Home / containers / podman
Repository Analysis

containers/podman

Podman: A tool for managing OCI containers and pods.

3.6 Likely human-written View on GitHub
3.6
Adjusted Score
3.6
Raw Score
100%
Time Factor
2026-05-29
Last Push
31,840
Stars
Go
Language
333,196
Lines of Code
2133
Files
1163
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 14HIGH 4MEDIUM 29LOW 1116

Pattern Findings

1163 matches across 15 categories. Click a row to expand file-level details.

Over-Commented Block1039 hits · 828 pts
SeverityFileLineSnippet
LOWcmd/podman/inspect/inspect.go261// InspectNormalize modifies a given row string based on the specified inspect type.
LOWcmd/podman/machine/init.go261 }
LOWcmd/podman/machine/init.go281 // // Examples:
LOWcmd/podman/kube/play.go341 //
LOWcmd/podman/containers/cp.go241 hostBaseName = filepath.Base(hostInfo.LinkTarget)
LOWtest/system/helpers.network.bash121EOF
LOWtest/system/helpers.bash81 _LOG_PROMPT='#'
LOWtest/system/helpers.bash261 rm -f $mylocks
LOWtest/system/helpers.bash361 while read line; do
LOWtest/system/helpers.bash381# bats-1.11 to fix a more-than-one-slash-in-test-name bug, (2) as
LOWtest/system/helpers.bash501}
LOWtest/system/helpers.bash521#
LOWtest/system/helpers.bash961#########
LOWtest/system/helpers.bash1161# Optional 2nd argument is a message to display if warning is missing
LOWtest/system/helpers.bash1281#############################
LOWtest/system/helpers.registry.bash1# -*- bash -*-
LOWlibpod/runtime_ctr.go141
LOWlibpod/runtime_ctr.go681 IgnoreDeps bool
LOWlibpod/runtime_ctr.go741 // Don't need to do this in pod removal case - we're evicting the entire
LOWlibpod/runtime_ctr.go1061// EvictContainer removes the given container partial or full ID or name, and
LOWlibpod/container_internal_common.go881 // the path exists on the container.
LOWlibpod/container_internal_common.go2441
LOWlibpod/container_internal_common.go2561 s = strings.ReplaceAll(s, "$USERLIST", strings.Join(list, ","))
LOWlibpod/container_exec.go21 "go.podman.io/storage/pkg/stringid"
LOWlibpod/container_exec.go41 // exec session's first process when attaching. Only available if
LOWlibpod/container_exec.go61 // container.
LOWlibpod/container_config.go21// It is stored, read-only, on disk in Libpod's State.
LOWlibpod/container_config.go41
LOWlibpod/container_config.go61 LockID uint32 `json:"lockID"`
LOWlibpod/container_config.go101type ContainerRootFSConfig struct {
LOWlibpod/container_config.go121 // RootfsMapping specifies if there are mappings to apply to the rootfs.
LOWlibpod/container_config.go141 // is not mounted into the container. It will be removed when the
LOWlibpod/container_config.go161 // image volumes were handled in Libpod (support for these eventually
LOWlibpod/container_config.go181 Passwd *bool `json:"passwd,omitempty"`
LOWlibpod/container_config.go201 // MountLabel is the SELinux mount label for the container's root
LOWlibpod/container_config.go221 // AddCurrentUserPasswdEntry indicates that Libpod should ensure that
LOWlibpod/container_config.go241 UserNsCtr string `json:"userNsCtr,omitempty"`
LOWlibpod/container_config.go261 OldPortMappings []types.OCICNIPortMapping `json:"portMappings,omitempty"` //nolint:staticcheck
LOWlibpod/container_config.go281 // UseImageHostname indicates that /etc/hostname should not be
LOWlibpod/container_config.go301 // sure to not change the json tags.
