← Legacy view v2 (rp.*)

huggingface/transformers

https://github.com/huggingface/transformers.git · lang: python · LOC: · source: both

Quality
87.2
Grade A-
Security
100.0
Findings
164
0 critical · 14 high
Status
completed
May 17, 2026 20:10
low: 113 medium: 37 high: 14
Top rules by occurrence
RuleSeverityCount
AIC002 Source file name looks like an AI patch artifact low 30
AIC003 Duplicated implementation block across source files low 30
DKR012 Dockerfile keeps pip download cache low 24
DKR001 Docker final stage has no non-root USER medium 12
DKR011 Dockerfile installs recommended OS packages low 11
AIC005 Duplicate top-level symbol appears in a patch-style file low 7
DKR009 Dockerfile separates apt update from install medium 6
DKC006 Compose service does not declare a runtime user low 4
DKC010 Compose service lacks no-new-privileges hardening low 4
SEC011 Unsafe PyTorch Model Loading medium 3
First 164 findings (severity-sorted)
high DKR006 Dockerfile pipes a remote script into a shell
docker/transformers-intel-cpu/Dockerfile:40 · conf 0.92 
Dockerfile pipes a remote script into a shell
high DKR006 Dockerfile pipes a remote script into a shell
docker/transformers-pytorch-xpu/Dockerfile:60 · conf 0.92 
Dockerfile pipes a remote script into a shell
high DKR014 Dockerfile copies the entire context without .dockerignore
docker/transformers-gpu/Dockerfile:27 · conf 0.92 
Dockerfile copies the entire context without .dockerignore
high SEC013 Path Traversal — User Input in File Path
examples/modular-transformers/modeling_test_detr.py:1258 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
high SEC013 Path Traversal — User Input in File Path
src/transformers/data/processors/utils.py:119 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
high SEC013 Path Traversal — User Input in File Path
src/transformers/models/beit/modeling_beit.py:628 · conf 0.80 
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
high SEC016 LLM Prompt Injection — User Input in AI Prompt
src/transformers/models/openai/convert_openai_original_tf_checkpoint_to_pytorch.py:46 · conf 0.90 
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…
high SEC020 Secret Printed to Logs
examples/pytorch/transformers_serve_cb_eval_job.py:179 · conf 0.85 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
high SEC020 Secret Printed to Logs
src/transformers/generation/continuous_batching/model_runner.py:266 · conf 0.85 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
high SEC020 Secret Printed to Logs
src/transformers/generation/continuous_batching/requests.py:263 · conf 0.85 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/transformers/integrations/integration_utils.py:2562 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/transformers/models/audio_spectrogram_transformer/convert_audio_spectrogram_transformer_original_to_pytorch.py:187 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/transformers/models/beit/convert_beit_unilm_to_pytorch.py:243 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC035 Unbounded Resource Allocation — DoS risk
examples/pytorch/image-pretraining/run_mim_no_trainer.py:670 · conf 1.00 
[SEC035] Unbounded Resource Allocation — DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust …
medium DKR001 Docker final stage has no non-root USER
docker/transformers-all-latest-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-doc-builder/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-intel-cpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-amd-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-deepspeed-amd-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-deepspeed-latest-gpu/Dockerfile:2 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-deepspeed-nightly-gpu/Dockerfile:2 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-tpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-pytorch-xpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
docker/transformers-quantization-latest-gpu/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR003 Dockerfile base image uses the latest tag
examples/metrics-monitoring/docker-compose.yml:10 · conf 0.94 
Compose service `prometheus` image uses the latest tag
medium DKR003 Dockerfile base image uses the latest tag
examples/metrics-monitoring/docker-compose.yml:23 · conf 0.94 
Compose service `tempo` image uses the latest tag
medium DKR003 Dockerfile base image uses the latest tag
examples/metrics-monitoring/docker-compose.yml:38 · conf 0.94 
Compose service `grafana` image uses the latest tag
medium DKR007 Docker build context has no .dockerignore
.dockerignore · conf 0.90 
Docker build context has no .dockerignore
medium DKR009 Dockerfile separates apt update from install
docker/transformers-all-latest-gpu/Dockerfile:21 · conf 0.86 
Dockerfile separates apt update from install
medium DKR009 Dockerfile separates apt update from install
docker/transformers-doc-builder/Dockerfile:4 · conf 0.86 
Dockerfile separates apt update from install
medium DKR009 Dockerfile separates apt update from install
docker/transformers-intel-cpu/Dockerfile:13 · conf 0.86 
Dockerfile separates apt update from install
medium DKR009 Dockerfile separates apt update from install
docker/transformers-pytorch-gpu/Dockerfile:6 · conf 0.86 
Dockerfile separates apt update from install
medium DKR009 Dockerfile separates apt update from install
docker/transformers-pytorch-xpu/Dockerfile:20 · conf 0.86 
Dockerfile separates apt update from install
medium DKR009 Dockerfile separates apt update from install
docker/transformers-quantization-latest-gpu/Dockerfile:16 · conf 0.86 
Dockerfile separates apt update from install
