/text-structure/qa/text-structure-with-security/build.gradle:22, 23, 24 (3 hits)
critical System graph security Secrets conf 1.00 Possible secret in x-pack/qa/repository-old-versions/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
x-pack/qa/repository-old-versions/build.gradle:97
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in x-pack/qa/rolling-upgrade/build.gradle
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 91, 94
x-pack/qa/rolling-upgrade/build.gradle:91, 94 (2 hits)
low Security checks quality Quality conf 1.00 ✓ Repobility [MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.
Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context.
.buildkite/scripts/setup_node.sh:8
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED026] Fake Verification: assert True, expect(1).toBe(1), or other tautology used to fake passing tests.
Review and fix per the pattern semantics. See CWE-1126 / for context.
modules/apm/src/main/java/org/elasticsearch/telemetry/apm/AbstractAsyncInstrument.java:46
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.
Review and fix per the pattern semantics. See CWE-78 / for context.
dev-tools/prepare_release_update_documentation.py:33
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED036] Python Os System Call: os.system() invokes shell with no escaping.
Review and fix per the pattern semantics. See CWE-78 / for context.
dev-tools/prepare_release_update_documentation.py:28
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks.
Use the least-privilege mode the file actually needs (e.g. 640 for configs, 750 for executables). For directories that genuinely need shared write access, use a group with chmod g+w and chown the right group.
.buildkite/scripts/cuvs-snapshot/configure.sh:21
high Security checks software dependencies conf 0.90 ✓ Repobility 12 occurrences [MINED118] Dockerfile FROM `redhat/ubi8 (no tag)` not pinned by digest: `FROM redhat/ubi8 (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM redhat/ubi8 (no tag)@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
10 files, 12 locations
x-pack/test/idp-fixture/src/main/resources/nginx/Dockerfile:9, 44 (2 hits)
x-pack/test/idp-fixture/src/main/resources/oidc/Dockerfile:14, 40 (2 hits)
dev-tools/zstd.Dockerfile:1
libs/parquet-rs/native/Dockerfile.rust-toolchain:19
libs/simdvec/native/Dockerfile.cross-toolchain:20
test/fixtures/krb5kdc-fixture/Dockerfile:1
x-pack/plugin/esql-datasource-parquet-rs/native/build-tools/Dockerfile.cargo-zigbuild:11
x-pack/test/idp-fixture/src/main/resources/idp/Dockerfile:10
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `distribution/src/bin/elasticsearch-service-mgr.exe` committed in source repo: `distribution/src/bin/elasticsearch-service-mgr.exe` is a .exe binary (126,600 bytes) committed to a repo that otherwise has 29202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
distribution/src/bin/elasticsearch-service-mgr.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `distribution/src/bin/elasticsearch-service-x64.exe` committed in source repo: `distribution/src/bin/elasticsearch-service-x64.exe` is a .exe binary (142,984 bytes) committed to a repo that otherwise has 29202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
distribution/src/bin/elasticsearch-service-x64.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 29202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
gradle/wrapper/gradle-wrapper.jar:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `plugins/examples/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `plugins/examples/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (43,583 bytes) committed to a repo that otherwise has 29202 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
plugins/examples/gradle/wrapper/gradle-wrapper.jar:1
high Security checks software Xxe conf 1.00 [SEC024] XML External Entity (XXE) — Java parser default: Java XML parsers accept external entity references by default. An attacker can craft XML input that reads server files (file://), exfiltrates data via DNS, or causes denial of service via the 'billion laughs' attack.
Disable DTDs and external entities before parsing: factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities"…
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/shadow/XmlClassRelocationTransformer.java:58
high Security checks cicd CI/CD security conf 0.92 Compose service explicitly runs as root
Run as a numeric non-root UID, or if root is needed for startup, drop privileges before starting the app process.
docs/reference/setup/install/docker/docker-compose.yml:3 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.90 3 occurrences Database service has no persistent data volume
Mount the database data directory to a named Docker volume or managed persistent disk, and document backup and restore testing.
2 files, 3 locations
qa/remote-clusters/docker-compose.yml:3, 58 (2 hits)
docs/reference/setup/install/docker/docker-compose.yml:3
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.84 3 occurrences Database service publishes a host port
Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules.