LOWlibpod/container_config.go321}
LOWlibpod/container_config.go341}
LOWlibpod/container_config.go361 CgroupManager string `json:"cgroupManager,omitempty"`
LOWlibpod/container_config.go381 LogSize int64 `json:"logSize"`
LOWlibpod/container_config.go401 // OCIRuntime used to create the container
LOWlibpod/container_config.go421 HealthCheckOnFailureAction define.HealthCheckOnFailureAction `json:"healthcheck_on_failure_action"`
LOWlibpod/container_config.go441 // PreserveFD is a list of additional file descriptors (in addition
LOWlibpod/container_copy_common.go141 }
LOWlibpod/container_path_resolution.go21 // container's working dir. To be extra careful, let's first
LOWlibpod/oci_conmon_exec_common.go441 "args": args,
LOWlibpod/container_api.go81// Once in ContainerStateRunning, the container can be transitioned to
LOWlibpod/container_api.go281
LOWlibpod/container_api.go381
LOWlibpod/container_api.go881 }
LOWlibpod/container_api.go981 // TCPEstablished tells the API to checkpoint a container
LOWlibpod/container_api.go1001 // important to be able to restore a container multiple
LOWlibpod/container_api.go1021 CreateImage string
LOWlibpod/runtime.go101 // remove as much of the runtime as possible if they fail. This ensures
LOWlibpod/runtime.go661 return err
LOWlibpod/oci.go21type OCIRuntime interface { //nolint:interfacebloat
979 more matches not shown…
Hallucination Indicators14 hits · 165 pts
SeverityFileLineSnippet
CRITICALlibpod/container_internal_common.go719 cdi.WithSpecDirs(c.runtime.config.Engine.CdiSpecDirs.Get()...),
CRITICALlibpod/container_internal_common.go2205 nameservers := make([]string, 0, len(c.runtime.config.Containers.DNSServers.Get())+len(c.config.DNSServer))
CRITICALlibpod/container_internal_common.go2215 nameservers = append(nameservers, c.runtime.config.Containers.DNSServers.Get()...)
CRITICALlibpod/container_internal_common.go2240 if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches.Get()) > 0 {
CRITICALlibpod/container_internal_common.go2241 customSearch := make([]string, 0, len(c.config.DNSSearch)+len(c.runtime.config.Containers.DNSSearches.Get()))
CRITICALlibpod/container_internal_common.go2242 customSearch = append(customSearch, c.runtime.config.Containers.DNSSearches.Get()...)
CRITICALlibpod/container_internal_common.go2250 options := make([]string, 0, len(c.config.DNSOption)+len(c.runtime.config.Containers.DNSOptions.Get()))
CRITICALlibpod/container_internal_common.go2251 options = append(options, c.runtime.config.Containers.DNSOptions.Get()...)
CRITICALlibpod/networking_common.go51 nameservers := make([]string, 0, len(c.runtime.config.Containers.DNSServers.Get())+len(c.config.DNSServer))
CRITICALlibpod/networking_common.go52 nameservers = append(nameservers, c.runtime.config.Containers.DNSServers.Get()...)
CRITICALlibpod/kube.go1331 calculatedCaps := determineCapAddDropFromCapabilities(c.runtime.config.Containers.DefaultCapabilities.Get(), containerC
CRITICALlibpod/container_inspect_linux.go148 for _, cap := range c.runtime.config.Containers.DefaultCapabilities.Get() {
CRITICALlibpod/container_internal.go2452 if len(c.runtime.config.Engine.HooksDir.Get()) == 0 {
CRITICALlibpod/container_internal.go2474 manager, err := hooks.New(ctx, c.runtime.config.Engine.HooksDir.Get(), []string{"precreate", "poststop"})
AI Slop Vocabulary11 hits · 36 pts
SeverityFileLineSnippet
LOW.cirrus.yml62 # Curl-command prefix for downloading task artifacts, simply add the
MEDIUMcmd/podman-mac-helper/install.go197 // the entire installation path, and utilize sticky + read-only perms for the helper path
MEDIUMlibpod/healthcheck.go279 // is called. Fundamentally this is expected so switch it to exit 0.
MEDIUMlibpod/container_internal.go939// Note: this function is currently meant as a robust solution to a narrow problem: start an infra-container when
MEDIUMlibpod/lock/shm/shm_lock.c160 // Set mutexes to robust - if a process dies while holding a mutex, we'll get
MEDIUMcontrib/cirrus/lib.sh153 # Farm tests utilize the rootless user to simulate a "remote" podman instance.
MEDIUMpkg/systemd/generate/containers.go431 // make systemd units more robust as it allows them to
MEDIUMpkg/k8s.io/api/core/v1/types.go3377 // should be considered safe for load balancers and clients to utilize.
