Home / hashicorp / packer
Repository Analysis

hashicorp/packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.

0.9 Likely human-written View on GitHub
0.9
Adjusted Score
0.9
Raw Score
100%
Time Factor
2026-05-30
Last Push
15,691
Stars
Go
Language
111,547
Lines of Code
865
Files
85
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 5LOW 80

Pattern Findings

85 matches across 7 categories. Click a row to expand file-level details.

Over-Commented Block69 hits · 69 pts
SeverityFileLineSnippet
LOW.golangci.yml61 # include test files or not, default is true
LOW.golangci.yml81 # won't be reported. Default value is empty list, but there is
LOW.golangci.yml121
LOWmain.go121 // We're the child, so just close the tempfile we made in order to
LOWdatasource/hcp-packer-iteration/data.go61 return nil
LOWdatasource/hcp-packer-image/data.go41 // `hcp-packer-image`s use a shared `hcp-packer-iteration` that will
LOWdatasource/hcp-packer-image/data.go101 return nil
LOWacctest/testing.go41 // Check is called after this step is executed in order to test that
LOWacctest/testing.go81type TestBuilderSet struct {
LOWwebsite/scripts/website-start.sh1######################################################
LOWwebsite/scripts/website-build.sh1######################################################
LOWprovisioner/file/provisioner.go21 "github.com/hashicorp/packer-plugin-sdk/template/config"
LOWprovisioner/file/provisioner.go41 // A list of sources to upload. This can be used in place of the `source`
LOWprovisioner/powershell/provisioner.go81 // Defaults to false. When true any script created by a non-elevated Powershell
LOWprovisioner/hcp-sbom/syft_dependency.go1// Copyright IBM Corp. 2013, 2025
LOWprovisioner/hcp-sbom/provisioner.go41 common.PackerConfig `mapstructure:",squash"`
LOWprovisioner/hcp-sbom/provisioner.go61
LOWprovisioner/hcp-sbom/provisioner.go81
LOWprovisioner/hcp-sbom/provisioner.go101 // Examples:
LOWprovisioner/hcp-sbom/provisioner.go121 // With specific user:
LOWprovisioner/hcp-sbom/provisioner.go221 // are prepared twice in HCL2.
LOWhcl2template/docs.go1// Copyright IBM Corp. 2013, 2025
LOWhcl2template/types.packer_config.go221// func (c *PackerConfig) localByName(local string) (*LocalBlock, error) {
LOWhcl2template/types.variables.go21// A consistent detail message for all "not a valid identifier" diagnostics.
LOWhcl2template/types.variables.go61 // Values contains possible values for the variable; The last value set
LOWhcl2template/types.variables.go441
LOWhcl2template/parser.go81 hcl2VarJsonFileExt = ".pkrvars.json"
LOWhcl2template/parser.go401func (cfg *PackerConfig) buildPrereqsDAG() (*dag.AcyclicGraph, error) {
LOWhcl2template/addrs/referenceable.go1// Copyright IBM Corp. 2013, 2025
LOWhcl2template/addrs/parse_ref.go21// given traversal, which must be an absolute traversal or this function
LOWhcl2template/addrs/plugin.go41 return p.Source
LOWhcl2template/addrs/plugin.go61// subsequent call, in which case the result will be identical.
LOWhcl2template/addrs/plugin.go161
LOWhcl2template/addrs/doc.go1// Copyright IBM Corp. 2013, 2025
LOWhcl2template/repl/repl.go1// Copyright IBM Corp. 2013, 2025
LOWhcl2template/function/encoding.go41 },
LOWhcl2template/function/datetime.go81 }
LOWversion/version.go21
LOWexamples/hcl/linux/source.vsphere-iso.pkr.hcl1// I use the following config with direnv and set the following values:
LOWfix/fixer.go1// Copyright IBM Corp. 2013, 2025
LOW.github/CONTRIBUTING.md441
LOW.github/CONTRIBUTING.md461 // test running. For example, you can use this to make sure certain
LOW.github/CONTRIBUTING.md481 //
LOW.github/CONTRIBUTING.md621```go
