Home / goharbor / harbor
Repository Analysis

goharbor/harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

5.2 Low AI signal View on GitHub
5.2
Adjusted Score
5.2
Raw Score
100%
Time Factor
2026-05-29
Last Push
28,588
Stars
Go
Language
427,231
Lines of Code
2909
Files
2168
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 3MEDIUM 12LOW 2153

Pattern Findings

2168 matches across 11 categories. Click a row to expand file-level details.

Over-Commented Block1935 hits · 1930 pts
SeverityFileLineSnippet
LOWtools/notary-migration-fix.sh1#!/bin/bash
LOWtools/copyright/header-check.sh1#!/bin/bash
LOWtools/copyright/header-check.sh21# 'fix' argument to automatically add headers to the missing files.
LOWtests/integration.sh1#!/bin/bash
LOWtests/integration.sh201# go get github.com/dghubble/sling
LOWtests/ci/api_common_install.sh21#---------------Set DNS for docker v20-----------------------#
LOWtests/test-engine-image/dockerd-entrypoint.sh1#!/bin/sh
LOWmake/photon/db/docker-entrypoint.sh21
LOWmake/photon/db/upgrade.sh41 cat /tmp/pg_upgrade_internal.log
LOW.github/workflows/codeql-analysis.yml21
LOW.github/workflows/codeql-analysis.yml41
LOWsrc/cmd/swagger/genyaml.go1// Copyright Project Harbor Authors
LOWsrc/cmd/standalone-db-migrator/main.go1// Copyright Project Harbor Authors
LOWsrc/cmd/exporter/main.go1// Copyright Project Harbor Authors
LOWsrc/portal/copyright.tmpl.js1// Copyright Project Harbor Authors
LOWsrc/portal/cypress/support/commands.ts1// ***********************************************
LOWsrc/portal/cypress/support/commands.ts21// create various custom commands and overwrite
LOWsrc/portal/cypress/support/commands.ts41//
LOWsrc/portal/cypress/support/e2e.ts1// ***********************************************************
LOWsrc/portal/src/main.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/app.component.spec.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/app.module.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/app.component.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/harbor-routing.module.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/index.ts1// Copyright Project Harbor Authors
LOW…pp/route-reuse-strategy/harbor-route-reuse-strategy.ts1// Copyright Project Harbor Authors
LOW…ute-reuse-strategy/harbor-route-reuse-strategy.spec.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/license/license.component.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/license/license.component.spec.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/license/license.module.ts1// Copyright Project Harbor Authors
LOW…c/portal/src/app/not-found/not-found.component.spec.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/not-found/not-found.module.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/not-found/not-found.component.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/shared/shared.module.ts1// Copyright Project Harbor Authors
LOW…app/shared/directives/max-length-ext.directive.spec.ts1// Copyright Project Harbor Authors
LOWsrc/portal/src/app/shared/directives/port.directive.ts1// Copyright Project Harbor Authors
LOW…/src/app/shared/directives/date-validator.directive.ts1// Copyright Project Harbor Authors
LOW…/src/app/shared/directives/max-length-ext.directive.ts1// Copyright Project Harbor Authors
LOW…ortal/src/app/shared/directives/port.directive.spec.ts1// Copyright Project Harbor Authors
LOW…app/shared/directives/date-validator.directive.spec.ts1// Copyright Project Harbor Authors
LOW…red/directives/scroll/scroll-section.directive.spec.ts1// Copyright Project Harbor Authors