MEDIUMpkg/domain/infra/tunnel/runtime.go14// Image-related runtime using an ssh-tunnel to utilize Podman service
MEDIUMpkg/domain/infra/tunnel/runtime.go20// Container-related runtime using an ssh-tunnel to utilize Podman service
MEDIUMpkg/domain/infra/tunnel/runtime.go25// Container-related runtime using an ssh-tunnel to utilize Podman service
Self-Referential Comments10 hits · 29 pts
SeverityFileLineSnippet
MEDIUMcmd/podman/completion/completion.go90 "\n# This file is generated with %q; see: podman-completion(1)\n", cmd.CommandPath(),
MEDIUMtest/python/docker/compat/test_containers.py46 # Create a new container and validate the count
MEDIUMtest/system/helpers.bash794 # This function is intended to be used as '$(podman_runtime)', i.e.
MEDIUMtest/e2e/build_test.go1337# Create a summary file
MEDIUMdocs/source/conf.py25# Define the canonical URL for our custom docs.podman.io domain configured on Read the Docs
MEDIUMcontrib/cirrus/runner.sh354 # This file is collected and parsed by Cirrus-CI so must be in $GOSRC
MEDIUM.github/workflows/cherry-pick.yml144 # Create a new branch for the cherry-pick PR
MEDIUM.github/workflows/cherry-pick.yml282 # Create a new branch for the cherry-pick PR
MEDIUMpkg/systemd/parser/unitfile_test.go101# This file is part of systemd.
MEDIUMpkg/systemd/parser/unitfile_test.go170# This file is part of systemd.
Verbosity Indicators16 hits · 28 pts
SeverityFileLineSnippet
LOWlibpod/runtime_ctr.go142 // Step 1: Alter the config. Save the old name, we need it to rewrite
LOWlibpod/runtime_ctr.go147 // Step 2: rewrite the old container's config in the DB.
LOWlibpod/runtime_ctr.go156 // Step 3: rename the container in c/storage.
LOWlibpod/runtime_ctr.go874 // If we're not force-removing, we need to check if we're in a good
LOW.github/workflows/first_contrib_cert_generator.yml32 # Step 1: Check if this is the contributor's first merged PR.
LOW.github/workflows/first_contrib_cert_generator.yml56 # Step 2: Checkout the repository containing the certificate HTML file.
LOW.github/workflows/first_contrib_cert_generator.yml65 # Step 3: Update the HTML file locally
LOW.github/workflows/first_contrib_cert_generator.yml79 # Step 4: Setup Node.js environment
LOW.github/workflows/first_contrib_cert_generator.yml86 # Step 5: Install Puppeteer
LOW.github/workflows/first_contrib_cert_generator.yml92 # Step 6: Take a screenshot of the certificate div
LOW.github/workflows/first_contrib_cert_generator.yml120 # Step 7: Upload certificate image to separate repository
LOW.github/workflows/first_contrib_cert_generator.yml223 # Step 8: Comment on Pull Request with embedded image
LOW.github/workflows/first_contrib_cert_generator.yml275 # Step 9: Clean up temporary files
LOWpkg/util/utils.go442 // Step 1: Remove extension regions from mapping
LOWpkg/specgen/generate/kube/kube.go530 // If the container has bind mounts, we need to check if
LOWpkg/api/handlers/utils/images.go277 // We need to check if no progress was sent previously. In that case, we should only return the base error message.
Hyper-Verbose Identifiers26 hits · 26 pts
SeverityFileLineSnippet
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py188 def test_add_with_annotations(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py295 def test_add_append_with_type_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py318 def test_add_with_append_to_missing_artifact_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py337 def test_add_without_name_and_filename_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py355 def test_add_local_with_not_existing_file(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py378 def test_add_local_with_not_absolute_path(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py441 def test_inspect_absent_artifact_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py525 def test_pull_unauthorised_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py686 def test_remove_absent_artifact_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py743 def test_push_missing_artifact(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_artifact.py815 def test_extract_absent_fails(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py45 def test_list_filters_label_not(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py281 def test_create_duplicate_name(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py441 def test_host_config_port_bindings(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py478 def test_host_config_cgroupns_mode(self):
LOWtest/apiv2/python/rest_api/test_v2_0_0_volume.py126 def test_volume_label_override(self):
LOWtest/python/docker/compat/test_images.py79 def test_get_image_exists_not(self):
LOWtest/python/docker/compat/test_images.py128 def test_build_image_via_api_client(self):
LOWtest/python/docker/compat/test_containers.py51 def test_start_container_with_random_port_bind(self):
LOWtest/python/docker/compat/test_containers.py96 def test_remove_container_without_force(self):
LOWtest/python/docker/compat/test_containers.py121 def test_pause_stopped_container(self):
LOWtest/python/docker/compat/test_containers.py210 def test_mount_preexisting_dir(self):
LOWtest/python/docker/compat/test_containers.py229 def test_non_existent_workdir(self):
LOWtest/python/docker/compat/test_containers.py268 def test_mount_options_by_default(self):
LOWtest/python/docker/compat/test_containers.py312 def test_container_inspect_compatibility(self):
LOWtest/python/docker/compat/test_system.py23 def test_info_container_details(self):
Redundant / Tautological Comments12 hits · 18 pts
SeverityFileLineSnippet
LOWtest/system/helpers.bash1173# Set PODMAN_TEST_DEBUG to the name of one or more functions you want to debug
LOWtest/system/helpers.bash1188 # Check if our calling function matches any of the desired strings
LOWtest/system/helpers.systemd.bash120 # Check if this is a template unit (ends with @)
LOWhack/install_golangci.sh29# Check if it's already installed globally.
