Home / hashicorp / nomad
Repository Analysis

hashicorp/nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.

0.8 Likely human-written View on GitHub
0.8
Adjusted Score
0.8
Raw Score
100%
Time Factor
2026-05-29
Last Push
16,530
Stars
Go
Language
853,824
Lines of Code
5310
Files
490
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 8HIGH 5MEDIUM 39LOW 438

Pattern Findings

490 matches across 10 categories. Click a row to expand file-level details.

Over-Commented Block414 hits · 414 pts
SeverityFileLineSnippet
LOWdemo/csi/ceph-csi-plugin/ceph-csi-id.tf1# Copyright IBM Corp. 2015, 2026
LOWui/app/routes/administration/policies/new.js61# * read-job
LOWui/tests/helpers/index.ts21 //
LOWenos/enos-scenario-upgrade.hcl161
LOWdrivers/docker/config.go161 // and is used to parse the contents of the 'plugin "docker" {...}' block.
LOWdrivers/docker/win32_volume_parse.go21 // myname:d:
LOWdrivers/docker/win32_volume_parse.go41
LOWdrivers/docker/driver.go941//
LOWdrivers/docker/driver_test.go141
LOWdrivers/shared/capabilities/defaults.go21 extractLiteral = regexp.MustCompile(`([\w]+)`)
LOWdrivers/shared/capabilities/defaults.go121//
LOWdrivers/shared/executor/utils.go161const (
LOWdrivers/shared/executor/executor.go61 // Launch a user process configured by the given ExecCommand
LOWdrivers/shared/executor/executor.go201// Critical: is "/reserve/<id>" or "/share"; do not try to parse this!
LOWdrivers/shared/executor/executor_universal_linux.go81// its use case is for removing the cgroup from the system once it is no longer
LOWdrivers/shared/executor/procstats/procstats.go81 Pids: procStats,
LOWdrivers/qemu/driver.go581
LOWplugins/csi/client.go41// According to CSI, there are a few requirements for the keys within this map:
LOWplugins/csi/plugin.go81 NodeGetCapabilities(ctx context.Context) (*NodeCapabilitySet, error)
LOWplugins/csi/plugin.go121 // If the volume was attached via a call to `ControllerPublishVolume` then
LOWplugins/csi/plugin.go201 // The path to which the volume MAY be staged. It MUST be an
LOWplugins/drivers/driver.go601
LOWplugins/shared/hclspec/hcl_spec.pb.go1// Code generated by protoc-gen-go. DO NOT EDIT.
LOWplugins/shared/hclspec/hcl_spec.pb.go21// `min(numbers...)` returns the smallest of the given numbers.
LOWplugins/shared/hclspec/hcl_spec.pb.go41// `number` is an arbitrary-precision floating point number.
LOWplugins/shared/hclspec/hcl_spec.pb.go61)
LOWplugins/shared/hclspec/hcl_spec.pb.go281// Attr {
LOWplugins/shared/hclspec/hcl_spec.pb.go361// creates validation constraints for the given block type name.
LOWplugins/shared/hclspec/hcl_spec.pb.go381// input file. This may be omitted when a default name selector is created
LOWplugins/shared/hclspec/hcl_spec.pb.go441func (m *Block) GetNested() *Spec {
LOWplugins/shared/hclspec/hcl_spec.pb.go461// but due to the constraints of that syntax it also means that the user will
LOWplugins/shared/hclspec/hcl_spec.pb.go541//
LOWplugins/shared/hclspec/hcl_spec.pb.go561// `min_items` (optional) - If set to a number greater than zero, `hcldec` will
LOWplugins/shared/hclspec/hcl_spec.pb.go641// name = "log_file"
LOWplugins/shared/hclspec/hcl_spec.pb.go721// result is a JSON object, or possibly multiple nested JSON objects, whose
LOWplugins/shared/hclspec/hcl_spec.pb.go741// input file. This may be omitted when a default name selector is created
LOWplugins/shared/hclspec/hcl_spec.pb.go861func (m *Literal) GetValue() string {
LOWplugins/shared/hclspec/hcl_spec.pb.go881// }
LOWplugins/shared/hclspec/hcl_spec.pb.go941// spec blocks:
LOWplugins/shared/hclspec/hcl_spec.pb.go1001 if m != nil {
LOWci/slow.go21// Parallel runs t in parallel, unless CI is set to a true value.
