AI Assessment
VERDICT
Based on automated scanner findings, this project is not yet production-ready. A critical container security issue combined with significant code quality concerns (19.3% duplication) and missing test coverage present substantial risks before deployment.
TOP RISKS
→ Dockerfile line 20: Container runs as root by default, which scanners flagged as a critical security hazard. An attacker controlling any process could compromise the entire container.
→ CMakeCache.txt and related files: Scanners detected 129-line duplicated code blocks across multiple locations, indicating either build artifact pollution or genuine code duplication that undermines maintainability.
→ Dockerfile line 8: Scanner flagged use of 'RUN cd' to change directory within container build, which violates Docker best practices and may cause unpredictable behavior.
→ No test coverage detected: Scanners found no tests in the codebase, leaving functional correctness unverified.
→ High cyclomatic complexity in src/core/dispatcher.cpp (line 59) and src/net/tcp_server.cpp (line 62): Functions exceed recommended complexity thresholds, increasing bug risk.
WHAT TO FIX FIRST
Add a USER directive to Dockerfile (around line 20) to run the container as a non-root user. This addresses the critical security finding and has immediate impact on your security score.
Note: Verify the CMakeCache.txt duplications—these may be generated files that shouldn't be in version control. If genuine source code duplication exists, prioritize refactoring before production use. Consider adding a test suite as a secondary priority given the complete absence of tests.
Category Breakdown
Findings(21 in 10 groups)
By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'. | CWE: CWE-250: Execution with Unnecessary Privileges | OWASP: A04:2021 - Insecure Design, A06:2025 - Insecure Design
Affected files
Duplicate found between CMakeCache.txt:107 and build/CMakeCache.txt:106. Consider extracting shared logic into a reusable function or module.
Affected files
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. | Fix: Add 'USER <non root user name>' line to the Dockerfile | Target: Dockerfile
Affected files
Use WORKDIR instead of proliferating instructions like 'RUN cd … && do-something', which are hard to read, troubleshoot, and maintain. | Fix: Use WORKDIR to change directory | Target: Dockerfile
Affected files
566 duplicated lines out of 2937 total lines across 24 files. High code duplication increases maintenance burden and bug surface area.
Affected files
No test directory or test files were found. Automated tests are critical for maintaining code quality and preventing regressions.
Affected files
Function "core::CommandDispatcher::registerListCommands()" has a cyclomatic complexity of 15 (94 lines, 0 parameters). Consider simplifying this function to improve readability and testability.
Affected files
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers. | Fix: Add HEALTHCHECK instruction in Dockerfile | Target: Dockerfile
Affected files
This repository has no SECURITY.md file. A security policy helps users report vulnerabilities responsibly and shows that the project takes security seriously.
Affected files
This repository has no CODEOWNERS file. CODEOWNERS ensures that pull requests are automatically assigned to the right reviewers, improving code review coverage.
Affected files
Share your ShipScanner
Show the world your code quality. Your report has a beautiful preview image built in.
Embed Trust Badge
Show your code quality score in your README. The badge updates automatically every time you re-scan.
[](https://shipscanner.dev/report/cmmt5z61e000fkt04gvzwahpc)