LOW…ared/directives/scroll/scroll-anchor.directive.spec.ts1// Copyright Project Harbor Authors
LOW…p/shared/directives/scroll/scroll-section.directive.ts1// Copyright Project Harbor Authors
LOW…pp/shared/directives/scroll/scroll-anchor.directive.ts1// Copyright Project Harbor Authors
LOW…hared/directives/scroll/scroll-manager.service.spec.ts1// Copyright Project Harbor Authors
LOW…app/shared/directives/scroll/scroll-manager.service.ts1// Copyright Project Harbor Authors
LOW…/app/shared/router-guard/auth-user-activate.service.ts1// Copyright Project Harbor Authors
LOW…hared/router-guard/mode-guard-activate.service.spec.ts1// Copyright Project Harbor Authors
LOW…p/shared/router-guard/member-guard-activate.service.ts1// Copyright Project Harbor Authors
LOW…uter-guard/member-permission-guard-activate.service.ts1// Copyright Project Harbor Authors
LOW…/shared/router-guard/sign-in-guard-activate.service.ts1// Copyright Project Harbor Authors
LOW…/shared/router-guard/oidc-guard-active.service.spec.ts1// Copyright Project Harbor Authors
LOW…ed/router-guard/sign-in-guard-activate.service.spec.ts1// Copyright Project Harbor Authors
LOW…shared/router-guard/auth-user-activate.service.spec.ts1// Copyright Project Harbor Authors
LOW…p/shared/router-guard/system-admin-activate.service.ts1// Copyright Project Harbor Authors
LOW…c/app/shared/router-guard/oidc-guard-active.service.ts1// Copyright Project Harbor Authors
LOW…red/router-guard/system-admin-activate.service.spec.ts1// Copyright Project Harbor Authors
LOW…app/shared/router-guard/mode-guard-activate.service.ts1// Copyright Project Harbor Authors
LOW…red/router-guard/member-guard-activate.service.spec.ts1// Copyright Project Harbor Authors
LOW…guard/member-permission-guard-activate.service.spec.ts1// Copyright Project Harbor Authors
1875 more matches not shown…
Unused Imports114 hits · 114 pts
SeverityFileLineSnippet
LOWtools/migrate_chart/test_migrate_chart.py3
LOWtools/migrate_chart/test_migrate_chart.py5
LOWtools/migrate_chart/test_migrate_chart.py6
LOWtools/migrate_chart/test_migrate_chart.py7
LOWtests/apitests/python/test_tag_immutability.py1
LOWtests/apitests/python/test_retention.py1
LOW…ts/apitests/python/test_project_level_cve_allowlist.py1
LOW…s/python/test_scan_image_artifact_in_public_project.py1
LOWtests/apitests/python/test_scan_image_artifact.py1
LOWtests/apitests/python/test_scan_image_artifact.py7
LOWtests/apitests/python/test_quota_sorting.py1
LOWtests/apitests/python/test_scan_data_export.py3
LOWtests/apitests/python/test_user_crud.py1
LOWtests/apitests/python/test_edit_project_creation.py1
LOWtests/apitests/python/test_verify_metrics_enabled.py3
LOWtests/apitests/python/test_push_files_by_oras.py1
LOWtests/apitests/python/test_assign_role_to_ldap_group.py1
LOWtests/apitests/python/test_assign_role_to_ldap_group.py7
LOWtests/apitests/python/test_assign_role_to_ldap_group.py13
LOWtests/apitests/python/test_add_sys_label_to_tag.py1
LOWtests/apitests/python/test_banner_message.py3
LOW…tests/python/test_user_limited_guest_get_repository.py1
LOWtests/apitests/python/test_job_service_dashboard.py1
LOW…ts/apitests/python/test_retain_image_last_pull_time.py1
LOWtests/apitests/python/test_log_rotation.py1
LOW…sts/apitests/python/test_system_level_stop_scan_all.py1
LOW…/apitests/python/test_add_member_to_private_project.py1
LOWtests/apitests/python/test_ldap_admin_role.py1
LOWtests/apitests/python/test_ldap_admin_role.py4
LOWtests/apitests/python/test_system_level_scan_all.py1
LOWtests/apitests/python/test_tag_crud.py1
LOWtests/apitests/python/test_tag_crud.py9
LOWtests/apitests/python/test_tag_crud.py10
LOWtests/apitests/python/test_tag_crud.py11
