← Legacy view v2 (rp.*)

shanto5051/fraudwatch

https://github.com/shanto5051/fraudwatch.git · lang: typescript · LOC: · source: user_submitted

Quality

53.9

Grade C-

Security

95.9

Findings

0 critical · 2 high

Status

completed

May 28, 2026 14:43

low: 5 medium: 4 high: 2

Top rules by occurrence

Rule	Severity	Count
`WEB008` Public docs site has no llms.txt	low	1
`CORE_NO_LICENSE` No LICENSE file	low	1
`AUC005` [AUC005] No authorization-focused tests detected: No test f…	low	1
`AUC001` [AUC001] No Repobility access matrix policy found: The repo…	medium	1
`CORE_NO_CI` No CI/CD configuration found	medium	1
`WEB003` Public web service has no security.txt	medium	1
`SEC029` Server-Side Request Forgery (SSRF) — outbound HTTP from use…	high	1
`CORE_NO_TESTS` No test files found	high	1
`WEB015` Public web app has no Content Security Policy	medium	1
`WEB011` Public web app has no humans.txt	low	1

First 11 findings (severity-sorted)

high CORE_NO_TESTS No test files found

No test files found

high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input

middleware.ts:81 · conf 1.00

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

· conf 0.92

[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

medium CORE_NO_CI No CI/CD configuration found

No CI/CD configuration found

medium WEB003 Public web service has no security.txt

.well-known/security.txt · conf 0.78

Public web service has no security.txt

medium WEB015 Public web app has no Content Security Policy

index.html · conf 0.70

Public web app has no Content Security Policy

low AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

· conf 0.76

[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

low WEB002 Public web app has no sitemap

sitemap.xml · conf 0.72

Public web app has no sitemap

low WEB008 Public docs site has no llms.txt

llms.txt · conf 0.64

Public docs site has no llms.txt

low WEB011 Public web app has no humans.txt

humans.txt · conf 0.50

Public web app has no humans.txt

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/f09b7604-a391-47c3-a97a-c953f51192d1/.