← Legacy view v2 (rp.*)

langchain-ai/langchain

https://github.com/langchain-ai/langchain.git · lang: python · LOC: · source: both

Quality

76.5

Grade B+

Security

100.0

Findings

22

0 critical · 1 high

Status

completed

May 17, 2026 20:12

low: 18 medium: 3 high: 1

Top rules by occurrence

Rule	Severity	Count
`AIC003` Duplicated implementation block across source files	low	17
`AGT012` Agent control bridge may listen on a network interface with…	medium	1
`AUC001` [AUC001] No Repobility access matrix policy found: The repo…	medium	1
`CFG006` [CFG006] Missing .gitignore: No .gitignore file. Risk of co…	medium	1
`AIC002` Source file name looks like an AI patch artifact	low	1
`SEC029` Server-Side Request Forgery (SSRF) — outbound HTTP from use…	high	1

First 22 findings (severity-sorted)

high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input

.github/scripts/get_min_versions.py:51 · conf 1.00

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

medium AGT012 Agent control bridge may listen on a network interface without visible auth

libs/core/langchain_core/_security/_policy.py:4 · conf 0.72

Agent control bridge may listen on a network interface without visible auth

medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

· conf 0.92

[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

· conf 1.00

[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

low AIC002 Source file name looks like an AI patch artifact

libs/core/langchain_core/messages/block_translators/langchain_v0.py:1 · conf 0.62

Source file name looks like an AI patch artifact

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/_api/deprecation.py:159 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/base.py:99 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/block_translators/bedrock_converse.py:9 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/block_translators/groq.py:8 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/human.py:21 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/system.py:20 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/system.py:21 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/messages/tool.py:104 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/fallbacks.py:104 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/graph_mermaid.py:53 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/passthrough.py:303 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/passthrough.py:305 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/router.py:67 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/runnables/router.py:72 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/tools/structured.py:52 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/tracers/event_stream.py:523 · conf 0.86

Duplicated implementation block across source files

low AIC003 Duplicated implementation block across source files

libs/core/langchain_core/utils/iter.py:75 · conf 0.86

Duplicated implementation block across source files

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/cff7a5c6-b915-422d-8426-534920da719d/.