2 files, 3 locations
qa/remote-clusters/docker-compose.yml:3, 58 (2 hits)
docs/reference/setup/install/docker/docker-compose.yml:64
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.92 Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
libs/parquet-rs/native/Dockerfile.rust-toolchain:41 CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 4 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…
3 files, 4 locations
.github/workflows/updatecli-compose.yml:19, 38 (2 hits)
.github/workflows/check-esql-generated-headers.yml:22
.github/workflows/gradle-wrapper-validation.yml:13
CI/CD securitySupply chainGitHub Actions
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 7 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `elastic/docs-actions/.github/workflows/docs-build.yml` pinned to mutable ref `@v1`: `uses: elastic/docs-actions/.github/workflows/docs-build.yml@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compr…
4 files, 7 locations
.github/workflows/docs-build.yml:14 (2 hits)
.github/workflows/docs-deploy.yml:14 (2 hits)
.github/workflows/docs-preview-cleanup.yml:12 (2 hits)
.github/workflows/updatecli-compose.yml:51
CI/CD securitySupply chainGitHub Actions
high System graph security Secrets conf 1.00 .env file present in repo: docs/reference/setup/install/docker/.env
A raw .env file is in the working tree. Verify it isn't committed and that secrets are in a vault.
Config
high System graph security security conf 1.00 Insecure pattern 'eval_used' in benchmarks/src/main/java/org/elasticsearch/benchmark/compute/operator/AggregatorBenchmark.java:766
Found a known-risky pattern (eval_used). Review and replace if possible.
benchmarks/src/main/java/org/elasticsearch/benchmark/compute/operator/AggregatorBenchmark.java:766 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in benchmarks/src/main/java/org/elasticsearch/benchmark/esql/JsonExtractBenchmark.java:211
Found a known-risky pattern (eval_used). Review and replace if possible.
benchmarks/src/main/java/org/elasticsearch/benchmark/esql/JsonExtractBenchmark.java:211 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in libs/tdigest/src/main/java/org/elasticsearch/tdigest/ScaleFunction.java:622
Found a known-risky pattern (eval_used). Review and replace if possible.
libs/tdigest/src/main/java/org/elasticsearch/tdigest/ScaleFunction.java:622 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in libs/x-content/src/main/java/org/elasticsearch/xcontent/ObjectPath.java:30
Found a known-risky pattern (eval_used). Review and replace if possible.
libs/x-content/src/main/java/org/elasticsearch/xcontent/ObjectPath.java:30 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/actions/ActionWrapper.java:184
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/actions/ActionWrapper.java:184 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/support/xcontent/XContentSource.java:107
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/support/xcontent/XContentSource.java:107 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPolicyMaintenanceService.java:186
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/enrich/src/main/java/org/elasticsearch/xpack/enrich/EnrichPolicyMaintenanceService.java:186 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/blockhash/CategorizeBlockHash.java:158
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/blockhash/CategorizeBlockHash.java:158 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/FilteredAggregatorFunction.java:33
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/FilteredAggregatorFunction.java:33 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/FilteredGroupingAggregatorFunction.java:44
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/aggregation/FilteredGroupingAggregatorFunction.java:44 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/expression/ConstantEvaluators.java:30
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/expression/ConstantEvaluators.java:30 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/expression/LoadFromPageEvaluator.java:45
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/expression/LoadFromPageEvaluator.java:45 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/lucene/query/LuceneQueryExpressionEvaluator.java:39
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/lucene/query/LuceneQueryExpressionEvaluator.java:39 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/ColumnExtractOperator.java:68
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/ColumnExtractOperator.java:68 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/EvalOperator.java:101
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/EvalOperator.java:101 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/FilterOperator.java:102
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/FilterOperator.java:102 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/lookup/BulkLookupSingleValued.java:26
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/lookup/BulkLookupSingleValued.java:26 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/mvdedupe/MultivalueDedupe.java:181
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/mvdedupe/MultivalueDedupe.java:181 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/StringExtractOperator.java:71
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/compute/src/main/java/org/elasticsearch/compute/operator/StringExtractOperator.java:71 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceBooleanEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceBooleanEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceBytesRefEvaluator.java:82
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceBytesRefEvaluator.java:82 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceDoubleEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceDoubleEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceExponentialHistogramEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceExponentialHistogramEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceFloatEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceFloatEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceIntEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceIntEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceLongEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceLongEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceLongRangeEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceLongRangeEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceTDigestEvaluator.java:81
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/function/scalar/nulls/CoalesceTDigestEvaluator.java:81 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InBooleanEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InBooleanEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InBytesRefEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InBytesRefEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InDoubleEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InDoubleEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InIntEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InIntEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InLongEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InLongEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InMillisNanosEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InMillisNanosEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InNanosMillisEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/generated-src/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/InNanosMillisEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/evaluator/mapper/EvaluatorMapper.java:110
