gitbutlerapp/gitbutler

Escaneado el 16 jun 2026

Puntuación de riesgo/ 100

Riesgo bajo

Resumen

The repository shows 59 critical findings, all related to SHA-1 usage within Git operations via the gix library. However, all identified instances are in test files, API macros, and Git object handling code where SHA-1 is used for Git compatibility, not cryptographic security. The actual business risk is low as these are inherent to Git's design and not used for authentication, encryption, or security-critical operations.

Crítico

Alto

Medio

Bajo

Hallazgos principales

CríticoSHA-1
crates/but-api-macros/tests/tests/ui/fail/base_invalid_attr_key.rs:10
SHA-256 or SHA3-256
Evidencia
```
Ok(gix::ObjectId::null(gix::hash::Kind::Sha1))
```

CríticoSHA-1

crates/but-api/src/json.rs:119

SHA-256 or SHA3-256

Evidencia

let expected = gix::ObjectId::from_str(hex_str).expect("valid SHA1 hex-string");

CríticoSHA-1

crates/but-core/src/commit/mod.rs:45

SHA-256 or SHA3-256

Evidencia

let bytes: Vec<_> = commit_id.as_bytes()[4..gix::hash::Kind::Sha1.len_in_bytes()]

CríticoSHA-1
crates/but-core/tests/core/commit.rs:30
SHA-256 or SHA3-256
Evidencia
```
.expect("valid sha1 object id");
```
CríticoSHA-1
crates/but-core/tests/core/commit.rs:44
SHA-256 or SHA3-256
Evidencia
```
.expect("valid sha1 object id");
```

+ 54 hallazgos más en el reporte completo

Escanea tu propio repositorio

Gratis. Resultados en ~90 segundos. CBOM + PDF DORA/NIS2 incluidos.

Iniciar un escaneo gratis