LOWtests/apitests/python/test_tag_crud.py17
LOWtests/apitests/python/test_stop_scan_image_artifact.py1
LOWtests/apitests/python/test_stop_scan_image_artifact.py7
LOWtests/apitests/python/test_stop_scan_image_artifact.py7
LOWtests/apitests/python/test_p2p.py1
LOWtests/apitests/python/test_p2p.py5
LOWtests/apitests/python/test_p2p.py8
LOWtests/apitests/python/test_p2p.py9
LOWtests/apitests/python/test_p2p.py10
LOWtests/apitests/python/test_robot_account.py1
LOWtests/apitests/python/test_robot_account.py6
LOW…sts/apitests/python/test_replication_from_dockerhub.py1
LOW…/python/test_stop_sbom_generation_of_image_artifact.py1
LOW…/python/test_stop_sbom_generation_of_image_artifact.py7
LOW…/python/test_stop_sbom_generation_of_image_artifact.py7
LOWtests/apitests/python/test_del_repo.py1
LOW…ests/python/test_project_level_policy_content_trust.py1
LOWtests/apitests/python/test_cosign_sign_artifact.py3
LOWtests/apitests/python/test_referrers_api.py3
LOWtests/apitests/python/test_manage_project_member.py1
LOWtests/apitests/python/test_proxy_cache.py1
LOWtests/apitests/python/test_proxy_cache.py15
LOWtests/apitests/python/test_sys_cve_allowlists.py1
LOWtests/apitests/python/test_podman_pull_push.py3
LOWtests/apitests/python/test_webhook_crud.py1
LOWtests/apitests/python/test_webhook_crud.py7
54 more matches not shown…
Hyper-Verbose Identifiers64 hits · 74 pts
SeverityFileLineSnippet
LOWtests/apitests/python/test_tag_immutability.py85 def test_artifact_and_repo_is_undeletable(self):
LOWtests/apitests/python/test_tag_immutability.py221 #def test_replication_disability(self):
LOWtests/apitests/python/test_robot_account.py147 def verify_repository_pushable(self, project_access_list, system_ra_client):
LOWtests/apitests/python/test_robot_account.py155 def verify_repository_unpushable(self, project_access_list, system_ra_client, expected_login_error_message = "unauth
LOWtests/apitests/python/library/singularity.py10def set_singularity_login_env(user, password):
LOWtests/apitests/python/library/singularity.py14def singularity_push_to_harbor(harbor_server, sif_file, project, image, tag):
LOWtests/apitests/python/library/singularity.py20def push_singularity_to_harbor(from_URI, from_namespace, harbor_server, user, password, project, image, tag):
LOWtests/apitests/python/library/user.py98 def update_user_role_as_sysadmin(self, user_id, IsAdmin, **kwargs):
LOWtests/apitests/python/library/user.py117 def get_current_user_permissions(self, scope, relative, expect_status_code=200, expect_response_body=None, **kwargs)
LOWtests/apitests/python/library/configurations.py45 def set_configurations_of_project_creation_restriction(self, project_creation_restriction, expect_status_code = 200,
LOWtests/apitests/python/library/configurations.py51 def set_configurations_of_token_expiration(self, token_expiration, expect_status_code = 200, **kwargs):
LOWtests/apitests/python/library/configurations.py57 def set_configurations_of_ldap(self, ldap_filter=None, ldap_group_attribute_name=None,
LOWtests/apitests/python/library/configurations.py64 def set_configurations_of_audit_log_forword(self, audit_log_forward_endpoint=None, skip_audit_log_database=None, exp
LOWtests/apitests/python/library/configurations.py69 def set_configurations_of_retain_image_last_pull_time(self, is_skip, expect_status_code = 200, **kwargs):
LOWtests/apitests/python/library/configurations.py74 def set_configurations_of_banner_message(self, message, message_type=None, closable=None, from_date=None, to_date=No
LOWtests/apitests/python/library/artifact.py143 def check_image_sbom_generation_result(self, project_name, repo_name, reference, expected_scan_status = "Success", *