LOW.github/CONTRIBUTING.md641 // is a valid entry for "template" here, but the complete Packer template:
LOWpacker_test/common/plugin.go161 customisations []BuildCustomisation
LOWpacker_test/common/plugin.go181// the plugin's version, etc.
LOWpacker_test/common/check/pipe_checker.go181// PipeChecker is a kind of checker that essentially lets users write mini
LOW…er_test/provisioner_tests/hcp-sbom/provisioner_test.go21 AddEnv("PATH", os.Getenv("PATH")).
LOWcommand/init_test.go61 tests := []testCaseInit{
LOWcommand/init_test.go81 // "github.com/hashicorp/hashicups/packer-plugin-hashicups_v1.0.1_x5.0_linux_amd64_SHA256SUM": "0a4e4e1d6de280
LOWcommand/hcl2_upgrade.go41# Avoid mixing go templating calls ( for example ` + "```{{ upper(`string`) }}```" + ` )
LOWcommand/hcl2_upgrade.go61# build blocks. A build block runs provisioner and post-processors on a
LOWcommand/hcl2_upgrade.go701 // HACK: we take the most complex element of that map because
LOW…d/test-fixtures/hcl2_upgrade/complete/expected.pkr.hcl1# This file was autogenerated by the 'packer hcl2_upgrade' command. We
LOW…est-fixtures/hcl2_upgrade/source-name/expected.pkr.hcl1# This file was autogenerated by the 'packer hcl2_upgrade' command. We
LOW…nd/test-fixtures/hcl2_upgrade/minimal/expected.pkr.hcl1# This file was autogenerated by the 'packer hcl2_upgrade' command. We
LOW…mplete-variables-with-template-engine/expected.pkr.hcl21# unhandled "replace_all" call:
LOW…cl2_upgrade/error-cleanup-provisioner/expected.pkr.hcl1# This file was autogenerated by the 'packer hcl2_upgrade' command. We
LOWhelper/wrappedreadline/wrappedreadline.go1// Copyright IBM Corp. 2013, 2025
9 more matches not shown…
Slop Phrases4 hits · 12 pts
SeverityFileLineSnippet
MEDIUMcommand/hcl2_upgrade.go47# views them; you can change their type later on. Read the variables type
MEDIUM…d/test-fixtures/hcl2_upgrade/complete/expected.pkr.hcl26# views them; you can change their type later on. Read the variables type
MEDIUM…est-fixtures/hcl2_upgrade/source-name/expected.pkr.hcl26# views them; you can change their type later on. Read the variables type
MEDIUM…nd/test-fixtures/hcl2_upgrade/minimal/expected.pkr.hcl26# views them; you can change their type later on. Read the variables type
Verbosity Indicators5 hits · 10 pts
SeverityFileLineSnippet
LOWprovisioner/hcp-sbom/provisioner.go488 // Step 1: Download scanner binary with retry logic (max 3 attempts)
LOWprovisioner/hcp-sbom/provisioner.go508 // Step 2: Upload scanner to remote
LOWprovisioner/hcp-sbom/provisioner.go516 // Step 3: Run scanner on remote
LOWprovisioner/hcp-sbom/provisioner.go524 // Step 4: Download SBOM from remote
LOWprovisioner/hcp-sbom/provisioner.go531 // Step 5: Process SBOM for HCP (validate, compress, store)
Fake / Example Data4 hits · 4 pts
SeverityFileLineSnippet
LOW…p-packer-version/test-fixtures/hcp-setup-build.pkr.hcl7 content = "Lorem ipsum dolor sit amet"
LOW…p-packer-version/test-fixtures/hcp-setup-build.pkr.hcl7 content = "Lorem ipsum dolor sit amet"
LOW…packer-iteration/test-fixtures/hcp-setup-build.pkr.hcl7 content = "Lorem ipsum dolor sit amet"
LOW…packer-iteration/test-fixtures/hcp-setup-build.pkr.hcl7 content = "Lorem ipsum dolor sit amet"
Self-Referential Comments1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMscripts/codesign_example.sh50# Create the sign/notarize ID "SN_ID"
AI Slop Vocabulary1 hit · 2 pts
SeverityFileLineSnippet
LOWscripts/build.sh36# NOTE: I'm unsure why you don't just use realpath like below
Redundant / Tautological Comments1 hit · 2 pts
SeverityFileLineSnippet
LOW.github/workflows/nightly-release.yml32 # Set BUILD_OUTPUT_LIST to out\<project>-<version>.<fileext>\*,out\...