Skip to content

Add ClusterFuzzLite integration for OSSF scorecard fuzzing#4951

Merged
arkid15r merged 4 commits into
OWASP:mainfrom
Adarshkumar0509:feat/add-clusterfuzzlite-fuzzing
Jun 21, 2026
Merged

Add ClusterFuzzLite integration for OSSF scorecard fuzzing#4951
arkid15r merged 4 commits into
OWASP:mainfrom
Adarshkumar0509:feat/add-clusterfuzzlite-fuzzing

Conversation

@Adarshkumar0509

@Adarshkumar0509 Adarshkumar0509 commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Resolves #4934

Proposed change

  • OSSF Scorecard gives 0/10 for fuzzing because it doesn't recognize Schemathesis. This adds ClusterFuzzLite alongside the existing Schemathesis tests nothing I have replaced.
  • Dependencies are tracked in backend/requirements/fuzz.in and fuzz.txt using the same pip-compile pattern as the rest of the project.

These are Two fuzz targets:-

  • fuzz_nest_test.py It covers escape(), format_links_for_slack(), and strip_markdown(). These are inlined directly since apps/slack/init.py pulls in slack_sdk which isn't available in the ClusterFuzzLite build environment. The functions are pure stdlib regex/html with no state or external dependencies.
  • fuzz_query_parser_test.py It covers QueryParser with raw Unicode and structured field:value input, fuzz-controlled case_sensitive and strict flags, all field types (string, number, date, boolean).

Both targets I have verified inside the base-builder-python Docker image.

Checklist

  • Required: I followed the contributing workflow
  • Required: I verified that my code works as intended and resolves the issue as described
  • Required: I ran make check-test locally: all warnings addressed, tests passed
  • I used AI for code, documentation, tests, or communication related to this PR

@coderabbitai

coderabbitai Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review

Walkthrough

Adds ClusterFuzzLite fuzzing integration to improve the OSSF scorecard fuzzing score. Two new Atheris fuzz targets fuzz Slack formatting utilities and QueryParser by injecting fuzzed data, stubbing dependencies, and instrumenting imports. A build script packages both targets as executable runners with dependencies, and a GitHub Actions workflow runs fuzzing on push/PR/schedule and uploads SARIF to Code Scanning.

Changes

ClusterFuzzLite Fuzzing Setup

Layer / File(s) Summary
Slack format utilities fuzz target
backend/tests/fuzz/fuzz_nest_test.py
Stubs apps.* modules in sys.modules, dynamically loads apps/slack/utils/format.py via importlib.util.spec_from_file_location under atheris.instrument_imports(), and exports instrumented wrappers for escape, format_links_for_slack, and strip_markdown. test_one_input generates up to 512 Unicode characters and feeds them into those three functions. main() wires the harness to Atheris and starts fuzzing.
QueryParser fuzz target
backend/tests/fuzz/fuzz_query_parser_test.py
Defines FIELD_SCHEMA and derives valid FIELDS for structured input generation. test_one_input instantiates QueryParser with fuzz-driven case_sensitive and strict flags, generates either a field:value query or raw Unicode input, and calls parser.parse(query) while suppressing QueryParserError. main() wires the harness to Atheris and starts fuzzing.
Build script, CI workflow, project config, and spell-check
.clusterfuzzlite/project.yaml, .clusterfuzzlite/build.sh, .github/workflows/clusterfuzzlite.yml, cspell/custom-dict.txt
project.yaml sets language: python. build.sh installs atheris, copies both fuzz targets to $OUT, and writes executable runners ($OUT/fuzz_nest and $OUT/fuzz_query_parser) with PYTHONPATH=/src/Nest/backend. The GitHub Actions workflow triggers on push/PR to main, daily cron, and workflow_dispatch; builds Python fuzzers; runs fuzzing for 60 seconds in code-change mode (PRs) or batch mode (push/schedule); and uploads the SARIF report to Code Scanning using pinned action versions with if: always(). Adds atheris and fdp to the spell-check dictionary.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

