Relatório público de scanRepositório
gitbutlerapp/gitbutler
Escaneado em 16 de jun. de 2026
Risk score/ 100
Risco baixo
Resumo
The repository shows 59 critical findings, all related to SHA-1 usage within Git operations via the gix library. However, all identified instances are in test files, API macros, and Git object handling code where SHA-1 is used for Git compatibility, not cryptographic security. The actual business risk is low as these are inherent to Git's design and not used for authentication, encryption, or security-critical operations.
59
0
0
0
Principais findings
- CríticoSHA-1
crates/but-api-macros/tests/tests/ui/fail/base_invalid_attr_key.rs:10
SHA-256 or SHA3-256
Evidência
Ok(gix::ObjectId::null(gix::hash::Kind::Sha1)) - CríticoSHA-1
crates/but-api/src/json.rs:119
SHA-256 or SHA3-256
Evidência
let expected = gix::ObjectId::from_str(hex_str).expect("valid SHA1 hex-string"); - CríticoSHA-1
crates/but-core/src/commit/mod.rs:45
SHA-256 or SHA3-256
Evidência
let bytes: Vec<_> = commit_id.as_bytes()[4..gix::hash::Kind::Sha1.len_in_bytes()] - CríticoSHA-1
crates/but-core/tests/core/commit.rs:30
SHA-256 or SHA3-256
Evidência
.expect("valid sha1 object id"); - CríticoSHA-1
crates/but-core/tests/core/commit.rs:44
SHA-256 or SHA3-256
Evidência
.expect("valid sha1 object id");
+ 54 findings no relatório completo
Escaneie seu próprio repositório
Grátis. Resultados em ~90 segundos. CBOM + PDF DORA/NIS2 inclusos.