Home / moby / moby
Repository Analysis

moby/moby

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems

0.6 Likely human-written View on GitHub
0.6
Adjusted Score
0.6
Raw Score
100%
Time Factor
2026-05-29
Last Push
71,603
Stars
Go
Language
781,540
Lines of Code
2358
Files
419
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 16LOW 403

Pattern Findings

419 matches across 8 categories. Click a row to expand file-level details.

Over-Commented Block377 hits · 377 pts
SeverityFileLineSnippet
LOW.golangci.yml81 # Check whether fmt.Errorf uses the %w verb for formatting errors.
LOW.golangci.yml261 first: false
LOWcmd/docker-proxy/main_linux.go21 parentPipeFd uintptr = 3 + iota
LOWcmd/docker-proxy/udp_proxy_linux.go121 again:
LOWcmd/dockerd/winresources/event_messages.h1/* Do not edit this file manually.
LOWcmd/dockerd/winresources/event_messages.h21// Sev - is the severity code
LOWcmd/dockerd/winresources/winresources.go1// Package winresources is used to embed Windows resources into dockerd.exe.
LOWintegration/networking/port_mapping_linux_test.go1181// IP address 172.17.24.2, and its port 443 is exposed on the host, no remote
LOW…n/network/bridge/iptablesdoc/iptablesdoc_linux_test.go1// Package iptablesdoc runs docker, creates networks, runs containers and
LOW…n/network/bridge/nftablesdoc/nftablesdoc_linux_test.go1// Package nftablesdoc runs docker, creates networks, runs containers and
LOW…n/network/bridge/nftablesdoc/nftablesdoc_linux_test.go401 // elements = { "docker0" : jump filter-forward-in__docker0 }
LOWintegration/internal/termtest/stripansi.go1package termtest
LOWintegration/image/inspect_test.go81 assert.Check(t, inspect.Descriptor.Digest.String() == inspect.ID)
LOWintegration/image/inspect_test.go101// # nginx
LOWintegration/container/copy_linux_test.go21//
LOWintegration/container/exec_test.go261 //
LOWintegration/container/restart_test.go221 }
LOWintegration/container/testdata/socketcall.c1#include <stdio.h>
LOWintegration/daemon/daemon_linux_test.go101 "--fixed-cidr", "192.168.176.0/24",
LOWintegration/daemon/daemon_linux_test.go301 // subnet - this is a configuration error, but has historically been
LOWintegration/service/create_test.go121 // a few times, to give tasks time to be deallocated
LOWintegration/service/create_test.go321// inspect the container. If the output of the container inspect contains the
LOWintegration/service/create_test.go361 // 1. Does the container, when inspected, have the sysctl option set?
LOWintegration/service/create_test.go421
LOWintegration/service/create_test.go601
LOWintegration/volume/mount_test.go241 assert.Check(t, is.Equal(strings.TrimSpace(output.Stdout), tc.expected))
LOWintegration-cli/docker_cli_cp_to_container_test.go81 assert.NilError(c, fileContentEquals(c, cpPath(testVol, "dirX/file2-1"), "file2-1\n"), `The "dirX" directory should now
LOWintegration-cli/docker_cli_save_load_test.go241 // present);
LOWintegration-cli/docker_cli_cp_from_container_test.go81//
LOWinternal/testutil/daemon/ops.go21 }
LOWinternal/testutil/daemon/daemon.go241
LOWinternal/testutil/environment/environment.go101// Make sure in context of daemon, not the local platform. Note we can't
LOWinternal/testutil/netnsutils/context_unix.go161// or [golang.org/x/sync/errgroup.Group].
LOWinternal/namesgenerator/names-generator.go1// Package namesgenerator generates random names.
LOWerrdefs/doc.go1// Package errdefs defines a set of error interfaces that packages should use for communicating classes of errors.
LOWhack/make.sh1#!/usr/bin/env bash
LOWcontrib/dockerd-rootless.sh1#!/bin/sh
LOWcontrib/dockerd-rootless.sh21# * DOCKERD_ROOTLESS_ROOTLESSKIT_SLIRP4NETNS_SECCOMP=(auto|true|false): whether to protect slirp4netns with seccomp.
LOWcontrib/dockerd-rootless.sh41# gvisor-tap-vsock | builtin | Slow | Fast ✅ | ✅ (*) | ✅ | Default when slirp4netns is
LOWcontrib/download-frozen-image-v2.sh1#!/usr/bin/env bash
LOWcontrib/syscall-test/userns.c1#define _GNU_SOURCE
LOWcontrib/syscall-test/ns.c1#define _GNU_SOURCE
LOWdaemon/reload.go61// Any errors returned by the functions are collated into a
LOWdaemon/list.go581// updates the ref to the actual ID when it doesn't.
LOWdaemon/list.go601// b0318bca5aef 3fbc63216742 "sh" 3 years ago Exited (0) 3 years ago ecstatic_beaver
LOWdaemon/exec_linux_test.go41 appArmorProfile: "my-custom-profile",
LOWdaemon/delete.go101 }
LOWdaemon/archive_tarcopyoptions_unix.go41// - username:groupname - valid username; valid groupname from /etc/passwd, /etc/group
LOWdaemon/archive_tarcopyoptions_unix.go101 // Match behavior of "docker run": when using a UID for the
LOWdaemon/archive_windows.go201 if !stat.IsDir() {
LOWdaemon/container_operations.go781 if nwName == network.DefaultNetwork {
LOWdaemon/container_operations.go961 // not an "invalid parameter" because getNetworkedContainer is called