medium DKR013 Dockerfile ADD downloads remote content
docker/transformers-pytorch-amd-gpu/Dockerfile:32 · conf 0.84 
Dockerfile ADD downloads remote content
medium DKR013 Dockerfile ADD downloads remote content
docker/transformers-pytorch-deepspeed-amd-gpu/Dockerfile:38 · conf 0.84 
Dockerfile ADD downloads remote content
medium SEC007 Unsafe Deserialization
src/transformers/models/marian/convert_marian_to_pytorch.py:107 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
src/transformers/models/maskformer/convert_maskformer_resnet_to_pytorch.py:282 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
src/transformers/models/maskformer/convert_maskformer_swin_to_pytorch.py:251 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC011 Unsafe PyTorch Model Loading
src/transformers/modeling_utils.py:380 · conf 1.00 
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.
medium SEC011 Unsafe PyTorch Model Loading
src/transformers/models/autoformer/modeling_autoformer.py:1297 · conf 1.00 
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.
medium SEC011 Unsafe PyTorch Model Loading
src/transformers/models/bamba/convert_mamba_ssm_checkpoint.py:214 · conf 1.00 
[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files.
medium SEC012 ZipSlip — Archive Path Traversal
src/transformers/models/marian/convert_marian_to_pytorch.py:694 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
medium SEC012 ZipSlip — Archive Path Traversal
src/transformers/models/parakeet/convert_nemo_to_hf.py:72 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
medium SEC017 Unbounded Input to LLM/External API
src/transformers/models/openai/convert_openai_original_tf_checkpoint_to_pytorch.py:46 · conf 0.80 
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…
medium SEC031 Catastrophic Backtracking Regex (ReDoS)
src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:225 · conf 1.00 
[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit expon…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
benchmark_v2/run_benchmarks.py:84 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
examples/pytorch/continuous_batching.py:289 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
examples/pytorch/image-classification/run_image_classification_no_trainer.py:491 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deberta_v2/configuration_deberta_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deberta_v2/modeling_deberta_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deberta_v2/tokenization_deberta_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v2/configuration_deepseek_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v2/modeling_deepseek_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v3/configuration_deepseek_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v4/configuration_deepseek_v4.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v4/modeling_deepseek_v4.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/deepseek_v4/modular_deepseek_v4.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hgnet_v2/configuration_hgnet_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hgnet_v2/modeling_hgnet_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/higgs_audio_v2/configuration_higgs_audio_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/higgs_audio_v2/generation_higgs_audio_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/higgs_audio_v2/processing_higgs_audio_v2.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hy_v3/configuration_hy_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hy_v3/modeling_hy_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/hy_v3/modular_hy_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/jina_embeddings_v3/configuration_jina_embeddings_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/mobilenet_v1/configuration_mobilenet_v1.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/mobilenet_v1/image_processing_mobilenet_v1.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/mobilenet_v1/image_processing_pil_mobilenet_v1.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC002 Source file name looks like an AI patch artifact
src/transformers/models/mobilenet_v1/modeling_mobilenet_v1.py:1 · conf 0.62 
Source file name looks like an AI patch artifact
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:29 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:116 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v3/configuration_deepseek_v3.py:28 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:32 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:35 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:212 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:20 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:100 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/configuration_higgs_audio_v2.py:82 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:39 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:51 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:25 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:79 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:266 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/configuration_hy_v3.py:34 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modeling_hy_v3.py:31 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modeling_hy_v3.py:75 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modeling_hy_v3.py:154 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modular_hy_v3.py:33 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modular_hy_v3.py:62 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modular_hy_v3.py:125 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/hy_v3/modular_hy_v3.py:202 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:66 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:95 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:190 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:38 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:71 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:122 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:123 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/transformers/models/mobilenet_v2/image_processing_pil_mobilenet_v2.py:30 · conf 0.86 