LOWtests/apitests/python/library/artifact.py172 def waiting_for_reference_exist(self, project_name, repo_name, reference, ignore_not_found = True, period = 60, loop
LOWtests/apitests/python/library/gc.py135 def validate_deletion_success(self, gc_id, **kwargs):
LOWtests/apitests/python/library/registry.py23 def get_registry_id_by_endpoint(self, endpoint, **kwargs):
LOWtests/apitests/python/library/docker_api.py66def docker_manifest_push_to_harbor(index, manifests, harbor_server, username, password, cfg_file = "./tests/apitests/pyt
LOWtests/apitests/python/library/scan_all.py57 def wait_until_scans_all_finish(self, **kwargs):
LOWtests/apitests/python/library/replication.py24 def trigger_replication_executions(self, rule_id, expect_status_code = 201, **kwargs):
LOWtests/apitests/python/library/replication.py28 def get_replication_executions(self, rule_id, expect_status_code = 200, **kwargs):
LOWtests/apitests/python/library/replication.py33 def create_replication_policy(self, dest_registry=None, src_registry=None, name=None, description="",
LOWtests/apitests/python/library/replication.py58 def check_replication_rule_should_exist(self, check_rule_id, expect_rule_name, expect_trigger = None, **kwargs):
LOWtests/apitests/python/library/retention.py110 def update_retention_add_rule(self, retention_id, selector_repository="**", selector_tag="**", with_untag="True", ex
LOWtests/apitests/python/library/retention.py162 def get_retention_exec_task_log(self, retention_id, exec_id, task_id, expect_status_code = 200, **kwargs):
LOWtests/apitests/python/library/scan.py25 def sbom_generation_of_artifact(self, project_name, repo_name, reference, expect_status_code = 202, expect_response_
LOWtests/apitests/python/library/tag_immutability.py11 def create_tag_immutability_policy_rule(self, project_id, selector_repository_decoration = "repoMatches",
LOWtests/apitests/python/library/tag_immutability.py45 def list_tag_immutability_policy_rules(self, project_id, **kwargs):
LOWtests/apitests/python/library/tag_immutability.py57 def update_tag_immutability_policy_rule(self, project_id, rule_id, selector_repository_decoration = None,
LOWtests/apitests/python/library/robot.py120 def update_system_robot_account(self, robot_id, robot_name, robot_account_Permissions_list, disable = None, expect_s
LOWtests/apitests/python/library/robot.py126 def refresh_robot_account_secret(self, robot_id, robot_new_sec, expect_status_code = 200, **kwargs):
LOWtests/apitests/python/library/scan_stop.py27 def stop_sbom_generation_of_artifact(self, project_name, repo_name, reference, expect_status_code = 202, expect_resp
LOWtests/apitests/python/library/scan_data_export.py13 def get_scan_data_export_execution_list(self, expect_status_code=200, expect_response_body=None, **kwargs):
LOWtests/apitests/python/library/scan_data_export.py24 def get_scan_data_export_execution(self, execution_id, expect_status_code=200, expect_response_body=None, **kwargs):
LOWtests/apitests/python/library/repository.py44def push_self_build_image_to_project(project_name, registry, username, password, image, tag, size=2, expected_login_erro
LOWtests/apitests/python/library/repository.py53def push_special_image_to_project(project_name, registry, username, password, image, tags=None, size=1, expected_login_e
LOWtests/apitests/python/library/repository.py60def push_local_image_to_project(registry, username, password, original_image, original_tag, target_image, target_tag):
LOWtests/apitests/python/library/project.py11def is_member_exist_in_project(members, member_user_name, expected_member_role_id = None):
