← Back to scan
File as GitHub Issue repo: tensorflow/models

Push this scan report to tensorflow/models

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self._require` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED108 [MINED108] `self.evaluate` used but never assigned in __init__: Method `train_and_evaluat… orbit/controller.py:394
HIGH MINED108 [MINED108] `self.train` used but never assigned in __init__: Method `train_and_evaluate` … orbit/controller.py:393
HIGH MINED108 [MINED108] `self._sync_on_async_checkpointing` used but never assigned in __init__: Metho… orbit/controller.py:397
HIGH MINED108 [MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `tra… orbit/controller.py:396
HIGH MINED108 [MINED108] `self._require` used but never assigned in __init__: Method `train_and_evaluat… orbit/controller.py:385
HIGH MINED108 [MINED108] `self._require` used but never assigned in __init__: Method `train_and_evaluat… orbit/controller.py:384
HIGH MINED108 [MINED108] `self._require` used but never assigned in __init__: Method `evaluate` of clas… orbit/controller.py:311
HIGH MINED108 [MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `tra… orbit/controller.py:287
HIGH MINED108 [MINED108] `self._maybe_save_checkpoint` used but never assigned in __init__: Method `tra… orbit/controller.py:283
HIGH MINED108 [MINED108] `self._train_n_steps` used but never assigned in __init__: Method `train` of c… orbit/controller.py:282
HIGH MINED108 [MINED108] `self.steps_per_loop` used but never assigned in __init__: Method `train` of c… orbit/controller.py:281
HIGH MINED108 [MINED108] `self._sync_on_async_checkpointing` used but never assigned in __init__: Metho… orbit/controller.py:289
HIGH MINED108 [MINED108] `self._require` used but never assigned in __init__: Method `train` of class `… orbit/controller.py:274
HIGH MINED108 [MINED108] `self.eval_reduce` used but never assigned in __init__: Method `evaluate` of c… orbit/standard_runner.py:347
HIGH MINED108 [MINED108] `self.eval_end` used but never assigned in __init__: Method `evaluate` of clas… orbit/standard_runner.py:352
HIGH MINED108 [MINED108] `self.eval_end` used but never assigned in __init__: Method `evaluate` of clas… orbit/standard_runner.py:350
HIGH MINED108 [MINED108] `self.eval_dataset` used but never assigned in __init__: Method `evaluate` of … orbit/standard_runner.py:337
HIGH MINED108 [MINED108] `self.create_eval_loop_fn` used but never assigned in __init__: Method `evalua… orbit/standard_runner.py:332
HIGH MINED108 [MINED108] `self.eval_begin` used but never assigned in __init__: Method `evaluate` of cl… orbit/standard_runner.py:328
HIGH MINED108 [MINED108] `self.eval_step` used but never assigned in __init__: Method `create_eval_loop… orbit/standard_runner.py:293
HIGH MINED108 [MINED108] `self.train_dataset` used but never assigned in __init__: Method `train` of cl… orbit/standard_runner.py:144
HIGH MINED108 [MINED108] `self.create_train_loop_fn` used but never assigned in __init__: Method `train… orbit/standard_runner.py:141
HIGH MINED108 [MINED108] `self.train_loop_end` used but never assigned in __init__: Method `train` of c… orbit/standard_runner.py:147
HIGH MINED108 [MINED108] `self.train_loop_begin` used but never assigned in __init__: Method `train` of… orbit/standard_runner.py:138
HIGH MINED108 [MINED108] `self.train_step` used but never assigned in __init__: Method `create_train_lo… orbit/standard_runner.py:115
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). research/delf/delf/python/training/down…:76
HIGH MINED036 [MINED036] Python Os System Call: os.system() invokes shell with no escaping. research/delf/delf/python/datasets/sfm1…:52
HIGH SEC080 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='da… research/deep_speech/data/download.py:82
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … official/projects/waste_identification_…:60
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… official/projects/waste_identification_…:47
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… official/projects/waste_identification_…:58
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… official/projects/waste_identification_…:33
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… official/projects/waste_identification_…:104
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… research/slim/datasets/dataset_utils.py:105
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… research/object_detection/builders/data…:261
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… official/projects/nhnet/raw_data_proces…:80
HIGH MINED040 [MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize … official/nlp/serving/export_savedmodel.…:123
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… official/legacy/xlnet/training_utils.py:168
HIGH MINED021 [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can co… official/projects/centernet/configs/cen…:198
HIGH MINED021 [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can co… official/projects/basnet/configs/basnet…:117
HIGH DKR014 Dockerfile copies the entire context without .dockerignore research/object_detection/dockerfiles/t…:38
HIGH DKR014 Dockerfile copies the entire context without .dockerignore research/object_detection/dockerfiles/t…:29
HIGH DKR014 Dockerfile copies the entire context without .dockerignore research/object_detection/dockerfiles/t…:29
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout… .github/workflows/ci.yml:23
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v2`: `uses: actions/setu… .github/workflows/ci.yml:13
HIGH MINED118 [MINED118] Dockerfile FROM `pytorch/pytorch:2.8.0-cuda12.8-cudnn9-devel` not pinned by di… official/projects/waste_identification_…:1
HIGH MINED118 [MINED118] Dockerfile FROM `tensorflow/tensorflow:nightly-devel` not pinned by digest: `F… research/object_detection/dockerfiles/a…:17
HIGH MINED118 [MINED118] Dockerfile FROM `tensorflow/tensorflow:latest-gpu` not pinned by digest: `FROM… research/object_detection/dockerfiles/t…:1
HIGH MINED118 [MINED118] Dockerfile FROM `tensorflow/tensorflow:2.2.0-gpu` not pinned by digest: `FROM … research/object_detection/dockerfiles/t…:1
HIGH MINED118 [MINED118] Dockerfile FROM `tensorflow/tensorflow:1.15.2-gpu-py3` not pinned by digest: `… research/object_detection/dockerfiles/t…:1
HIGH MINED112 [MINED112] FastAPI POST /predict has no auth: Handler `predict` is registered with router… official/projects/waste_identification_…:48
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… official/projects/waste_identification_…:105
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… research/lfads/synth_data/generate_itb_…:126
MED MINED109 [MINED109] Mutable default argument in `test_retrieval` (list): `def test_retrieval(... =… research/delf/delf/python/training/glob…:201
MED MINED109 [MINED109] Mutable default argument in `extract_global_descriptors_from_list` (list): `de… research/delf/delf/python/training/mode…:209
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… research/object_detection/dataset_tools…:188