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/evaluator/mapper/EvaluatorMapper.java:110 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/fulltext/Score.java:131
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/fulltext/Score.java:131 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/conditional/Case.java:502
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/conditional/Case.java:502 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/AbstractConvertFunction.java:155
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/AbstractConvertFunction.java:155 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/FromAggregateMetricDouble.java:160
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/FromAggregateMetricDouble.java:160 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/ToAggregateMetricDouble.java:253
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/convert/ToAggregateMetricDouble.java:253 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/histogram/ExtractHistogramComponent.java:181
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/histogram/ExtractHistogramComponent.java:181 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/internal/PackDimension.java:97
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/internal/PackDimension.java:97 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/internal/UnpackDimension.java:91
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/internal/UnpackDimension.java:91 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/AbstractMultivalueFunction.java:97
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/AbstractMultivalueFunction.java:97 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/MvConcat.java:154
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/MvConcat.java:154 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/MvSort.java:324
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/multivalue/MvSort.java:324 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/spatial/StDimension.java:168
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/spatial/StDimension.java:168 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/spatial/StGeometryType.java:167
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/spatial/StGeometryType.java:167 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/ReplaceConstantOrdinalEvaluator.java:86
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/ReplaceConstantOrdinalEvaluator.java:86 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/util/Delay.java:129
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/util/Delay.java:129 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/vector/Magnitude.java:141
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/vector/Magnitude.java:141 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/vector/VectorSimilarityFunction.java:159
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/vector/VectorSimilarityFunction.java:159 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/LiteralsEvaluator.java:40
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/LiteralsEvaluator.java:40 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/logical/BooleanLogicExpressionEvaluator.java:47
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/logical/BooleanLogicExpressionEvaluator.java:47 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/nulls/IsNotNull.java:159
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/nulls/IsNotNull.java:159 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/nulls/IsNull.java:159
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/nulls/IsNull.java:159 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/arithmetic/DenseVectorScalarEvaluator.java:55
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/arithmetic/DenseVectorScalarEvaluator.java:55 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/arithmetic/DenseVectorsEvaluator.java:54
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/arithmetic/DenseVectorsEvaluator.java:54 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/EqualsDenseVectorEvaluator.java:40
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/EqualsDenseVectorEvaluator.java:40 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/NotEqualsDenseVectorEvaluator.java:40
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/predicate/operator/comparison/NotEqualsDenseVectorEvaluator.java:40 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/completion/CompletionRequestIterator.java:141
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/completion/CompletionRequestIterator.java:141 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/embedding/EmbeddingRequestIterator.java:80
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/embedding/EmbeddingRequestIterator.java:80 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/rerank/RerankRequestIterator.java:238
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/rerank/RerankRequestIterator.java:238 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/textembedding/TextEmbeddingRequestIterator.java:60
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/inference/textembedding/TextEmbeddingRequestIterator.java:60 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/planner/TypeConverter.java:60
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/planner/TypeConverter.java:60 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/common/SemanticTextInfoExtractor.java:67
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/inference/src/main/java/org/elasticsearch/xpack/inference/common/SemanticTextInfoExtractor.java:67 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/profiling/src/main/java/org/elasticsearch/xpack/profiling/action/StackTrace.java:178
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/profiling/src/main/java/org/elasticsearch/xpack/profiling/action/StackTrace.java:178 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/profiling/src/main/java/org/elasticsearch/xpack/profiling/action/TransportGetStackTracesAction.java:916
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/profiling/src/main/java/org/elasticsearch/xpack/profiling/action/TransportGetStackTracesAction.java:916 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/AbstractCompareCondition.java:58
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/AbstractCompareCondition.java:58 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ArrayCompareCondition.java:207
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/ArrayCompareCondition.java:207 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/CompareCondition.java:135
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/condition/CompareCondition.java:135 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/message/DynamicAttachments.java:33
Found a known-risky pattern (eval_used). Review and replace if possible.
