← Back to scan
File as GitHub Issue repo: kubernetes/kubernetes

Push this scan report to kubernetes/kubernetes

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Async function without await — fire-and-forget Promise (AI mistake)

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED014 [MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in nod… pkg/probe/http/http.go:41
HIGH SEC088 [SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables ce… pkg/probe/http/http.go:41
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … pkg/controller/nodelifecycle/scheduler/…:149
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … pkg/controller/job/tracking_utils.go:105
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … cmd/kubeadm/app/phases/controlplane/vol…:190
HIGH MINED016 [MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern. cmd/kubeadm/app/cmd/phases/upgrade/appl…:165
HIGH MINED016 [MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern. cmd/kubeadm/app/cmd/phases/reset/cleanu…:217
HIGH MINED016 [MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern. cmd/clicheck/check_cli_conventions.go:34
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cmd/kubeadm/app/util/endpoint.go:63
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cmd/kubeadm/app/discovery/discovery.go:96
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cluster/images/etcd-version-monitor/etc…:205
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). hack/update-vendor-licenses.sh:184
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). cluster/get-kube-binaries.sh:134
HIGH SEC093 [SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name a… pkg/kubelet/kubelet_server_journal_linu…:68
HIGH SEC093 [SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name a… cmd/importverifier/importverifier.go:231
HIGH SEC093 [SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name a… cluster/gce/gci/mounter/mounter.go:70
HIGH MINED118 [MINED118] Dockerfile FROM `registry.k8s.io/build-image/go-runner:v2.3.1-go1.17.2-bullsey… cluster/images/kubemark/Dockerfile:22
HIGH MINED118 [MINED118] Dockerfile FROM `gcr.io/distroless/static:latest` not pinned by digest: `FROM … cluster/images/etcd-version-monitor/Doc…:14
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:xenial` not pinned by digest: `FROM ubuntu:xenial` res… cluster/gce/gci/mounter/Dockerfile:14
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:latest` not pinned by digest: `FROM alpine:latest` res… staging/src/k8s.io/kms/internal/plugins…:31
HIGH MINED118 [MINED118] Dockerfile FROM `gcr.io/distroless/base-debian10:latest` not pinned by digest:… staging/src/k8s.io/apiextensions-apiser…:14
HIGH MINED118 [MINED118] Dockerfile FROM `gcr.io/distroless/static:latest` not pinned by digest: `FROM … staging/src/k8s.io/pod-security-admissi…:14
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/sample-controller/go…:67
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../apimachinery` o… staging/src/k8s.io/api/go.mod:35
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/component-base/go.mod:96
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/kube-aggregator/go.m…:123
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/sample-apiserver/go.…:120
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../cri-api` overri… staging/src/k8s.io/cri-streaming/go.mod:37
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/apiserver/go.mod:132
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/sample-cli-plugin/go…:76
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/pod-security-admissi…:117
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/endpointslice/go.mod:76
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/cli-runtime/go.mod:79
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/kube-controller-mana…:34
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/client-go/go.mod:72
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/apiextensions-apiser…:134
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/kubectl/go.mod:105
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/csi-translation-lib/…:38
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/metrics/go.mod:70
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/cloud-provider/go.mod:121
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/kubelet/go.mod:57
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/controller-manager/g…:113
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/component-helpers/go…:61
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../apimachinery` o… staging/src/k8s.io/code-generator/go.mod:60
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ../api` overrides … staging/src/k8s.io/cluster-bootstrap/go…:39
HIGH MINED128 [MINED128] go.mod replaces `k8s.io/streaming` — points to a LOCAL path: `replace k8s.io/s… staging/src/k8s.io/apimachinery/go.mod:62
HIGH MINED119 [MINED119] Dockerfile `ADD http://www.nas.nasa.gov/assets/npb/NPB3.3.1.tar.gz`: Dockerfil… test/images/node-perf/npb-is/Dockerfile:19
HIGH MINED119 [MINED119] Dockerfile `ADD http://www.nas.nasa.gov/assets/npb/NPB3.4.3.tar.gz`: Dockerfil… test/images/node-perf/npb-ep/Dockerfile:19
HIGH MINED119 [MINED119] Dockerfile `ADD https://github.com/coredns/coredns/releases/download/v1.5.0/co… test/images/glibc-dns-testing/Dockerfile:36
HIGH MINED119 [MINED119] Dockerfile `ADD https://github.com/coredns/coredns/releases/download/v1.6.2/co… test/images/agnhost/Dockerfile:53
HIGH MINED128 [MINED128] go.mod replaces `(` — points to a LOCAL path: `replace ( => ./staging/src/k8s.… go.mod:228
HIGH SEC020 [SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-b… pkg/kubelet/token/token_manager.go:124
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… hack/verify-flags-underscore.py:42
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… hack/verify-flags-underscore.py:42