LOWdaemon/exec.go101 if user := options.User; user != "" {
LOWdaemon/container_operations_unix.go541 case ctr.HostConfig.NetworkMode.IsUserDefined():
LOWdaemon/runtime_unix.go241// the path to a runtime binary. If we allowed this, anyone with Engine API
LOWdaemon/network.go361
LOWdaemon/containerfs_linux.go21)
LOWdaemon/daemon_unix.go281}
LOWdaemon/daemon_unix.go1021
LOWdaemon/daemon_unix.go1041// options, it's used as the gateway address and - because it's always
317 more matches not shown…
AI Slop Vocabulary26 hits · 45 pts
SeverityFileLineSnippet
MEDIUMintegration-cli/docker_cli_pull_test.go72 // more robust against these network glitches, allow a
LOWhack/generate-test-rogue-certs.sh24# to connect or just use '*' for a certificate valid for any hostname:
LOWhack/generate-test-certs.sh25# to connect or just use '*' for a certificate valid for any hostname:
MEDIUMhack/test/e2e-run.sh46 # - https://github.com/go-delve/delve/blob/v1.24.1/CHANGELOG.md#1231-2024-09-23
MEDIUMhack/test/e2e-run.sh46 # - https://github.com/go-delve/delve/blob/v1.24.1/CHANGELOG.md#1231-2024-09-23
MEDIUMdaemon/libnetwork/networkdb/networkdb.go293 // The garbage collection logic for entries leverage the presence of the network.
MEDIUMdaemon/libnetwork/networkdb/cluster.go365 // The reapTableEntries leverage the presence of the network so garbage collect entries first
MEDIUMdaemon/logger/loggerutils/sharedtemp.go21// robust to file renames. Input files are assumed to be immutable; no attempt
MEDIUMdaemon/volume/mounts/windows_parser.go58 // - Essentially using the folder solution from
MEDIUMdaemon/volume/local/local.go365 // Essentially docker doesn't care if this fails, it will send an error, but
LOWapi/docs/v1.35.yaml80 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.38.yaml80 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.34.yaml71 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.29.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.33.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.25.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.32.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.28.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.27.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.31.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.30.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.26.yaml69 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.37.yaml80 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
LOWapi/docs/v1.36.yaml80 If you have already got an identity token from the [`/auth` endpoint](#operation/SystemAuth), you can just pass this
MEDIUMclient/image_import_opts.go11 Source io.Reader // Source is the data to send to the server to create this image from. You must set SourceName to
MEDIUMclient/image_import_opts.go12 SourceName string // SourceName is the name of the image to pull. Set to "-" to leverage the Source attribute.
Decorative Section Separators5 hits · 22 pts
SeverityFileLineSnippet
MEDIUM.github/workflows/codeql.yml23 # ┌───────────── minute (0 - 59)
MEDIUM.github/workflows/codeql.yml24 # │ ┌───────────── hour (0 - 23)
MEDIUM.github/workflows/codeql.yml25 # │ │ ┌───────────── day of the month (1 - 31)
MEDIUM.github/workflows/codeql.yml26 # │ │ │ ┌───────────── month (1 - 12)
MEDIUM.github/workflows/codeql.yml27 # │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday)
Slop Phrases4 hits · 6 pts
SeverityFileLineSnippet
LOW.github/workflows/.windows.yml341 # If you update the collector here, don't forget to update the version
LOW.github/workflows/.windows.yml341 # If you update the collector here, don't forget to update the version
LOW.github/actions/setup-tracing/action.yml23 # you update the collector here, don't forget to update the version set
LOW.github/actions/setup-tracing/action.yml23 # you update the collector here, don't forget to update the version set
Example Usage Blocks3 hits · 4 pts
SeverityFileLineSnippet
LOWinternal/testutil/netnsutils/context_unix.go49// Example usage:
LOWinternal/testutil/netnsutils/context_unix.go63// Example usage:
LOWinternal/testutil/netnsutils/context_unix.go163// Example usage:
Self-Referential Comments1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMhack/vendor.sh3# This file is just a wrapper around the 'go mod vendor' tool.
Redundant / Tautological Comments2 hits · 3 pts
SeverityFileLineSnippet
LOW.github/workflows/.windows.yml83 # Check if Docker service exists and try to start it if stopped
LOW.github/workflows/.windows.yml174 # Check if Docker service exists and try to start it if stopped
Verbosity Indicators1 hit · 2 pts
SeverityFileLineSnippet
LOWdaemon/internal/distribution/manifest.go113 // We know we have the content locally, we need to check if we've seen this content at the specified repository before