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… research/object_detection/dataset_tools…:113
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… research/slim/datasets/process_bounding…:123
MED MINED109 [MINED109] Mutable default argument in `_create_train_op` (list): `def _create_train_op(.… research/rebar/rebar.py:331
MED MINED109 [MINED109] Mutable default argument in `_create_eta` (list): `def _create_eta(... = []/{}… research/rebar/rebar.py:90
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … research/delf/delf/python/training/glob…:147
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … research/delf/delf/python/datasets/tupl…:264
MED SEC115 [SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives… research/slim/datasets/download_and_con…:142
MED SEC115 [SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives… research/slim/datasets/dataset_utils.py:138
MED SEC115 [SEC115] Decompression without size cap (zip/gzip bomb): Decompressing untrusted archives… official/recommendation/movielens.py:126
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… research/slim/datasets/dataset_utils.py:138
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… research/deep_speech/data/download.py:82
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… official/recommendation/movielens.py:126
MED SEC011 [SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execut… official/projects/waste_identification_…:100
MED SEC011 [SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execut… official/projects/waste_identification_…:59
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… official/projects/waste_identification_…:14
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … research/seq_flow_lite/tflite_ops/denyl…:47
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … research/seq_flow_lite/models/sgnn/sgnn…:90
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … research/rebar/rebar_train.py:52
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… official/recommendation/uplift/layers/u…:33
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… official/nlp/modeling/layers/masked_lm.…:98
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… official/modeling/optimization/lars.py:150
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. official/recommendation/data_preprocess…:154
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. official/nlp/serving/export_savedmodel.…:123
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. official/legacy/xlnet/run_squad.py:259
MED MINED124 [MINED124] requirements.txt: `cupy-cuda12x[ctk]` has no version pin: Unpinned pip require… official/projects/waste_identification_…:20
MED MINED124 [MINED124] requirements.txt: `cupy-cuda12x[cuda_dlls]` has no version pin: Unpinned pip r… official/projects/waste_identification_…:19
MED MINED124 [MINED124] requirements.txt: `mediapy` has no version pin: Unpinned pip requirement means… official/projects/movinet/requirements.…:1
MED MINED124 [MINED124] requirements.txt: `gin-config` has no version pin: Unpinned pip requirement me… official/projects/unified_detector/requ…:2
MED MINED124 [MINED124] requirements.txt: `tf-nightly` has no version pin: Unpinned pip requirement me… official/projects/unified_detector/requ…:1
MED MINED124 [MINED124] requirements.txt: `soundfile` has no version pin: Unpinned pip requirement mea… research/audioset/vggish/requirements.t…:6
MED MINED124 [MINED124] requirements.txt: `six` has no version pin: Unpinned pip requirement means eve… research/audioset/vggish/requirements.t…:5
MED MINED124 [MINED124] requirements.txt: `tf_slim` has no version pin: Unpinned pip requirement means… research/audioset/vggish/requirements.t…:4
MED MINED124 [MINED124] requirements.txt: `tensorflow` has no version pin: Unpinned pip requirement me… research/audioset/vggish/requirements.t…:3
MED MINED124 [MINED124] requirements.txt: `resampy` has no version pin: Unpinned pip requirement means… research/audioset/vggish/requirements.t…:2
MED MINED124 [MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means e… research/audioset/vggish/requirements.t…:1
MED MINED124 [MINED124] requirements.txt: `immutabledict` has no version pin: Unpinned pip requirement… official/requirements.txt:29
MED MINED124 [MINED124] requirements.txt: `sacrebleu` has no version pin: Unpinned pip requirement mea… official/requirements.txt:27
MED MINED124 [MINED124] requirements.txt: `sentencepiece` has no version pin: Unpinned pip requirement… official/requirements.txt:26
MED MINED124 [MINED124] requirements.txt: `seqeval` has no version pin: Unpinned pip requirement means… official/requirements.txt:25
MED MINED124 [MINED124] requirements.txt: `pycocotools` has no version pin: Unpinned pip requirement m… official/requirements.txt:23
MED MINED124 [MINED124] requirements.txt: `Pillow` has no version pin: Unpinned pip requirement means … official/requirements.txt:22
MED MINED124 [MINED124] requirements.txt: `opencv-python-headless` has no version pin: Unpinned pip re… official/requirements.txt:21
MED MINED124 [MINED124] requirements.txt: `matplotlib` has no version pin: Unpinned pip requirement me… official/requirements.txt:17
MED MINED124 [MINED124] requirements.txt: `Cython` has no version pin: Unpinned pip requirement means … official/requirements.txt:16
MED MINED124 [MINED124] requirements.txt: `gin-config` has no version pin: Unpinned pip requirement me… official/requirements.txt:14
MED MINED124 [MINED124] requirements.txt: `tensorflow-datasets` has no version pin: Unpinned pip requi… official/requirements.txt:12
MED MINED124 [MINED124] requirements.txt: `oauth2client` has no version pin: Unpinned pip requirement … official/requirements.txt:5
MED MINED124 [MINED124] requirements.txt: `six` has no version pin: Unpinned pip requirement means eve… official/requirements.txt:1
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DKR001 Docker final stage has no non-root USER research/object_detection/dockerfiles/t…:1
MED DKR001 Docker final stage has no non-root USER research/object_detection/dockerfiles/a…:17
MED DKR001 Docker final stage has no non-root USER official/projects/waste_identification_…:1
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. official/projects/waste_identification_…:58
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. official/projects/waste_identification_…:33
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. official/projects/waste_identification_…:104
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… research/marco/Automated_Marco.py:70
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… research/lfads/synth_data/generate_chao…:119
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… official/projects/yt8m/dataloaders/util…:72
LOW SEC124 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/ex… research/rebar/download_data.py:55
LOW SEC124 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/ex… official/projects/waste_identification_…:101
