← Legacy view v2 (rp.*)

abdelkader/vcardeditor

https://github.com/abdelkader/vCardEditor · lang: csharp · LOC: · source: user_submitted

Quality

56.0

Grade C

Security

100.0

Findings

0 critical · 5 high

Status

completed

Jun 4, 2026 11:59

high: 5 info: 1 low: 1 medium: 1

Top rules by occurrence

Rule	Severity	Count
`MINED115` GitHub Action pinned to mutable ref (not 40-char SHA)	high	3
`CORE_NO_LICENSE` No LICENSE file	low	1
`MINED047` Emoji In Source	info	1
`CORE_NO_TESTS` No test files found	high	1
`SEC128` Async function without await — fire-and-forget Promise (AI …	high	1
`SEC134` AI scaffold leftover — Lorem ipsum / example.com / John Doe…	medium	1

First 8 findings (severity-sorted)

high CORE_NO_TESTS No test files found

No test files found

high MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) CWE-829

.github/workflows/main.yml:28 · conf 0.90

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…

high MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) CWE-829

.github/workflows/main.yml:47 · conf 0.90

[MINED115] Action `microsoft/setup-msbuild` pinned to mutable ref `@v2`: `uses: microsoft/setup-msbuild@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…

high MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) CWE-829

.github/workflows/main.yml:113 · conf 0.90

[MINED115] Action `softprops/action-gh-release` pinned to mutable ref `@v1`: `uses: softprops/action-gh-release@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action own…

high SEC128 Async function without await — fire-and-forget Promise (AI mistake)

vCardEditor/View/QRDialog.cs:82 · conf 1.00

[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…

medium SEC134 AI scaffold leftover — Lorem ipsum / example.com / John Doe in code

vCardEditor_Test/ContactRepositoryTest.cs:196 · conf 1.00

[SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't…

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

info MINED047 Emoji In Source

vCardEditor_Test/ContactRepositoryTest.cs:55 · conf 1.00

[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/eef0f69c-315e-434c-957c-e47731511811/.