LOWhack/branch_commits.rb15# Check if a given Git branch exists
LOWcontrib/packit-tmt/packit-rpm-git-commit.sh10# Set path to rpm spec file
LOW.github/workflows/cherry-pick.yml49 # Check if user has write permission to the repository
LOW.github/workflows/cherry-pick.yml102 # Check if branch exists
LOW.github/workflows/cherry-pick.yml122 # Check if branch exists
LOW.github/workflows/cherry-pick.yml271 # Check if branch exists
LOW.github/workflows/assign.yml22 # Check if issue has any assignees
LOW.github/workflows/update-podmanio.yml94 # Check if version is actually higher than one on podman.io
Cross-File Repetition3 hits · 15 pts
SeverityFileLineSnippet
HIGHtest/python/docker/compat/test_images.py0integration tests for exercising docker-py against podman service.
HIGHtest/python/docker/compat/test_containers.py0integration tests for exercising docker-py against podman service.
HIGHtest/python/docker/compat/test_system.py0integration tests for exercising docker-py against podman service.
Dead Code6 hits · 12 pts
SeverityFileLineSnippet
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py188
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py189
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py190
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py192
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py193
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_image.py196
Excessive Try-Catch Wrapping7 hits · 10 pts
SeverityFileLineSnippet
LOWtroubleshooting.md885 except Exception as e:
LOWtroubleshooting.md912 except Exception as e:
MEDIUMtroubleshooting.md875def reload_podman_network():
MEDIUMtroubleshooting.md899def signal_listener():
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py388 except Exception:
MEDIUMtest/apiv2/python/rest_api/test_v2_0_0_container.py379def _impl(fifo, stop):
LOWtest/apiv2/python/rest_api/v1_test_rest_v1_0_0.py34 except Exception as e:
Unused Imports10 hits · 10 pts
SeverityFileLineSnippet
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py1
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py2
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py6
LOWtest/apiv2/python/rest_api/v1_test_rest_v1_0_0.py3
LOWtest/apiv2/python/rest_api/v1_test_rest_v1_0_0.py4
LOWtest/apiv2/python/rest_api/v1_test_rest_v1_0_0.py5
LOWtest/apiv2/python/rest_api/v1_test_rest_v1_0_0.py10
LOWtest/python/docker/__init__.py4
LOWtest/compose/simple_port_map/frontend/app.py2
LOWcontrib/cirrus/cirrus_yaml_test.py7
Synthetic Comment Markers1 hit · 8 pts
SeverityFileLineSnippet
HIGHpkg/k8s.io/api/apps/v1/types.go42// - Storage: As many VolumeClaims as requested.
Deep Nesting4 hits · 4 pts
SeverityFileLineSnippet
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py373
LOWtest/apiv2/python/rest_api/test_v2_0_0_container.py379
LOWtest/python/docker/compat/test_containers.py312
LOWcontrib/cirrus/cirrus_yaml_test.py74
Fake / Example Data3 hits · 3 pts
SeverityFileLineSnippet
LOWtest/e2e/image_sign_test.go52 session := podmanTest.Podman([]string{"image", "sign", "--directory", sigDir, "--sign-by", "foo@bar.com", "docker://li
LOWtest/e2e/image_sign_test.go68 session := podmanTest.Podman([]string{"image", "sign", "--all", "--directory", sigDir, "--sign-by", "foo@bar.com", "do
LOWtest/e2e/save_test.go180 session = podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--sign-by", "foo@bar.com", pushedImage})
Slop Phrases1 hit · 2 pts
SeverityFileLineSnippet
LOWpkg/domain/infra/abi/play.go63 // Make sure to replace the service container as well if requested by