  • #4934: This PR implements ClusterFuzzLite fuzzing infrastructure (Atheris fuzz targets, build script, and GitHub Actions workflow integration) that directly addresses the OSSF scorecard fuzzing score improvement request by adding ClusterFuzzLite, a recognized fuzzing tool that the scorecard explicitly checks for.
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 60.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title directly describes the main objective of the PR: adding ClusterFuzzLite integration for OSSF scorecard fuzzing. This is clearly the primary change across all modified files.
Linked Issues check ✅ Passed The PR successfully implements the solution requested in #4934 by adding ClusterFuzzLite, a recognized fuzzing tool by OSSF Scorecard, alongside the existing Schemathesis approach. Both fuzz targets are properly configured and tested.
Out of Scope Changes check ✅ Passed All changes are directly related to adding ClusterFuzzLite integration. The build script, workflow configuration, fuzz targets, dictionary updates, and project configuration are all necessary and scoped to the fuzzing integration objective.
Description check ✅ Passed The PR description clearly relates to the changeset by explaining the purpose of adding ClusterFuzzLite fuzzing targets to improve OSSF Scorecard evaluation, and details both fuzz targets being added.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from 01b7cd8 to c72f199 Compare June 16, 2026 20:31

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.clusterfuzzlite/build.sh:
- Line 3: Replace the floating package versions in the pip install command with
pinned versions to ensure reproducible fuzzing behavior and prevent CI breakage
from upstream releases. Update the pip install statement to specify explicit
versions for atheris, lxml, requests, and pyyaml, using the same versions that
are defined in backend/pyproject.toml for consistency across the project.

In @.github/workflows/clusterfuzzlite.yml:
- Line 23: The fork-filter condition on the `if:` statement is checking the
wrong event field. Currently it checks `github.event.repository.fork` which
evaluates whether the base repository is a fork, not whether the PR originates
from a fork. Replace `github.event.repository.fork` with
`github.event.pull_request.head.repo.fork` to correctly identify and skip jobs
triggered by pull requests originating from forks, which will prevent permission
failures and unwanted SARIF uploads.

In `@backend/tests/fuzz/fuzz_nest_test.py`:
- Around line 53-59: The fuzzer entrypoint is catching all exceptions with a
bare except Exception clause around the calls to escape, format_links_for_slack,
and strip_markdown, which prevents the fuzzer from detecting real defects in
these functions. Remove the try-except block entirely so that any exceptions
(including crashes indicating bugs) propagate and are caught by the fuzzer,
allowing it to surface genuine defects in the target functions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: c9d7a5d8-f44f-4779-8d39-566a82d8ce0d

📥 Commits

Reviewing files that changed from the base of the PR and between 19bd584 and c72f199.

📒 Files selected for processing (4)
  • .clusterfuzzlite/build.sh
  • .github/workflows/clusterfuzzlite.yml
  • backend/tests/fuzz/fuzz_nest_test.py
  • cspell/custom-dict.txt

Comment thread .clusterfuzzlite/build.sh Outdated
Comment thread .github/workflows/clusterfuzzlite.yml
Comment thread backend/tests/fuzz/fuzz_nest_test.py Outdated

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 issues found and verified against the latest diff

Confidence score: 3/5

  • In .github/workflows/clusterfuzzlite.yml, the fork check uses github.event.repository.fork, which can misclassify PR origin and run ClusterFuzzLite under the wrong conditions; merging as-is risks either skipped fuzzing on valid PRs or unsafe execution context—switch to the pull_request head-repo fork field before merging.
  • In backend/tests/fuzz/fuzz_nest_test.py, the catch-all exception handler hides real fuzz crashes, so ClusterFuzzLite may report green while defects are still present—remove the blanket except and let unexpected exceptions fail the job.
  • In backend/tests/fuzz/fuzz_nest_test.py, manual module loading may bypass Atheris instrumentation, reducing coverage signal and missing reachable bugs—use normal imports or explicitly instrument loaded functions so fuzz feedback is reliable.
  • In .clusterfuzzlite/build.sh, unpinned installs (atheris lxml requests pyyaml) make fuzz runs non-reproducible and vulnerable to upstream breakage, which can cause flaky CI and inconsistent findings—pin dependency versions before merge to stabilize results.

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread .github/workflows/clusterfuzzlite.yml
Comment thread backend/tests/fuzz/fuzz_nest_test.py Outdated
Comment thread backend/tests/fuzz/fuzz_nest_test.py Outdated
Comment thread .clusterfuzzlite/build.sh Outdated
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from c72f199 to c8cb345 Compare June 16, 2026 20:45
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 16, 2026
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 16, 2026
@codecov

codecov Bot commented Jun 16, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.74%. Comparing base (f9f4e5e) to head (1b876ba).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #4951   +/-   ##
=======================================
  Coverage   98.74%   98.74%           
=======================================
  Files         538      539    +1     
  Lines       17068    17070    +2     
  Branches     2421     2421           
=======================================
+ Hits        16853    16855    +2     
  Misses        123      123           
  Partials       92       92           
Flag Coverage Δ
backend 99.45% <100.00%> (+<0.01%) ⬆️
frontend 96.71% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
backend/apps/slack/apps.py 100.00% <100.00%> (ø)
backend/apps/slack/common/text.py 100.00% <100.00%> (ø)
backend/apps/slack/utils/format.py 100.00% <100.00%> (ø)

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f9f4e5e...1b876ba. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Adarshkumar0509

Copy link
Copy Markdown
Collaborator Author

hey @arkid15r, have a look at this.