LOWscheduler/annotate.go21 UpdateTypeIgnore = "ignore"
LOWscheduler/util.go921 // Since this is an inplace update, we should copy network and port
LOWscheduler/doc.go1// Copyright IBM Corp. 2015, 2026
LOWscheduler/feasible/device.go61// Matches returns whether the given device instance is on a PCI bus that is
LOWscheduler/feasible/doc.go1// Copyright IBM Corp. 2015, 2026
LOWscheduler/feasible/rank.go441 // deviceMemoryNode will record which NUMA memory node our devices
LOWscheduler/structs/interfaces.go21
LOWscheduler/structs/interfaces.go121
LOWscheduler/structs/doc.go1// Copyright IBM Corp. 2015, 2026
LOWscheduler/benchmarks/benchmarks_test.go21// benchmark for the Nomad scheduler. The starting state for your
LOWscheduler/reconciler/reconcile_cluster.go81 // clusterState stores frequently accessed properties of the cluster:
LOWscheduler/reconciler/reconcile_cluster.go1261// reconnect, which ones to stop, and the stop results for the latter.
LOWscheduler/reconciler/filters.go21 markStop(migrate, "", sstructs.StatusAllocNotNeeded),
LOWscheduler/reconciler/filters.go421}
LOWjobspec2/hcl_conversions.go361 t.Env = envAttr
LOWjobspec2/hcl_conversions.go381// }
LOWjobspec2/types.variables.go41 Expr hcl.Expression
LOWjobspec2/types.variables.go361
LOWjobspec2/addrs/referenceable.go1// Copyright IBM Corp. 2015, 2026
354 more matches not shown…
Hallucination Indicators8 hits · 80 pts
SeverityFileLineSnippet
CRITICAL…integration/components/das/recommendation-card-test.js159 RecommendationCard.activeTask.totalsTable.recommended.cpu.as(
CRITICAL…integration/components/das/recommendation-card-test.js166 RecommendationCard.activeTask.totalsTable.recommended.memory.as(
CRITICAL…integration/components/das/recommendation-card-test.js210 RecommendationCard.activeTask.totalsTable.recommended.cpu.as(
CRITICALscheduler/util.go681 Networks: update.Alloc.AllocatedResources.Shared.Networks.Copy(),
CRITICALscheduler/feasible/rank.go475 nodeCores := option.Node.NodeResources.Processors.Topology.UsableCores()
CRITICALscheduler/feasible/rank.go569 availableCores: option.Node.NodeResources.Processors.Topology.UsableCores(),
CRITICALscheduler/feasible/rank.go681 nodeCores := option.Node.NodeResources.Processors.Topology.UsableCores()
CRITICALclient/allocrunner/taskrunner/task_runner.go1233 PercentTicks: float64(taskResources.Cpu.CpuShares) / float64(tr.clientConfig.Node.NodeResources.Processors.Topol
Decorative Section Separators14 hits · 57 pts
SeverityFileLineSnippet
MEDIUMnomad/node_endpoint.go636// ┌────────────────────────────────────── No ───┐
MEDIUMnomad/node_endpoint.go638// ┌──▼───┐ ┌─────────────┐ ┌────────┴────────┐
MEDIUMnomad/node_endpoint.go640// └──▲──▲┘ └─────┬───────┘ └────────┬────────┘
MEDIUMnomad/node_endpoint.go642// │ │ └─ No ─┐ ┌─────── Yes ──┘
MEDIUMnomad/node_endpoint.go644// │ │ ┌────────▼──▼───────┐
MEDIUMnomad/node_endpoint.go645// │ └──────────No───┤ Node pool exists? │
MEDIUMnomad/node_endpoint.go646// │ └─────────┬─────────┘
MEDIUMnomad/node_endpoint.go650// ┌──────┴───────┐ ┌───▼───┐ ┌──────┐
