cloudwego/abcoder

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

Scan timing: clone 17.02s · analysis 2.17s · 26.3 MB · GitHub API rate-limit (preflight)

https://github.com/cloudwego/abcoder · scanned 2026-05-31 01:23 UTC (1 week, 6 days ago) · 10 languages

191 raw signals (67 security + 124 graph) 11/13 scanners ran 100th percentile · Go · medium (20-100K LoC) System graph score 65 (higher by 22)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 6 days ago · v2 · 83 actionable findings from 2 signal sources. 46 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

100.0% cov · 48 findings

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	85.0	0.15	12.75
`security_score`	100.0	0.25	25.00
`testing_score`	91.0	0.20	18.20
`documentation_score`	81.0	0.15	12.15
`practices_score`	72.0	0.15	10.80
`code_quality`	80.0	0.10	8.00
Overall		1.00	86.9

security_score may be inflated — optional security scanners were skipped on this fast scan

Severity distribution — click a segment to filter

Active filters: severity: high × excluding tests × Reset all

Severity: Critical 1 High 10 Medium 4 Low 48 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 35 System graph 48 Crowd 0 Layer: Software 20 Quality 32 Security 2 Cicd 2 Frontend 13 Api 14

Exclude dismissed / FP Exclude test files

Scan summary Quality grade A- (87/100). Dimensions: security 100, maintainability 85. 67 findings (19 security). 39,486 lines analyzed.

Showing 2 of 83 actionable findings. 129 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `lang/java/ipc/abcoder-java-analyzer-1.0-SNAPSHOT.jar` committed in source repo: `lang/java/ipc/abcoder-java-analyzer-1.0-SNAPSHOT.jar` is a .jar binary (18,763,322 bytes) committed to a repo that otherwise has 226 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.

Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.

lang/java/ipc/abcoder-java-analyzer-1.0-SNAPSHOT.jar:1

high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.example.com/data (ts-parser/test-repo/src/services/ExportDefault.ts:4)

`ts-parser/test-repo/src/services/ExportDefault.ts:4` calls `GET https://api.example.com/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.example.com/data` If this points at an external API, prefix it…

Dangling fetchFetch

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/db702b90-6668-4796-b198-40ebefc82950/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/db702b90-6668-4796-b198-40ebefc82950/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.