x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/message/DynamicAttachments.java:33 Eval used
medium Security checks security path traversal conf 1.00 3 occurrences [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
3 files, 3 locations
build-tools-internal/src/integTest/groovy/org/elasticsearch/gradle/internal/SymbolicLinkPreservingTarFuncTest.groovy:138
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/JarApiComparisonTask.java:115
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/dependencies/patches/Utils.java:89
medium Security checks cicd CI/CD security conf 0.94 4 occurrences Compose service `prometheus` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
lines 21, 38, 82, 105
dev-tools/prometheus-local/docker-compose.yml:21, 38, 82, 105 (4 hits)
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.90 Docker build context has no .dockerignore
Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases.
.dockerignore CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.84 Docker build context is very large
Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers.
.dockerignore CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.82 9 occurrences Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
9 files, 9 locations
libs/parquet-rs/native/Dockerfile.rust-toolchain:20
libs/simdvec/native/Dockerfile.cross-toolchain:21
test/fixtures/krb5kdc-fixture/Dockerfile:1
x-pack/plugin/esql-datasource-parquet-rs/native/build-tools/Dockerfile.cargo-zigbuild:12
x-pack/test/idp-fixture/src/main/resources/idp/Dockerfile:11
x-pack/test/idp-fixture/src/main/resources/nginx/Dockerfile:44
x-pack/test/idp-fixture/src/main/resources/oidc/Dockerfile:40
x-pack/test/idp-fixture/src/main/resources/openldap/Dockerfile:1
CI/CD securitycontainers
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version.
.buildkite/scripts/setup_node.sh:8
medium System graph hardware Security conf 1.00 Dockerfile runs as root: test/fixtures/krb5kdc-fixture/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: x-pack/test/idp-fixture/src/main/resources/idp/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: x-pack/test/idp-fixture/src/main/resources/nginx/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: x-pack/test/idp-fixture/src/main/resources/oidc/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: x-pack/test/idp-fixture/src/main/resources/openldap/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: x-pack/test/smb-fixture/src/main/resources/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
3 files, 3 locations
.github/workflows/docs-deploy.yml
.github/workflows/docs-preview-cleanup.yml
.github/workflows/updatecli-compose.yml
CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in dev-tools/prepare_release_update_documentation.py:33
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
dev-tools/prepare_release_update_documentation.py:33 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in docs/release-notes/changelog-bundles/9.1.0.yml:2045
Found a known-risky pattern (weak_hash). Review and replace if possible.
docs/release-notes/changelog-bundles/9.1.0.yml:2045 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/FingerprintProcessor.java:220
Found a known-risky pattern (weak_hash). Review and replace if possible.
modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/FingerprintProcessor.java:220 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in modules/ip-location/src/main/java/org/elasticsearch/ingest/geoip/GeoIpTaskState.java:154
Found a known-risky pattern (weak_hash). Review and replace if possible.
modules/ip-location/src/main/java/org/elasticsearch/ingest/geoip/GeoIpTaskState.java:154 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java:370
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java:370 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Hash.java:53
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Hash.java:53 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Md5.java:30
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Md5.java:30 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Sha1.java:25
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/string/Sha1.java:25 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java:111
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java:111 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/X509CertificateSignature.java:129
Found a known-risky pattern (weak_hash). Review and replace if possible.