MEDIUMnomad/node_endpoint.go652// └──────────────┘ └───▲───┘ └──┬───┘
MEDIUMnomad/node_endpoint.go654// └──── ready ─────┘
MEDIUMe2e/terraform/variables.tf50# ----------------------------------------
MEDIUMe2e/terraform/variables.tf103# ----------------------------------------
MEDIUMe2e/terraform/provision-infra/variables.tf50# ----------------------------------------
MEDIUMe2e/terraform/provision-infra/variables.tf106# ----------------------------------------
AI Slop Vocabulary15 hits · 45 pts
SeverityFileLineSnippet
MEDIUMui/app/utils/qp-serialize.js8// An unattractive but robust way to encode query params
MEDIUMui/app/controllers/jobs/index.js110 // overwrite this controller's jobIDs, leverage its index, and
MEDIUMui/mirage/config.js595 // Use the server instead of the schema to leverage the job factory
MEDIUMui/mirage/config.js610 // Use the server instead of the schema to leverage the job factory
MEDIUMdrivers/docker/win32_volume_parse.go49 // - Essentially using the folder solution from
MEDIUMnomad/job_endpoint_hooks.go68 // groups that utilize Nomad's native service discovery checks feature. This
MEDIUMnomad/job_endpoint_hooks.go79 // utilize Nomad's NUMA aware scheduling which requires Nomad 1.7 or later.
MEDIUMnomad/job_endpoint_hooks.go86 // numaKernelConstraint is the constraint injected into task groups that utilize
MEDIUMnomad/consul.go35// the Consul scope. There was a Meta field introduced which Nomad can leverage
MEDIUMapi/internal/testutil/discover/discover.go70 // delve debug executable for debugging test
MEDIUMcommand/deployment_status.go393 // TODO We may want to find a more robust way of waiting for rollbacks to launch instead of
MEDIUMcommand/deployment_status.go502 // TODO We may want to find a more robust way of waiting for rollbacks to launch instead of
MEDIUMcommand/agent/agent.go1384 // running consul-template functions that utilize the Nomad API. We lazy
MEDIUM…nt/allocrunner/taskrunner/template/template_default.go152 // stderr the same way CT does so the results look seamless
MEDIUMclient/hostvolumemanager/host_volumes.go346 // dynamic volumes, like CSI, have more robust `capabilities`,
Cross-Language Confusion (JS/TS)5 hits · 32 pts
SeverityFileLineSnippet
HIGH…app/utils/sentinel_policy_templates/restrict-images.js37 print(task.config.image, "in task", task.name, "does not conform to policy, not in allowed images", allowed_im
HIGH…app/utils/sentinel_policy_templates/restrict-images.js46 print(task.config.image, "in task", task.name, "does not conform to policy, using :latest instead of a specifi
HIGH…app/utils/sentinel_policy_templates/restrict-images.js51 print(task.config.image, "in task", task.name, "does not conform to policy, not from an allowed registry", allow
HIGHui/mirage/scenarios/default.js712print("volume is missing tag")
HIGHui/mirage/scenarios/default.js729print("volume is missing tag")
Self-Referential Comments7 hits · 21 pts
SeverityFileLineSnippet
MEDIUMdemo/csi/digitalocean/.terraform.lock.hcl1# This file is maintained automatically by "terraform init".
