Home / emqx / emqx
Repository Analysis

emqx/emqx

The most scalable and reliable MQTT broker for AI, IoT, IIoT and connected vehicles

6.6 Low AI signal View on GitHub
6.6
Adjusted Score
6.6
Raw Score
100%
Time Factor
2026-05-29
Last Push
16,325
Stars
Erlang
Language
73,900
Lines of Code
1294
Files
330
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 1MEDIUM 85LOW 244

Pattern Findings

330 matches across 14 categories. Click a row to expand file-level details.

Decorative Section Separators72 hits · 222 pts
SeverityFileLineSnippet
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg1##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg3##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg17##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg19##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg36##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/dex/haproxy.cfg38##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg1##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg3##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg17##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg19##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg30##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg32##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg45##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg47##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg80##----------------------------------------------------------------
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg82##----------------------------------------------------------------
MEDIUMplugins/emqx_agent/demo_builder_init.py69# ── HTTP helpers ──────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py117# ── Cleanup ───────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py151# ── Connections ────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py176# ── AI providers ───────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py195# ── Skills ─────────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py225# ── Builder prompt ─────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py450# ── Pipeline ───────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py496# ── Database setup ────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_builder_init.py534# ── Main ───────────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_apple_box_init.py103# ── HTTP helpers ──────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_apple_box_init.py161# ── Database setup ─────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/demo_apple_box_init.py213# ── Skills ─────────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/priv/builder.html361 // ── Connection ──────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/priv/builder.html420 // ── Sending ──────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/priv/builder.html445 // ── Rendering ────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_agent/priv/builder.html535 // ── Misc ─────────────────────────────────────────────────────────────────────
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh80## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh82## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh96## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh98## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh140## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh142## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh170## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh172## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh186## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh188## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh193## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh195## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh200## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh202## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh210## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh212## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh231## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh233## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh102## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh104## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh116## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh118## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh161## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh163## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh182## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh184## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh196## ================================================================
MEDIUMplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh198## ================================================================
12 more matches not shown…
Over-Commented Block152 hits · 109 pts
SeverityFileLineSnippet
LOW.ci/docker-compose-file/docker-compose-keycloak.yaml1# Keycloak IDP for SAML SSO integration tests
LOW.ci/docker-compose-file/docker-compose-doris-tls.yaml1## N.B.
LOW.ci/docker-compose-file/docker-compose-otel.yaml61# driver: default
LOW.ci/docker-compose-file/docker-compose-influxdb-v3.yaml61# - subnet: 172.100.239.0/24
LOW…i/docker-compose-file/docker-compose-influxdb-tls.yaml21 - "./influxdb/setup-v1.sh:/docker-entrypoint-initdb.d/setup-v1.sh"
LOW…er-compose-file/docker-compose-elastic-search-tls.yaml81 - emqx_bridge
LOW…er-compose-file/docker-compose-elastic-search-tls.yaml101 # test:
LOW.ci/docker-compose-file/docker-compose-iceberg.yaml1## https://github.com/databricks/docker-spark-iceberg/blob/60754a31cbb2cea7eead2a16702f5c536a8e07ce/docker-compose.yml