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/X509CertificateSignature.java:129 Weak hash
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — dev-tools/prepare_release_update_documentation.py:33
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph network Security conf 1.00 Privileged port 1000 in use
Port 1000 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
distribution/docker/src/docker/dockerfiles/default/Dockerfile Ports
medium System graph network Security conf 1.00 Privileged port 256 in use
Port 256 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
updatecli-compose.yaml Ports
medium System graph network Security conf 1.00 Privileged port 588 in use
Port 588 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
updatecli-compose.yaml Ports
medium System graph network Security conf 1.00 Privileged port 65 in use
Port 65 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
distribution/docker/src/docker/dockerfiles/wolfi/Dockerfile Ports
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 17 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
Coverage
high Security checks cicd CI/CD security conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
qa/remote-clusters/docker-compose.yml:113 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
docs/reference/setup/install/docker/docker-compose.yml:190 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
qa/remote-clusters/docker-compose.yml:113 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
docs/reference/setup/install/docker/docker-compose.yml:190 CI/CD securitycontainers
low Security checks quality Quality conf 0.60 4 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
4 files, 4 locations
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/precommit/CheckForbiddenApisTask.java:371
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/precommit/ValidateJsonNoKeywordsTask.java:44
build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/transport/GenerateTransportVersionDefinitionTask.java:109
distribution/tools/windows-service-cli/src/main/java/org/elasticsearch/windows/service/WindowsServiceDaemon.java:75
duplicationquality
low System graph quality Maintenance conf 1.00 3447 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph software Dead code candidate conf 1.00 File has no detected symbols: x-pack/plugin/sql/connectors/tableau/connector/connectionBuilder.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: x-pack/plugin/sql/connectors/tableau/connector/connectionProperties.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code conf 1.00 Possibly dead Python function: callback
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
dev-tools/prepare_release_update_documentation.py:105
low System graph software Dead code conf 1.00 Possibly dead Python function: read_stdout
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
x-pack/plugin/sql/connectors/tableau/tdvt/tdvt_run.py:41
low System graph quality Complexity conf 1.00 Very large file: benchmarks/src/main/java/org/elasticsearch/benchmark/compute/operator/EvalBenchmark.java (1576 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: build-tools/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java (1818 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: distribution/tools/plugin-cli/src/test/java/org/elasticsearch/plugins/cli/InstallPluginActionTests.java (1639 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/entitlement/asm-provider/src/test/java/org/elasticsearch/entitlement/instrumentation/impl/InstrumenterTests.java (1271 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/entitlement/src/main/java/org/elasticsearch/entitlement/rules/ClassMethodBuilder.java (1220 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/native/src/main/java/org/elasticsearch/nativeaccess/jdk/JdkVectorLibrary.java (1520 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/simdvec/src/main/java/org/elasticsearch/simdvec/internal/vectorization/PanamaESVectorUtilSupport.java (2058 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/simdvec/src/test/java/org/elasticsearch/simdvec/ESVectorUtilTests.java (1262 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/ssl-config/src/test/java/org/elasticsearch/common/ssl/SslDiagnosticsTests.java (1194 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/x-content/src/main/java/org/elasticsearch/xcontent/XContentBuilder.java (1384 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: libs/x-content/src/test/java/org/elasticsearch/xcontent/ObjectParserTests.java (1255 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/aggregations/src/test/java/org/elasticsearch/aggregations/bucket/histogram/AutoDateHistogramAggregatorTests.java (1158 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/internalClusterTest/java/org/elasticsearch/datastreams/DataStreamIT.java (2631 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/internalClusterTest/java/org/elasticsearch/datastreams/DataStreamsSnapshotsIT.java (1530 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/internalClusterTest/java/org/elasticsearch/datastreams/lifecycle/DataStreamLifecycleServiceIT.java (1223 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/internalClusterTest/java/org/elasticsearch/datastreams/TSDBSyntheticIdsIT.java (2346 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/main/java/org/elasticsearch/datastreams/lifecycle/DataStreamLifecycleService.java (1759 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/test/java/org/elasticsearch/datastreams/DataStreamIndexSettingsProviderTests.java (1229 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/data-streams/src/test/java/org/elasticsearch/datastreams/lifecycle/DataStreamLifecycleServiceTests.java (2024 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/CefProcessorTests.java (1012 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/ip-location/src/test/java/org/elasticsearch/ingest/geoip/DatabaseNodeServiceTests.java (1085 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/antlr/PainlessParser.java (5805 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/Def.java (1926 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/DefMath.java (1292 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupBuilder.java (2012 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/phase/DefaultIRTreeToASMBytesPhase.java (1998 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/phase/DefaultSemanticAnalysisPhase.java (3361 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/main/java/org/elasticsearch/painless/phase/DefaultUserTreeToIRTreePhase.java (1984 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/test/java/org/elasticsearch/painless/StandardCastTests.java (1923 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/lang-painless/src/test/java/org/elasticsearch/painless/WhenThingsGoWrongTests.java (847 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/legacy-geo/src/test/java/org/elasticsearch/legacygeo/GeoJsonShapeParserTests.java (2287 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/mapper-extras/src/main/java/org/elasticsearch/index/mapper/extras/MatchOnlyTextFieldMapper.java (1276 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/parent-join/src/internalClusterTest/java/org/elasticsearch/join/query/ChildQuerySearchIT.java (1831 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/percolator/src/internalClusterTest/java/org/elasticsearch/percolator/PercolatorQuerySearchIT.java (1494 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/percolator/src/test/java/org/elasticsearch/percolator/CandidateQueryTests.java (1377 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/percolator/src/test/java/org/elasticsearch/percolator/PercolatorFieldMapperTests.java (1304 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/percolator/src/test/java/org/elasticsearch/percolator/QueryAnalyzerTests.java (1349 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/reindex-management/src/internalClusterTest/java/org/elasticsearch/reindex/management/ReindexRelocationIT.java (1237 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/reindex/src/main/java/org/elasticsearch/reindex/AbstractAsyncBulkByPaginatedSearchAction.java (1399 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/reindex/src/main/java/org/elasticsearch/reindex/Reindexer.java (1285 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/reindex/src/test/java/org/elasticsearch/reindex/AsyncBulkByScrollActionTests.java (2648 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/reindex/src/test/java/org/elasticsearch/reindex/ReindexerTests.java (3296 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/repository-azure/src/main/java/org/elasticsearch/repositories/azure/AzureBlobStore.java (1502 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/repository-s3/qa/insecure-credentials/src/test/java/org/elasticsearch/repositories/s3/AmazonS3Wrapper.java (1718 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3BlobContainer.java (1506 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/repository-s3/src/test/java/org/elasticsearch/repositories/s3/S3BlobContainerRetriesTests.java (1793 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpServerTransportTests.java (1192 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: modules/workload-identity/src/test/java/org/elasticsearch/workloadidentity/HttpsWorkloadIdentityIssuerClientTests.java (1425 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: qa/full-cluster-restart/src/javaRestTest/java/org/elasticsearch/upgrades/FullClusterRestartIT.java (1969 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: qa/multi-cluster-search/src/javaRestTest/java/org/elasticsearch/search/CCSDuelIT.java (1467 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: qa/packaging/src/test/java/org/elasticsearch/packaging/test/DockerTests.java (1338 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: qa/vector/src/main/java/org/elasticsearch/test/knn/KnnIndexTester.java (1165 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: qa/vector/src/main/java/org/elasticsearch/test/knn/TestConfiguration.java (1101 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/action/admin/cluster/allocation/ClusterAllocationExplainIT.java (1528 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/action/admin/cluster/node/tasks/TasksIT.java (1008 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/action/bulk/BatchBulkIT.java (1456 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/action/termvectors/GetTermVectorsIT.java (1126 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/aliases/IndexAliasesIT.java (1638 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/cluster/routing/allocation/decider/WriteLoadConstraintDeciderIT.java (1097 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/get/GetActionIT.java (1179 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/index/shard/IndexShardIT.java (1068 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/indices/recovery/IndexRecoveryIT.java (2376 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/indices/stats/IndexStatsIT.java (1369 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/rest/action/document/RestIndexActionIT.java (1143 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/DateHistogramIT.java (1780 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/HistogramIT.java (1323 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/RangeIT.java (1029 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/bucket/terms/StringTermsIT.java (1430 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/metrics/ExtendedStatsIT.java (972 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/metrics/ScriptedMetricIT.java (1252 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/aggregations/metrics/TopHitsIT.java (1427 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/ccs/CrossClusterSearchIT.java (916 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/fetch/subphase/highlight/HighlighterSearchIT.java (3758 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/fetch/subphase/InnerHitsIT.java (1001 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/fieldcaps/FieldCapabilitiesIT.java (1258 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/fields/SearchFieldsIT.java (1230 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/functionscore/QueryRescorerIT.java (1095 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/nested/SimpleNestedIT.java (1603 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/query/SearchQueryIT.java (1826 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/sort/FieldSortIT.java (2262 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/suggest/CompletionSuggestSearchIT.java (1556 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/search/suggest/SuggestSearchIT.java (1438 