@Adarshkumar0509 Adarshkumar0509 self-assigned this Jun 17, 2026
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from b81c5e4 to 1d7161f Compare June 17, 2026 05:33

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.clusterfuzzlite/build.sh:
- Line 3: The pip install command in the build.sh file contains version numbers
for lxml and requests that do not match the versions specified in
backend/pyproject.toml, creating potential runtime incompatibilities between the
fuzzing and production environments. Update the lxml version from 6.1.1 to 6.1.0
and the requests version from 2.34.2 to 2.33.1 in the pip install statement to
align with the backend/pyproject.toml specifications. The atheris, pyyaml, and
pyparsing versions are already correct and do not need changes.

In @.github/workflows/clusterfuzzlite.yml:
- Around line 24-26: Add brief explanatory comments to the permissions section
in the clusterfuzzlite.yml workflow file. For the contents permission, add a
comment explaining it is needed to check out the repository code. For the
security-events permission, add a comment explaining it is required to upload
SARIF reports to Code Scanning. These comments should clarify the security
rationale for granting each permission.

In `@backend/tests/fuzz/fuzz_nest_test.py`:
- Around line 14-38: In the _load_format_module() function, the next() call on
line 22 lacks error handling and will raise StopIteration if the required
format.py file is not found in sys.path. Add a default value to the next() call
or wrap it in a try-except block to catch StopIteration and raise a more
informative error message that clearly indicates the file path that could not be
located in sys.path, helping with debugging when the fuzzer fails to start.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8156712f-d01c-44c2-81e6-0bcf98b1070d

📥 Commits

Reviewing files that changed from the base of the PR and between c72f199 and 1d7161f.

📒 Files selected for processing (6)
  • .clusterfuzzlite/build.sh
  • .clusterfuzzlite/project.yaml
  • .github/workflows/clusterfuzzlite.yml
  • backend/tests/fuzz/fuzz_nest_test.py
  • backend/tests/fuzz/fuzz_query_parser_test.py
  • cspell/custom-dict.txt

Comment thread .clusterfuzzlite/build.sh Outdated
Comment thread .github/workflows/clusterfuzzlite.yml
Comment thread backend/tests/fuzz/fuzz_nest_test.py Outdated
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from 1d7161f to 10ac346 Compare June 17, 2026 05:43
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 17, 2026
Comment thread .clusterfuzzlite/build.sh Outdated
Comment thread .github/workflows/clusterfuzzlite.yml Outdated
Comment on lines +4 to +6
push:
branches:
- main

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed push to main trigger recently from CI/CD. Check other CI/CD jobs triggers for consistency.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done removed the push to main trigger. Aligned with other workflows.

Comment thread .github/workflows/clusterfuzzlite.yml Outdated
Comment thread .github/workflows/clusterfuzzlite.yml Outdated
Comment thread backend/tests/fuzz/fuzz_nest_test.py Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.clusterfuzzlite/build.sh:
- Line 3: The pip install command in build.sh currently only installs atheris,
but the fuzz targets have unresolved runtime dependencies. Modify the pip
install line to include all required packages: atheris, pyparsing (needed by
QueryParser imported in fuzz_query_parser_test.py), and requests, pyyaml, lxml
(needed by format.py imported in fuzz_nest_test.py). Update the single pip
install atheris command to install all these packages together in one pip
install statement.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 225a7658-ba6a-49aa-8344-a5c03221cdbf

📥 Commits

Reviewing files that changed from the base of the PR and between 10ac346 and 352d19c.

📒 Files selected for processing (6)
  • .clusterfuzzlite/build.sh
  • .clusterfuzzlite/project.yaml
  • .github/workflows/clusterfuzzlite.yml
  • backend/tests/fuzz/fuzz_nest_test.py
  • backend/tests/fuzz/fuzz_query_parser_test.py
  • cspell/custom-dict.txt

Comment thread .clusterfuzzlite/build.sh Outdated
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from 352d19c to 774c2c7 Compare June 17, 2026 19:36

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (2)
.clusterfuzzlite/build.sh (1)

3-3: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Install fuzz target runtime dependencies in the build image.