LOW.ci/docker-compose-file/docker-compose-iceberg.yaml21services:
LOW…i/docker-compose-file/docker-compose-influxdb-tcp.yaml21 networks:
LOW.ci/docker-compose-file/docker-compose-quasardb.yaml21 # docker run -it --rm --network emqx_bridge --name qdbsh bureau14/qdbsh --cluster qdb://172.100.239.30:2836
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml1# Cassandra storage config YAML
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml21# on subsequent starts, this setting will apply even if initial token is set.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml41# that do not have vnodes enabled.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml61# are two nodes in the cluster, each delivery thread will use the maximum
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml81
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml101# Please increase system_auth keyspace replication factor if you use this authenticator.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml121# - CassandraRoleManager stores role data in the system_auth keyspace. Please
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml141# Validity period for permissions cache (fetching permissions can be an
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml161# underlying table, it may not bring a significant reduction in the
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml181# compatibility include RandomPartitioner, ByteOrderedPartitioner, and
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml201cdc_enabled: false
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml221# can still be inspected via JMX, kill the JVM for errors during startup.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml241# stop_commit
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml261# Do only change the default value, if you really have more prepared statements than
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml281# time it saves, so it's worthwhile to use it at large numbers.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml301
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml321# headroom for OS block level cache. Do never allow your system to swap.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml341#
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml361
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml381#
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml401# NOTE: If max_mutation_size_in_kb is set explicitly then commitlog_segment_size_in_mb must
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml421 - class_name: org.apache.cassandra.locator.SimpleSeedProvider
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml441
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml461
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml481# mean larger flushes and hence less compaction, but also less concurrent
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml501# Total space to use for commit logs on disk.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml521#
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml541# Total space to use for change-data-capture logs on disk.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml561# more than this amount of memory.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml581
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml601# Set listen_address OR listen_interface, not both. Interfaces must correspond
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml621# listen_on_broadcast_address: false
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml641native_transport_port_ssl: 9142
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml661# Whether to start the thrift rpc server.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml681
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml701#
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml721
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml741# and when not setting it it is defined by net.ipv4.tcp_wmem
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml761# responsibility.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml781# and looking up rows withing the partition by collation column
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml801# during a single long running compactions. The default is usually
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml821# When compacting, the replacement sstable(s) can be opened before they
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml841# How long the coordinator should wait for read operations to complete
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml861# can be identified. Set this value to zero to disable slow query logging.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml881
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml901# if you need to add another datacenter are GossipingPropertyFileSnitch
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml921# PropertyFileSnitch:
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml941# Proximity is determined by rack and data center, which are
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml961# expressed as a double which represents a percentage. Thus, a value of
92 more matches not shown…
Redundant / Tautological Comments19 hits · 33 pts
SeverityFileLineSnippet
LOWscripts/check-api-scopes.sh26 # Check if the file exports scopes/0
LOWscripts/find_apps.py55 # Check if mix.exs at root is changed
LOWscripts/find_apps.py59 # Check if .github or .ci directories are changed
LOWscripts/find-suites.sh31 # Check if path prefix is present
LOWscripts/find-suites.sh36 # Check if suffix is present
LOWscripts/test/test_emqx_boot.py99 # Check if error message is in output before timeout
