Home / slackhq / nebula
Repository Analysis

slackhq/nebula

A scalable overlay networking tool with a focus on performance, simplicity and security

0.9 Likely human-written View on GitHub
0.9
Adjusted Score
0.9
Raw Score
100%
Time Factor
2026-05-28
Last Push
17,360
Stars
Go
Language
53,952
Lines of Code
226
Files
42
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 3LOW 39

Pattern Findings

42 matches across 3 categories. Click a row to expand file-level details.

Over-Commented Block37 hits · 35 pts
SeverityFileLineSnippet
LOWdns_server.go41 // started is closed once `server` has finished binding (or after
LOWbits.go161// - i <= b.current: in-window check for duplicates; out-of-window otherwise.
LOWtimeout.go1package nebula
LOWtimeout.go21// per-tunnel traffic checks at fixed intervals. O(1) insert plus the item cache means the hot path doesn't allocate.
LOWscheduler.go1package nebula
LOWbits_test.go361 // 84 is just outside: the underflow clause activates; 84 > 100-16=84 is false.
LOWcmd/nebula-service/logs_windows.go21// only Handle / WithAttrs / WithGroup, so Event Viewer's severity
LOWhandshake/machine.go41 Initiator bool
LOWhandshake/machine.go181 // header counter 1 and remote index 0, which is what the initial message needs.
LOWwfp/wfp_windows.go1//go:build (amd64 || arm64) && !e2e_testing
LOWexamples/config.yml1# This is the nebula example configuration file. You must edit, at a minimum, the static_host_map, lighthouse, and firew
LOWexamples/config.yml21
LOWexamples/config.yml41 # lookup_timeout is the DNS query timeout.
LOWexamples/config.yml61 hosts:
LOWexamples/config.yml81 # EXPERIMENTAL: This option may change or disappear in the future.
LOWexamples/config.yml101 # Example to only advertise this subnet to the lighthouse.
LOWexamples/config.yml121 # 192.168.1.123
LOWexamples/config.yml141
LOWexamples/config.yml161 # allowing for more precise routing decisions based on the packet tags. Default is 0 meaning no mark is set.
LOWexamples/config.yml181 #respond: true
LOWexamples/config.yml201# functions, and allows manual tweaking of various network settings when debugging or testing.
LOWexamples/config.yml221 # and absolute paths outside of it will be rejected. Default is $TMP/nebula-debug.
LOWexamples/config.yml241tun:
LOWexamples/config.yml261
LOWexamples/config.yml281 # - gateway: 10.0.0.2
LOWexamples/config.yml301 # public - treat it as a public/untrusted network
LOWexamples/config.yml321 #use_system_route_table_buffer_size: 0
LOWexamples/config.yml341 #type: graphite
LOWexamples/config.yml361 # e.g.: `lighthouse.rx.HostQuery`
LOWexamples/config.yml381#tunnels:
LOWexamples/config.yml401 outbound_action: drop
LOWexamples/config.yml421 # a port specification is ignored if proto is `icmp`
LOWcert/cert.go21 // Version1 certificates are ipv4 only and uses protobuf serialization
LOWnoiseutil/nist.go61 // But for standard NIST ECDH, the sizes of these are different.
LOWnoiseutil/boring.go21
LOWlogging/logger.go21// logging, and config's tests import test). *config.C satisfies this
LOWheader/header.go1package header
Self-Referential Comments3 hits · 9 pts
SeverityFileLineSnippet
MEDIUM.github/workflows/smoke/smoke-vagrant.sh29# Create a dedicated smoke network with an explicit subnet (required for --ip
MEDIUM.github/workflows/smoke/smoke-relay.sh26# Create a dedicated smoke network with an explicit subnet (required for --ip
MEDIUM.github/workflows/smoke/smoke.sh26# Create a dedicated smoke network with an explicit subnet (required for --ip
Redundant / Tautological Comments2 hits · 3 pts
SeverityFileLineSnippet
LOWexamples/config.yml234 # Set am_relay to true to permit other hosts to list my IP in their relays config. Default false.
LOWexamples/config.yml236 # Set use_relays to false to prevent this instance from attempting to establish connections through relays.