LOW COMP001 [COMP001] High cognitive complexity: Function `decorator` has cognitive complexity 11 (So… official/core/registry.py:38
LOW COMP001 [COMP001] High cognitive complexity: Function `export` has cognitive complexity 10 (Sonar… official/core/export_base.py:99
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/xlnet_ba…:375
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/sparse_m…:73
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/sparse_m…:63
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/funnel_t…:340
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/funnel_t…:164
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/networks/fnet.py:52
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/transforme…:223
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/transforme…:622
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/transforme…:424
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/transforme…:120
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/transforme…:16
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/tn_transfo…:156
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/tn_transfo…:155
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/tn_transfo…:153
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/talking_he…:54
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/rezero_tra…:290
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/rezero_tra…:245
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/rezero_tra…:243
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/reuse_tran…:213
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/reuse_tran…:211
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/reuse_atte…:232
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/reuse_atte…:51
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/reuse_atte…:49
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/relative_a…:8
LOW AIC003 Duplicated implementation block across source files official/nlp/modeling/layers/gated_feed…:68
LOW AIC003 Duplicated implementation block across source files official/nlp/finetuning/superglue/run_s…:66
LOW AIC003 Duplicated implementation block across source files official/nlp/finetuning/superglue/flags…:38
LOW AIC003 Duplicated implementation block across source files official/nlp/data/squad_lib_sp.py:286
LOW AIC003 Duplicated implementation block across source files official/modeling/optimization/lars.py:117
LOW AIC003 Duplicated implementation block across source files official/modeling/multitask/train_lib.py:95
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/t…:6
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/t…:18
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/t…:6
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/t…:18
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/t…:6
LOW DKR010 Dockerfile leaves apt package indexes in the image layer research/object_detection/dockerfiles/a…:27
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:48
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:47
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/t…:6
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:39
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:38
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/t…:18
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/t…:6
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:39
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/t…:38
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/t…:18
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/t…:6
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/a…:71
LOW DKR012 Dockerfile keeps pip download cache research/object_detection/dockerfiles/a…:39
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/a…:39
LOW DKR011 Dockerfile installs recommended OS packages research/object_detection/dockerfiles/a…:27
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… research/seq_flow_lite/tflite_ops/denyl…:97
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… research/seq_flow_lite/tflite_ops/denyl…:99
INFO MINED042 [MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak ri… research/seq_flow_lite/models/sgnn/sgnn…:69
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. research/seq_flow_lite/utils/tflite_uti…:21
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. research/marco/jpeg2json.py:34
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. research/marco/Automated_Marco.py:46
INFO MINED069 [MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files. research/delf/delf/python/training/glob…:147
INFO MINED069 [MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files. research/delf/delf/python/datasets/tupl…:264
INFO MINED089 [MINED089] Js Always False If: if (false) — branch never taken. Dead code / disabled feat… orbit/utils/tpu_summaries.py:116
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… official/projects/waste_identification_…:60
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … official/projects/waste_identification_…:20
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … official/projects/waste_identification_…:15
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … official/projects/waste_identification_…:30
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… official/projects/waste_identification_…:53
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… official/projects/waste_identification_…:44
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… official/projects/waste_identification_…:36
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. official/nlp/data/wmt_dataloader.py:216
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. official/projects/const_cl/configs/cons…:31
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. official/projects/const_cl/configs/back…:26
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. official/modeling/fast_training/progres…:34
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… official/projects/waste_identification_…:25
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… official/modeling/multitask/task_sample…:87
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… official/legacy/image_classification/re…:23
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. official/legacy/detection/modeling/shap…:213
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. official/legacy/detection/modeling/reti…:60
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. official/legacy/bert/export_tfhub.py:57
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. official/vision/data/tf_example_feature…:29
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. official/core/tf_example_feature_key.py:28
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… official/core/task_factory.py:32
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… official/common/flags.py:93
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… official/common/distribute_utils.py:254
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `tensorflow/models`