LOWscripts/test/test_emqx_boot.py288 # Check if error message is in output before timeout
LOWscripts/test/emqx-smoke-test.sh11## Check if EMQX is responding
LOWscripts/test/emqx-smoke-test.sh38## Check if the API spec explorer is available
LOWscripts/test/emqx-smoke-test.sh56## Check if the swagger.json contains hidden fields
LOWscripts/sbom/convert_cdx_to_spdx.py52 # Check if it's already a valid SPDX identifier (contains -)
LOWscripts/sbom/convert_cdx_to_spdx.py59 # Check if it looks like a valid SPDX ID (contains version number with dash)
LOWscripts/sbom/generate_sbom.sh105# Check if converter script exists
LOWscripts/sbom/generate_sbom.sh111# Check if filter script exists
LOWscripts/sbom/generate_sbom.sh117# Check if report script exists
LOWscripts/sbom/filter_and_enrich.py345 # Check if package already has license
LOWscripts/rel/cut.sh201## Check if all upstream branches are merged
LOWscripts/rel/cut.sh208## Check if the Chart versions are in sync
LOWscripts/rel/cut.sh211## Check if app versions are bumped
Excessive Try-Catch Wrapping19 hits · 30 pts
SeverityFileLineSnippet
LOWplugins/emqx_agent/demo_builder_init.py566 except Exception as e:
LOWplugins/emqx_agent/demo_teardown.py185 except Exception as e:
LOWplugins/emqx_agent/demo_teardown.py195 except Exception as e:
LOWplugins/emqx_agent/demo_apple_box_init.py423 except Exception as e:
LOWscripts/demo-lwm2m-blockwise-wakaama.sh435 except Exception:
MEDIUMscripts/demo-lwm2m-blockwise-wakaama.sh432def on_message(client, userdata, msg):
MEDIUMscripts/find_apps.py204 print("Error: --base-ref requires a value", file=sys.stderr)
LOWscripts/test/test_find_apps.py34 except Exception:
LOWscripts/test/test_find_apps.py137 except Exception:
LOWscripts/test/test_find_apps.py159 except Exception as e:
MEDIUMscripts/sbom/convert_cdx_to_spdx.py305 print(f"Error: Input file not found: {args.input}", file=sys.stderr)
LOWscripts/sbom/convert_cdx_to_spdx.py315 except Exception as e:
MEDIUMscripts/sbom/convert_cdx_to_spdx.py316 print(f"Error converting SBOM: {e}", file=sys.stderr)
LOWscripts/sbom/filter_and_enrich.py207 except Exception as e:
LOWscripts/sbom/filter_and_enrich.py291 except Exception as e:
MEDIUMscripts/sbom/generate_text_report.py17 print("Error: spdx-tools is not installed. Please install it with: pip install spdx-tools", file=sys.stderr)
MEDIUMscripts/sbom/generate_text_report.py66 print(f"Error: Input file not found: {args.input}", file=sys.stderr)
LOWscripts/sbom/generate_text_report.py76 except Exception as e:
MEDIUMscripts/sbom/generate_text_report.py77 print(f"Error: Failed to generate text report using spdx-tools: {e}", file=sys.stderr)
Hyper-Verbose Identifiers23 hits · 23 pts
SeverityFileLineSnippet
LOWplugins/emqx_unsgov/priv/ui.html1560 function flattenTreeFiltersFromChildren(children, prefix, out) {
LOWplugins/emqx_agent/demo_apple_box_init.py151def deactivate_pipeline_maybe(pid: str) -> None:
LOWplugins/emqx_agent/priv/ui/skills.js119export function defaultPublishInputSchema() {
LOWscripts/test/test_emqx_boot.py43def test_profile_defaults_to_emqx_enterprise():
LOWscripts/test/test_emqx_boot.py50def test_emqx_boot_with_invalid_node_name(emqx_bin_path):
LOWscripts/test/test_emqx_boot.py68def test_corrupted_cluster_override_conf(emqx_bin_path, emqx_rel_path):
LOWscripts/test/test_emqx_boot.py120def test_corrupted_cluster_hocon(emqx_bin_path, emqx_rel_path):
LOWscripts/test/test_emqx_boot.py155def test_corrupted_base_hocon(emqx_bin_path, emqx_rel_path):
LOWscripts/test/test_emqx_boot.py314def test_acl_file_read_permission_failure(emqx_bin_path, emqx_rel_path):
LOWscripts/test/test_emqx_boot.py335def test_acl_file_corrupted_content(emqx_bin_path, emqx_rel_path):
LOWscripts/test/test_find_apps.py261def test_change_app_used_by_others(project_root: Path, original_head: str):
LOWscripts/test/test_find_apps.py285def test_change_app_used_by_all(project_root: Path, original_head: str):
LOWscripts/test/test_find_apps.py311def test_change_app_used_by_none(project_root: Path, original_head: str):
LOWscripts/test/test_find_apps.py331def test_change_multiple_apps(project_root: Path, original_head: str):
LOWscripts/test/test_find_apps.py353def test_change_docker_plugin(project_root: Path, original_head: str):
LOWscripts/test/test_find_apps.py448def test_change_github_directory(project_root: Path, original_head: str):
LOWscripts/sbom/convert_cdx_to_spdx.py84def generate_spdx_id_from_bom_ref(bom_ref: str, component: Dict[str, Any] = None, spdx_id_prefix: str = "SPDXRef-") -> s
LOWscripts/sbom/convert_cdx_to_spdx.py107def convert_component_to_spdx_package(component: Dict[str, Any], spdx_id_prefix: str = "SPDXRef-") -> Dict[str, Any]:
LOWscripts/sbom/convert_cdx_to_spdx.py198def convert_cyclonedx_to_spdx(cdx_path: Path, output_path: Path = None) -> Dict[str, Any]:
LOWscripts/sbom/filter_and_enrich.py65def normalize_license_to_spdx(license_text: str) -> Optional[str]:
LOWscripts/sbom/filter_and_enrich.py165def parse_app_file_for_license(package_dir: Path, package_name: str) -> Optional[str]:
LOWscripts/sbom/filter_and_enrich.py296def find_package_source_directory(package_name: str, deps_dir: Path) -> Optional[Path]:
LOWscripts/sbom/filter_and_enrich.py422def filter_and_enrich_spdx_sbom(
Slop Phrases8 hits · 17 pts
SeverityFileLineSnippet
LOW.ci/docker-compose-file/clickhouse/config.xml341 Regexps are not aligned: don't forget to add ^ and $. Also don't forget to escape dot (.) metacharacter
MEDIUM.ci/docker-compose-file/cassandra/cassandra_noauth.yaml38# initial_token allows you to specify tokens manually. While you can use it with
MEDIUM.ci/docker-compose-file/cassandra/cassandra_noauth.yaml650# you may want to adjust max_value_size_in_mb accordingly. This should be positive and less than 2048.