LOWtests/apitests/python/library/project.py157 def check_project_member_not_exist(self, project_id, member_user_name, **kwargs):
LOWtests/apitests/python/library/project.py164 def check_project_members_exist(self, project_id, member_user_name, expected_member_role_id = None, **kwargs):
LOWtests/apitests/python/library/project.py171 def update_project_member_role(self, project_id, member_id, member_role_id, expect_status_code = 200, **kwargs):
LOWtests/robot-cases/Group3-Upgrade/util.py4def convert_int_to_readable_file_size(file_size):
LOWtests/robot-cases/Group3-Upgrade/prepare.py255 def update_project_setting_metadata(self, project, public, contenttrust, preventrunning, preventseverity, scanonpush
LOWtests/robot-cases/Group3-Upgrade/prepare.py292 def update_project_setting_allowlist(self, project, reuse_sys_cve_whitelist, cve_id_list, **kwargs):
LOWtests/robot-cases/Group3-Upgrade/prepare.py326 def update_interrogation_services(self, cron, **kwargs):
LOWtests/robot-cases/Group3-Upgrade/prepare.py362 def add_project_robot_account(self, project, robot_account, **kwargs):
LOWtests/robot-cases/Group3-Upgrade/prepare.py483 def add_tag_immutability_rule(self, project, tag_immutability_rule, **kwargs):
LOWmake/photon/prepare/test_purgeuploads.py47 def test_validate_config_invalid_format(self):
LOWmake/photon/prepare/test_purgeuploads.py58 def test_validate_config_invalid_format(self):
LOWmake/photon/prepare/test_purgeuploads.py69 def test_validate_config_disabled_invalid_format(self):
LOWmake/photon/prepare/test_purgeuploads.py79 def test_validate_config_invalid_string(self):
LOWmake/photon/prepare/utils/registry.py83def get_storage_provider_info(provider_name, provider_config):
LOWmake/photon/prepare/utils/nginx.py83def copy_nginx_location_configs_if_exist(src_config_dir, dst_config_dir, filename_pattern):
LOWmake/photon/prepare/utils/nginx.py87 def add_additional_location_config(src, dst):
LOWsrc/portal/src/app/shared/units/utils.ts168export function buildHttpRequestOptionsWithObserveResponse(
LOWsrc/portal/src/app/shared/units/utils.ts961export function getPageSizeFromLocalStorage(
LOWsrc/portal/src/app/shared/units/utils.ts979export function setPageSizeToLocalStorage(key: string, pageSize: number) {
LOWsrc/portal/src/app/shared/units/utils.ts994export function getHiddenArrayFromLocalStorage(
4 more matches not shown…
Excessive Try-Catch Wrapping24 hits · 29 pts
SeverityFileLineSnippet
LOWtools/migrate_chart/migrate_chart.py79 except Exception as e:
LOWtools/migrate_chart/migrate_chart.py134 except Exception as e:
MEDIUMtests/apitests/python/testutils.py80 print("Error message:", each_err_msg)
LOWtests/apitests/python/library/system.py80 except Exception as e:
LOWtests/apitests/python/library/docker_api.py111 except Exception as err:
LOWtests/apitests/python/library/docker_api.py140 except Exception as err:
LOWtests/apitests/python/library/docker_api.py180 except Exception as err:
LOWtests/apitests/python/library/docker_api.py227 except Exception as err:
LOWtests/apitests/python/library/oras.py42 except Exception as e:
LOWtests/apitests/python/library/oras.py57 except Exception as e:
MEDIUMtests/apitests/python/library/oras.py35def oras_push_cmd(harbor_server, project, repo, tag):
MEDIUMtests/apitests/python/library/oras.py49def oras_pull(harbor_server, user, password, project, repo, tag):
LOWtests/apitests/python/library/repository.py99 except Exception as e:
LOWtests/apitests/python/library/base.py99 except Exception:
LOWtests/apitests/python/library/base.py144 except Exception as e:
MEDIUMtests/apitests/python/library/base.py95def _get_id_from_header(header):