MED SEC094 [SEC094] Go: world-writable file permissions: File or directory created with world-writab… cmd/prune-junit-xml/prunexml.go:64
MED SEC112 [SEC112] Go html/template bypass — text/template used for HTML output, or template.HTML o… cmd/kubeadm/app/util/output/output.go:166
MED SEC112 [SEC112] Go html/template bypass — text/template used for HTML output, or template.HTML o… cmd/kubeadm/app/cmd/version.go:78
MED SEC091 [SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/Read… pkg/proxy/healthcheck/common.go:60
MED SEC091 [SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/Read… cluster/images/etcd-version-monitor/etc…:403
MED COMP001 [COMP001] High cognitive complexity: Function `get_all_files` has cognitive complexity 16… hack/verify-flags-underscore.py:47
MED COMP001 [COMP001] High cognitive complexity: Function `file_passes` has cognitive complexity 22 (… hack/boilerplate/boilerplate.py:65
MED COMP001 [COMP001] High cognitive complexity: Function `get_files` has cognitive complexity 24 (So… hack/boilerplate/boilerplate.py:158
MED DKR003 Dockerfile base image uses the latest tag staging/src/k8s.io/pod-security-admissi…:15
MED DKR003 Dockerfile base image uses the latest tag staging/src/k8s.io/kms/internal/plugins…:32
MED DKR003 Dockerfile base image uses the latest tag staging/src/k8s.io/apiextensions-apiser…:15
MED DKR003 Dockerfile base image uses the latest tag cluster/images/etcd-version-monitor/Doc…:15
MED DKR002 Dockerfile base image has no explicit tag test/e2e_node/conformance/build/Dockerf…:15
MED DKR002 Dockerfile base image has no explicit tag staging/src/k8s.io/sample-apiserver/art…:15
MED DKR002 Dockerfile base image has no explicit tag staging/src/k8s.io/kube-aggregator/arti…:15
MED DKR002 Dockerfile base image has no explicit tag staging/src/k8s.io/client-go/examples/i…:15
MED DKR007 Docker build context has no .dockerignore .dockerignore
MED DKR016 Heavy generated directories are included in Docker build context .dockerignore
MED DKR013 Dockerfile ADD downloads remote content test/images/node-perf/npb-is/Dockerfile:20
MED DKR013 Dockerfile ADD downloads remote content test/images/node-perf/npb-ep/Dockerfile:20
MED DKR013 Dockerfile ADD downloads remote content test/images/glibc-dns-testing/Dockerfile:37
MED DKR013 Dockerfile ADD downloads remote content test/images/agnhost/Dockerfile:54
MED DKR015 Docker build context is very large .dockerignore
MED DKR001 Docker final stage has no non-root USER test/images/windows-nanoserver/Dockerfi…:17
MED DKR001 Docker final stage has no non-root USER test/images/volume/nfs/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/volume/iscsi/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/sample-device-plugin/Docker…:16
MED DKR001 Docker final stage has no non-root USER test/images/sample-apiserver/Dockerfile:19
MED DKR001 Docker final stage has no non-root USER test/images/resource-consumer/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/regression-issue-74839/Dock…:16
MED DKR001 Docker final stage has no non-root USER test/images/pets/zookeeper-installer/Do…:18
MED DKR001 Docker final stage has no non-root USER test/images/pets/peer-finder/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/perl/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER test/images/nonewprivs/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/node-perf/pytorch-wide-deep…:16
MED DKR001 Docker final stage has no non-root USER test/images/node-perf/npb-is/Dockerfile:46
MED DKR001 Docker final stage has no non-root USER test/images/node-perf/npb-ep/Dockerfile:41
MED DKR001 Docker final stage has no non-root USER test/images/nginx-new/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER test/images/nginx/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER test/images/nautilus/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/kitten/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/ipc-utils/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/glibc-dns-testing/Dockerfile:28
MED DKR001 Docker final stage has no non-root USER test/images/busybox/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER test/images/apparmor-loader/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER test/images/agnhost/Dockerfile:36
MED DKR001 Docker final stage has no non-root USER test/e2e_node/conformance/build/Dockerf…:15
MED DKR001 Docker final stage has no non-root USER test/conformance/image/Dockerfile:16
MED DKR001 Docker final stage has no non-root USER staging/src/k8s.io/sample-apiserver/art…:15
MED DKR001 Docker final stage has no non-root USER staging/src/k8s.io/kube-aggregator/arti…:15
MED DKR001 Docker final stage has no non-root USER staging/src/k8s.io/kms/internal/plugins…:32
MED DKR001 Docker final stage has no non-root USER staging/src/k8s.io/client-go/examples/i…:15
MED DKR001 Docker final stage has no non-root USER cluster/images/kubemark/Dockerfile:22
MED DKR001 Docker final stage has no non-root USER cluster/gce/gci/mounter/Dockerfile:15
MED DKR001 Docker final stage has no non-root USER cluster/addons/addon-manager/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER build/server-image/kubectl/Dockerfile:21
MED DKR001 Docker final stage has no non-root USER build/server-image/kube-apiserver/Docke…:28
MED DKR001 Docker final stage has no non-root USER build/server-image/Dockerfile:21
MED AIC001 Parallel implementation file sits beside a canonical file staging/src/k8s.io/apiserver/pkg/regist…:1
MED AIC004 Suspicious implementation file appears unreferenced test/e2e/auth/per_node_update.go:1
MED AGT012 Agent control bridge may listen on a network interface without visible auth pkg/proxy/apis/config/scheme/testdata/K…:2
MED AGT012 Agent control bridge may listen on a network interface without visible auth pkg/proxy/apis/config/scheme/testdata/K…:2
MED AGT012 Agent control bridge may listen on a network interface without visible auth cluster/gce/config-test.sh:13