LOW.ci/docker-compose-file/cassandra/cassandra_noauth.yaml870# Warning: before enabling this property make sure to ntp is installed
MEDIUM.ci/docker-compose-file/cassandra/cassandra.yaml38# initial_token allows you to specify tokens manually. While you can use it with
MEDIUM.ci/docker-compose-file/cassandra/cassandra.yaml650# you may want to adjust max_value_size_in_mb accordingly. This should be positive and less than 2048.
LOW.ci/docker-compose-file/cassandra/cassandra.yaml870# Warning: before enabling this property make sure to ntp is installed
LOWscripts/rel/cut.sh272 logwarn "Don't forget to push the tag to emqx/emqx"
Deep Nesting11 hits · 11 pts
SeverityFileLineSnippet
LOWscripts/sca-hyg.py18
LOWscripts/find_apps.py42
LOWscripts/find_apps.py75
LOWscripts/find_apps.py158
LOWscripts/find_apps.py181
LOWscripts/rerun-apps-version-check.py70
LOWscripts/test/test_find_apps.py23
LOWscripts/sbom/convert_cdx_to_spdx.py70
LOWscripts/sbom/convert_cdx_to_spdx.py149
LOWscripts/sbom/filter_and_enrich.py165
LOWscripts/sbom/filter_and_enrich.py339
Example Usage Blocks7 hits · 10 pts
SeverityFileLineSnippet
LOWplugins/emqx_acme/smoke/pebble_smoke.sh26## Usage:
LOWplugins/emqx_acme/smoke/cluster/cluster_smoke.sh37## Usage:
LOWplugins/emqx_bridge_mqtt_dq/smoke/smoke_docker.sh9## Usage:
LOWplugins/emqx_bridge_mqtt_dq/smoke/smoke_bench.sh13## Usage:
LOWscripts/sca-pkg.sh9## Usage:
LOWscripts/publish-docker-multi-arch.sh6## Usage:
LOWscripts/sbom/generate_sbom.sh13# Usage:
Unused Imports9 hits · 9 pts
SeverityFileLineSnippet
LOW.ci/docker-compose-file/iceberg/query/server.py1
LOWscripts/find_apps.py14
LOWscripts/find_apps.py16
LOWscripts/rerun-apps-version-check.py7
LOWscripts/rerun-apps-version-check.py11
LOWscripts/rerun-apps-version-check.py12
LOWscripts/rerun-apps-version-check.py13
LOWscripts/sbom/filter_and_enrich.py17
LOWscripts/sbom/filter_and_enrich.py21
Verbosity Indicators4 hits · 7 pts
SeverityFileLineSnippet
LOWscripts/sbom/generate_sbom.sh123# Step 1: Generate CycloneDX SBOM
LOWscripts/sbom/generate_sbom.sh142# Step 2: Convert CycloneDX to SPDX
LOWscripts/sbom/generate_sbom.sh161# Step 3: Filter SPDX SBOM
LOWscripts/sbom/generate_sbom.sh184# Step 4: Generate text report
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUM.ci/docker-compose-file/haproxy/haproxy.cfg65 # Create a stick table for session persistence
MEDIUMscripts/gen-elp-build-info.sh22# This function contains the original, working logic for processing an app directory.
Docstring Block Structure1 hit · 5 pts
SeverityFileLineSnippet
HIGHscripts/sbom/generate_text_report.py22Generate human-readable text report from SPDX SBOM using spdx-tools. Args: sbom_path: Path to SPDX JSON
Fake / Example Data2 hits · 2 pts
SeverityFileLineSnippet
LOW.ci/docker-compose-file/dex/config.dev.yaml44 - email: "admin@example.com"
LOW.ci/docker-compose-file/keycloak/realm-export.json25 "email": "admin@example.com",
AI Slop Vocabulary1 hit · 2 pts
SeverityFileLineSnippet
LOWscripts/find_apps.py112 # App not found in deps.txt, just add the changed app itself