Duplicated implementation block across source files
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/deberta_v2/modeling_deberta_v2.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/deepseek_v2/configuration_deepseek_v2.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/deepseek_v2/modeling_deepseek_v2.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/mobilenet_v1/modeling_mobilenet_v1.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/pp_doclayout_v2/modeling_pp_doclayout_v2.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC005 Duplicate top-level symbol appears in a patch-style file
src/transformers/models/seamless_m4t_v2/modeling_seamless_m4t_v2.py:1 · conf 0.64 
Duplicate top-level symbol appears in a patch-style file
low AIC009 Multiple AI-agent scaffold marker files are present
.github/copilot-instructions.md:1 · conf 0.68 
Multiple AI-agent scaffold marker files are present
low DKC006 Compose service does not declare a runtime user
examples/metrics-monitoring/docker-compose.yml:1 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
examples/metrics-monitoring/docker-compose.yml:10 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
examples/metrics-monitoring/docker-compose.yml:23 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
examples/metrics-monitoring/docker-compose.yml:38 · conf 0.56 
Compose service does not declare a runtime user
low DKC010 Compose service lacks no-new-privileges hardening
examples/metrics-monitoring/docker-compose.yml:1 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
examples/metrics-monitoring/docker-compose.yml:10 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
examples/metrics-monitoring/docker-compose.yml:23 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
examples/metrics-monitoring/docker-compose.yml:38 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKR010 Dockerfile leaves apt package indexes in the image layer
docker/transformers-intel-cpu/Dockerfile:8 · conf 0.74 
Dockerfile leaves apt package indexes in the image layer
low DKR010 Dockerfile leaves apt package indexes in the image layer
docker/transformers-pytorch-tpu/Dockerfile:10 · conf 0.74 
Dockerfile leaves apt package indexes in the image layer
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-all-latest-gpu/Dockerfile:22 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-doc-builder/Dockerfile:12 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-gpu/Dockerfile:5 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-intel-cpu/Dockerfile:8 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-deepspeed-latest-gpu/Dockerfile:12 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-deepspeed-nightly-gpu/Dockerfile:11 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-gpu/Dockerfile:7 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-tpu/Dockerfile:33 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-xpu/Dockerfile:10 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-pytorch-xpu/Dockerfile:45 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
docker/transformers-quantization-latest-gpu/Dockerfile:17 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR012 Dockerfile keeps pip download cache
docker/transformers-all-latest-gpu/Dockerfile:74 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-doc-builder/Dockerfile:10 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-doc-builder/Dockerfile:18 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:47 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:49 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:50 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:51 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:52 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:53 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-intel-cpu/Dockerfile:56 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-deepspeed-latest-gpu/Dockerfile:46 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-gpu/Dockerfile:29 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-tpu/Dockerfile:33 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-tpu/Dockerfile:50 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:67 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:68 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:74 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:75 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:76 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:77 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:78 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:81 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:84 · conf 0.72 
Dockerfile keeps pip download cache
low DKR012 Dockerfile keeps pip download cache
docker/transformers-pytorch-xpu/Dockerfile:87 · conf 0.72 
Dockerfile keeps pip download cache

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/27ddd460-787e-4a71-a753-7f661c746582/.