MEDIUMtests/apitests/python/library/base.py139def run_command_with_popen(command):
LOWtests/robot-cases/Group3-Upgrade/prepare.py131 except Exception:
LOWtests/robot-cases/Group3-Upgrade/prepare.py610 except Exception as e:
LOWtests/robot-cases/Group3-Upgrade/prepare.py674 except Exception as e:
LOWmake/photon/prepare/utils/misc.py98 except Exception as e:
LOWmake/photon/prepare/utils/configs.py68 except Exception as e:
LOWmake/photon/prepare/utils/migration.py36 except Exception as e:
LOWmake/photon/prepare/commands/prepare.py36 except Exception as e:
Cross-Language Confusion3 hits · 15 pts
SeverityFileLineSnippet
HIGHtests/apitests/python/test_podman_pull_push.py63 podman.push("{}:{}".format(self.source_image, self.source_tag), "{}/{}/{}:{}".format(harbor_server, project_name
HIGHtests/apitests/python/library/docker_api.py179 ret = self.DCLIENT.push(harbor_registry, tag)
HIGHtests/apitests/python/library/docker_api.py223 ret = self.DCLIENT.push(repo)
AI Slop Vocabulary6 hits · 14 pts
SeverityFileLineSnippet
MEDIUMsrc/portal/package-lock.json15784 "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.2.tgz",
MEDIUMsrc/controller/scan/base_controller.go449 // for controller to capture the stop flag, leverage the key recycled
MEDIUMsrc/controller/tag/controller.go228 // in order to leverage the signature and immutable status check
LOWsrc/pkg/chart/testdata/harbor-schema2/values.yaml181 # it. To disable redirects, simply set `disableredirect` to `true` instead.
LOWsrc/pkg/chart/testdata/harbor-schema1/values.yaml181 # it. To disable redirects, simply set `disableredirect` to `true` instead.
MEDIUMsrc/pkg/scan/util.go75 // TODO to leverage the artifactType of distribution spec v1.1 to specify the sbom type.
Deep Nesting12 hits · 12 pts
SeverityFileLineSnippet
LOWtools/migrate_chart/migrate_chart.py110
LOWtests/apitests/python/library/artifact.py115
LOWtests/apitests/python/library/artifact.py143
LOWtests/apitests/python/library/project.py11
LOWtests/robot-cases/Group3-Upgrade/prepare.py102
LOWtests/robot-cases/Group3-Upgrade/prepare.py174
LOWtests/robot-cases/Group3-Upgrade/prepare.py272
LOWtests/robot-cases/Group3-Upgrade/prepare.py292
LOWtests/robot-cases/Group3-Upgrade/prepare.py362
LOWmake/photon/prepare/models.py186
LOWmake/photon/prepare/utils/configs.py101
LOWmake/photon/prepare/utils/registry.py44
Redundant / Tautological Comments5 hits · 8 pts
SeverityFileLineSnippet
LOWtools/copyright/header-check.sh23# Check if headers are fine:
LOWsrc/pkg/chart/testdata/harbor-schema2/values.yaml2 # Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer"
LOWsrc/pkg/chart/testdata/harbor-schema2/values.yaml135 # Set it to "-" to disable dynamic provisioning
LOWsrc/pkg/chart/testdata/harbor-schema1/values.yaml2 # Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer"
LOWsrc/pkg/chart/testdata/harbor-schema1/values.yaml135 # Set it to "-" to disable dynamic provisioning
Slop Phrases2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMsrc/pkg/chart/testdata/harbor-schema2/values.yaml119# For storing images and charts, you can also use "azure", "gcs", "s3",
MEDIUMsrc/pkg/chart/testdata/harbor-schema1/values.yaml119# For storing images and charts, you can also use "azure", "gcs", "s3",
Decorative Section Separators1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMmake/pushimage.sh102# ---------------------------
Fake / Example Data2 hits · 2 pts
SeverityFileLineSnippet
LOWsrc/server/middleware/security/session_test.go49 Email: "admin@example.com",
LOWsrc/controller/artifact/processor/cnab/cnab_test.go77 "name": "Jane Doe",