MED AGT012 Agent control bridge may listen on a network interface without visible auth cluster/gce/config-default.sh:13
MED AGT015 Remote install command pipes network code directly to a shell pkg/proxy/ipvs/README.md:329
MED AGT015 Remote install command pipes network code directly to a shell cluster/get-kube.sh:19
MED CORE_NO_CI No CI/CD configuration found
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. cmd/kubeadm/app/cmd/upgrade/common.go:203
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. cmd/kubeadm/app/cmd/phases/upgrade/appl…:91
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. cmd/kubeadm/app/cmd/options/generic.go:66
LOW AIC003 Duplicated implementation block across source files cmd/kube-apiserver/app/options/options.…:1
LOW AIC003 Duplicated implementation block across source files cmd/kube-apiserver/apiserver.go:2
LOW AIC003 Duplicated implementation block across source files cmd/kube-apiserver/apiserver.go:1
LOW AIC003 Duplicated implementation block across source files cmd/importverifier/importverifier.go:4
LOW AIC003 Duplicated implementation block across source files cmd/importverifier/importverifier.go:2
LOW AIC003 Duplicated implementation block across source files cmd/importverifier/importverifier.go:1
LOW AIC003 Duplicated implementation block across source files cmd/import-boss/main.go:1
LOW AIC003 Duplicated implementation block across source files cmd/gotemplate/gotemplate.go:6
LOW AIC003 Duplicated implementation block across source files cmd/gotemplate/gotemplate.go:3
LOW AIC003 Duplicated implementation block across source files cmd/gotemplate/gotemplate.go:2
LOW AIC003 Duplicated implementation block across source files cmd/gotemplate/gotemplate.go:1
LOW AIC003 Duplicated implementation block across source files cmd/genyaml/gen_kubectl_yaml.go:125
LOW AIC003 Duplicated implementation block across source files cmd/genyaml/gen_kubectl_yaml.go:2
LOW AIC003 Duplicated implementation block across source files cmd/genyaml/gen_kubectl_yaml.go:1
LOW AIC003 Duplicated implementation block across source files cmd/genswaggertypedocs/swagger_type_doc…:3
LOW AIC003 Duplicated implementation block across source files cmd/genswaggertypedocs/swagger_type_doc…:2
LOW AIC003 Duplicated implementation block across source files cmd/genman/gen_kube_man.go:3
LOW AIC003 Duplicated implementation block across source files cmd/genman/gen_kube_man.go:2
LOW AIC003 Duplicated implementation block across source files cmd/genman/gen_kube_man.go:1
LOW AIC003 Duplicated implementation block across source files cmd/genkubedocs/postprocessing.go:2
LOW AIC003 Duplicated implementation block across source files cmd/genkubedocs/postprocessing.go:1
LOW AIC003 Duplicated implementation block across source files cmd/genkubedocs/gen_kube_docs.go:2
LOW AIC003 Duplicated implementation block across source files cmd/genkubedocs/gen_kube_docs.go:1
LOW AIC003 Duplicated implementation block across source files cmd/gendocs/gen_kubectl_docs.go:2
LOW AIC003 Duplicated implementation block across source files cmd/fieldnamedocscheck/field_name_docs_…:2
LOW AIC003 Duplicated implementation block across source files cmd/dependencyverifier/dependencyverifi…:2
LOW AIC003 Duplicated implementation block across source files cmd/dependencycheck/dependencycheck.go:2
LOW AIC003 Duplicated implementation block across source files cmd/cloud-controller-manager/main.go:1
LOW AIC003 Duplicated implementation block across source files cmd/clicheck/check_cli_conventions.go:2
LOW AIC003 Duplicated implementation block across source files cluster/images/etcd-version-monitor/etc…:1
LOW DKR010 Dockerfile leaves apt package indexes in the image layer test/images/node-perf/npb-is/Dockerfile:18
LOW DKR010 Dockerfile leaves apt package indexes in the image layer test/images/node-perf/npb-ep/Dockerfile:18
LOW DKR010 Dockerfile leaves apt package indexes in the image layer test/images/agnhost/Dockerfile:25
LOW DKR010 Dockerfile leaves apt package indexes in the image layer cluster/gce/gci/mounter/Dockerfile:17
LOW DKR011 Dockerfile installs recommended OS packages test/images/node-perf/npb-is/Dockerfile:18
LOW DKR011 Dockerfile installs recommended OS packages test/images/node-perf/npb-ep/Dockerfile:18
LOW DKR011 Dockerfile installs recommended OS packages test/images/glibc-dns-testing/Dockerfile:32
LOW DKR011 Dockerfile installs recommended OS packages test/images/agnhost/Dockerfile:25
LOW DKR011 Dockerfile installs recommended OS packages cluster/gce/gci/mounter/Dockerfile:17
LOW AIC007 Generated build artifact directory is present at repository root build:1
LOW AIC002 Source file name looks like an AI patch artifact test/e2e/auth/per_node_update.go:1
LOW AIC002 Source file name looks like an AI patch artifact pkg/kubelet/types/pod_update.go:1
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. hack/verify-flags-underscore.py:74
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. cmd/preferredimports/preferredimports.go:134
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. cmd/kubelet/app/options/globalflags.go:55
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. cmd/kube-controller-manager/app/control…:145
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… cmd/kubeadm/app/cmd/phases/reset/cleanu…:142
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… cmd/genman/gen_kube_man.go:62
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… cmd/genkubedocs/gen_kube_docs.go:49
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cluster/gce/gci/master-helper.sh:215
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cluster/gce/gci/kube-master-internal-ro…:17
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cluster/gce/gci/flexvolume_node_setup.sh:136
Reset to top 5 176 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `kubernetes/kubernetes`