MEDIUMui/app/utils/default_jobs/variables.js52 # Create a template resource that will be used to render the html file
MEDIUMdrivers/docker/test-resources/docker/gen_stopsignal.sh6# Create the tarball used in TestDockerDriver_StopSignal
MEDIUM.github/actions/jira/transition/jira-transition.bash45# Create the initial payload. This will be updated as needed prior
MEDIUM…ithub/actions/jira/sync-comment/jira-sync-comment.bash29# Create the comment
MEDIUM.github/actions/jira/create/jira-create.bash64# Create the issue
MEDIUMcommand/quota_init.go117# Create a limit for the global region. Additional limits may
Hyper-Verbose Identifiers15 hits · 15 pts
SeverityFileLineSnippet
LOWui/app/utils/rollback-without-changed-attrs.js6export default function rollbackWithoutChangedAttrs(model) {
LOWui/app/abilities/client.js41function policiesIncludePermissions(policies = [], permissions = []) {
LOWui/app/adapters/watchable.js442function hasNonBlockingQueryParams(options) {
LOWui/app/adapters/watchable.js457function shouldPreAdvanceWatchIndex() {
LOWui/app/helpers/format-scheduled-hertz.js17function formatScheduledHertzHelper([hertz], { start }) {
LOWui/app/helpers/format-scheduled-bytes.js17function formatScheduledBytesHelper([bytes], { start }) {
LOWui/tests/utils/ember-power-select-extensions.js17async function openIfClosedAndGetContentId(trigger) {
LOWui/tests/acceptance/optimize-test.js22function getLatestRecommendationSubmitTimeForJob(job) {
LOWui/tests/acceptance/job-deployments-test.js313 function promotionTestForTaskGroup(taskGroup) {
LOWui/tests/helpers/module-for-job.js272export function moduleForJobWithClientStatus(
LOWui/tests/helpers/glimmer-factory.js25export default function setupGlimmerComponentFactory(hooks, componentKey) {
LOWui/tests/helpers/glimmer-factory.js39function glimmerComponentInstantiator(owner, componentKey) {
LOWui/tests/helpers/setup-authenticated-acceptance.js6export default function setupAuthenticatedAcceptance(
LOWui/mirage/factories/evaluation.js140export function generateTaskGroupFailures() {
LOWui/mirage/scenarios/default.js1260function getScenarioQueryParameter() {
Verbosity Indicators7 hits · 10 pts
SeverityFileLineSnippet
LOWclient/allocrunner/alloc_runner_test.go1850 // Step 1: start and run a task
LOWclient/allocrunner/taskrunner/plugin_supervisor_hook.go297 // Step 1: Wait for the plugin to initially become available.
LOWclient/allocrunner/taskrunner/plugin_supervisor_hook.go327 // Step 2: Register the plugin with the catalog.
LOWclient/allocrunner/taskrunner/plugin_supervisor_hook.go336 // Step 3: Start the lightweight supervisor loop. At this point,
LOWclient/pluginmanager/csimanager/volume_test.go82 // Step 1: Validate that the test case makes sense
LOWclient/pluginmanager/csimanager/volume_test.go94 // Step 2: Test Setup
LOWclient/pluginmanager/csimanager/volume_test.go109 // Step 3: Now we can do some testing
Slop Phrases3 hits · 9 pts
SeverityFileLineSnippet
MEDIUMscripts/example_weave.bash81 # Script checks are run from inside the container, so you can use
MEDIUMe2e/terraform/variables.tf104# If you want to deploy different versions you can use these variables to
MEDIUMe2e/terraform/provision-infra/variables.tf107# If you want to deploy different versions you can use these variables to
Fake / Example Data2 hits · 2 pts
SeverityFileLineSnippet
LOWcontributing/CHANGELOG.md85main: Lorem ipsum dolor `sit amet`, _consectetur_ adipiscing elit, **sed** do
LOWclient/allocrunner/taskrunner/getter/sandbox_test.go935 cmd = exec.Command("git", "config", "user.email", "user@example.com")