**Score: 67/100 (B+)**  ·  274 findings  ·  scanned 2026-06-05 07:36 UTC  ·  541,958 LOC

| Severity | Count |
|---|---|
| CRITICAL | 16 |
| HIGH | 65 |
| MEDIUM | 60 |
| LOW | 58 |

📊 [Full filterable report](https://repobility.com/scan/e050a7b9-f185-48e3-8563-c0243fa62a6b/)  ·  ![scorecard](https://repobility.com/scan/e050a7b9-f185-48e3-8563-c0243fa62a6b/report.png?v=1780644967-s2)

### Top findings

1. **HIGH** `MINED108` — `self.evaluate` used but never assigned in __init__
   `orbit/controller.py:394` · ✓ Repobility
2. **HIGH** `MINED108` — `self.train` used but never assigned in __init__
   `orbit/controller.py:393` · ✓ Repobility
3. **HIGH** `MINED108` — `self._sync_on_async_checkpointing` used but never assigned in __init__
   `orbit/controller.py:397` · ✓ Repobility
4. **HIGH** `MINED108` — `self._maybe_save_checkpoint` used but never assigned in __init__
   `orbit/controller.py:396` · ✓ Repobility
5. **HIGH** `MINED108` — `self._require` used but never assigned in __init__
   `orbit/controller.py:385` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/e050a7b9-f185-48e3-8563-c0243fa62a6b/_
Already filed
'tensorflow' is on the known-megaproject org list. These projects use auto-triage bots and established security disclosure channels. Unsolicited automated issues from Repobility would be perceived as AI-generated spam. For security findings, follow the project's SECURITY.md policy. For non-security findings, open a focused PR or community discussion instead.
Already filed
This repo publishes a SECURITY.md policy and the scan contains 22 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'tensorflow/models' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.