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/CloneSnapshotIT.java (1065 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/ConcurrentSnapshotsIT.java (2526 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/DedicatedClusterSnapshotRestoreIT.java (1338 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/GetSnapshotsIT.java (1271 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/RestoreSnapshotIT.java (1194 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/SharedClusterSnapshotRestoreIT.java (2393 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/internalClusterTest/java/org/elasticsearch/snapshots/SystemResourceSnapshotIT.java (1328 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/ActionModule.java (1102 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/bulk/BulkOperation.java (1006 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/search/SearchQueryThenFetchAsyncAction.java (1099 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/search/SearchResponse.java (1339 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/search/TransportSearchAction.java (2747 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/support/IndicesOptions.java (1503 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/action/support/replication/TransportReplicationAction.java (1597 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/ClusterState.java (1407 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/coordination/CoordinationDiagnosticsService.java (1357 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/coordination/Coordinator.java (2333 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/DataStream.java (2224 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/DataStreamLifecycle.java (1086 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/IndexMetadata.java (3387 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/IndexNameExpressionResolver.java (2527 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/Metadata.java (1984 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/MetadataCreateIndexService.java (2206 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/MetadataIndexStateService.java (1402 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/MetadataIndexTemplateService.java (2267 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/metadata/ProjectMetadata.java (2473 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/routing/allocation/allocator/BalancedShardsAllocator.java (2054 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/routing/allocation/shards/ShardsAvailabilityHealthIndicatorService.java (1115 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/routing/RoutingNodes.java (1560 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/service/MasterService.java (2098 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/cluster/SnapshotsInProgress.java (2029 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/io/stream/StreamInput.java (1565 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/Rounding.java (1828 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/settings/AbstractScopedSettings.java (1076 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/settings/Setting.java (2530 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/settings/Settings.java (1657 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/time/DateFormatters.java (2249 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/common/util/concurrent/ThreadContext.java (1128 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/ElasticsearchException.java (2251 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/gateway/PersistedClusterStateService.java (1626 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/postings/ES812PostingsReader.java (1960 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/postings/Lucene90BlockTreeTermsWriter.java (1161 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/tsdb/AbstractTSDBDocValuesConsumer.java (1201 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/tsdb/AbstractTSDBDocValuesProducer.java (3231 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/tsdb/ES87TSDBDocValuesProducer.java (1481 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/vectors/cluster/HierarchicalKMeans.java (1181 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/vectors/diskbbq/es94/ES940DiskBBQVectorsWriter.java (1098 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/vectors/diskbbq/next/ESNextDiskBBQVectorsReader.java (1279 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/vectors/diskbbq/next/ESNextDiskBBQVectorsWriter.java (1432 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/codec/vectors/Lucene99ScalarQuantizedVectorsWriter.java (1215 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/engine/Engine.java (2764 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/engine/InternalEngine.java (4223 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/IndexService.java (1440 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/IndexSettings.java (2469 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/DateFieldMapper.java (1399 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/DocumentParser.java (1274 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/FieldMapper.java (2157 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/flattened/FlattenedFieldMapper.java (1707 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/KeywordFieldMapper.java (1735 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/NumberFieldMapper.java (2747 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/ObjectMapper.java (1276 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/TextFieldMapper.java (2261 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/mapper/vectors/DenseVectorFieldMapper.java (4137 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/query/IntervalsSourceProvider.java (1376 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/seqno/ReplicationTracker.java (1642 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: server/src/main/java/org/elasticsearch/index/shard/IndexShard.java (5142 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.

Showing first 300 of 752. Refine filters or use the findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/d4be5fa3-841a-4364-9c0a-d77b4a437a6b/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/d4be5fa3-841a-4364-9c0a-d77b4a437a6b/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.