**Score: 87/100 (A-)**  ·  178 findings  ·  scanned 2026-06-05 05:10 UTC  ·  3,836,706 LOC

| Severity | Count |
|---|---|
| CRITICAL | 0 |
| HIGH | 52 |
| MEDIUM | 69 |
| LOW | 45 |

📊 [Full filterable report](https://repobility.com/scan/ff9a7d79-b095-4271-96e0-6710ec3d6b0f/)  ·  ![scorecard](https://repobility.com/scan/ff9a7d79-b095-4271-96e0-6710ec3d6b0f/report.png?v=1780636212-s2)

### Top findings

1. **HIGH** `MINED014` — Disabled Tls Verify
   `pkg/probe/http/http.go:41` · CWE-295 · ✓ Repobility
2. **HIGH** `SEC088` — Go: TLS InsecureSkipVerify=true
   `pkg/probe/http/http.go:41`
3. **HIGH** `SEC128` — Async function without await — fire-and-forget Promise (AI mistake)
   `pkg/controller/nodelifecycle/scheduler/rate_limited_queue.go:149`
4. **HIGH** `SEC128` — Async function without await — fire-and-forget Promise (AI mistake)
   `pkg/controller/job/tracking_utils.go:105`
5. **HIGH** `SEC128` — Async function without await — fire-and-forget Promise (AI mistake)
   `cmd/kubeadm/app/phases/controlplane/volumes.go:190`

---

**Security note**: this issue is public. If any flagged finding is a real, exploitable vulnerability, please redirect to your `SECURITY.md` policy or open a [private security advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) instead. We're happy to close this and re-submit privately.

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/ff9a7d79-b095-4271-96e0-6710ec3d6b0f/_
Already filed
'kubernetes' is on the known-megaproject org list. These projects use auto-triage bots and established security disclosure channels. Unsolicited automated issues from Repobility would be perceived as AI-generated spam. For security findings, follow the project's SECURITY.md policy. For non-security findings, open a focused PR or community discussion instead.
Already filed
This repo publishes a SECURITY.md policy and the scan contains 11 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'kubernetes/kubernetes' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
77/226 findings (34%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.