Only installing atheris makes this target setup fragile; if transitive packages are absent in the builder image, fuzzers fail at import time and never execute target code.

Suggested fix
-pip install atheris
+pip install atheris pyparsing requests pyyaml lxml
#!/bin/bash
set -euo pipefail

echo "=== build.sh install line ==="
nl -ba .clusterfuzzlite/build.sh | sed -n '1,12p'

echo
echo "=== QueryParser imports (runtime deps) ==="
nl -ba backend/apps/common/search/query_parser.py | sed -n '1,160p' | rg -n '^\s*[0-9]+\s+(from|import)\s+'

echo
echo "=== Slack format module imports (runtime deps) ==="
nl -ba backend/apps/slack/utils/format.py | sed -n '1,200p' | rg -n '^\s*[0-9]+\s+(from|import)\s+'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.clusterfuzzlite/build.sh at line 3, The build.sh script only installs
atheris but omits the runtime dependencies needed by the fuzz target modules,
making the build fragile. Identify the actual package dependencies required by
the fuzz target code (particularly the imports in modules like query_parser.py
and format.py referenced in the backend), and update the pip install command in
build.sh to include these dependencies, either by installing from a requirements
file or explicitly listing the required packages alongside atheris.
.github/workflows/clusterfuzzlite.yml (1)

20-20: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use PR head-repo fork status in the job gate.

This condition checks whether the base repo is a fork, not whether the PR comes from a fork. Use the pull request head repo flag instead.

Suggested fix
-    if: github.event.repository.fork == false
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
For GitHub Actions pull_request events, does `github.event.repository.fork` represent the base repository, and is `github.event.pull_request.head.repo.fork` the correct field to detect PRs from forks?
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/clusterfuzzlite.yml at line 20, The job gate condition
currently uses github.event.repository.fork which checks whether the base
repository is a fork, but you need to check whether the pull request itself
originates from a fork. Replace the condition in the if statement at line 20
that uses github.event.repository.fork with
github.event.pull_request.head.repo.fork to properly detect PRs coming from
forks instead of checking the base repository status.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.clusterfuzzlite/build.sh:
- Line 3: The build.sh script only installs atheris but omits the runtime
dependencies needed by the fuzz target modules, making the build fragile.
Identify the actual package dependencies required by the fuzz target code
(particularly the imports in modules like query_parser.py and format.py
referenced in the backend), and update the pip install command in build.sh to
include these dependencies, either by installing from a requirements file or
explicitly listing the required packages alongside atheris.

In @.github/workflows/clusterfuzzlite.yml:
- Line 20: The job gate condition currently uses github.event.repository.fork
which checks whether the base repository is a fork, but you need to check
whether the pull request itself originates from a fork. Replace the condition in
the if statement at line 20 that uses github.event.repository.fork with
github.event.pull_request.head.repo.fork to properly detect PRs coming from
forks instead of checking the base repository status.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a9b09389-6056-4665-ba85-bf281f240a9d

📥 Commits

Reviewing files that changed from the base of the PR and between 352d19c and 774c2c7.

📒 Files selected for processing (6)
  • .clusterfuzzlite/build.sh
  • .clusterfuzzlite/project.yaml
  • .github/workflows/clusterfuzzlite.yml
  • backend/tests/fuzz/fuzz_nest_test.py
  • backend/tests/fuzz/fuzz_query_parser_test.py
  • cspell/custom-dict.txt

@Adarshkumar0509

Copy link
Copy Markdown
Collaborator Author

I will take a look at this

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 18, 2026
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch 5 times, most recently from e9b29b6 to df1fffd Compare June 19, 2026 04:16
@Adarshkumar0509 Adarshkumar0509 force-pushed the feat/add-clusterfuzzlite-fuzzing branch from df1fffd to 18884c5 Compare June 19, 2026 04:23
@Adarshkumar0509

Copy link
Copy Markdown
Collaborator Author

hii @arkid15r can you take a look at this ? Only SonarCloud is failing I think in Dockerfile COPY as a hotspot. i am unable to mark it as safe

@github-actions github-actions Bot added docs Improvements or additions to documentation nestbot makefile and removed backend labels Jun 21, 2026

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 issues found across 35 files (changes from recent commits).

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread backend/apps/slack/common/text.py
Comment thread backend/Makefile
Comment thread .github/workflows/cluster-fuzz-lite.yaml

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0 issues found across 2 files (changes from recent commits).

Requires human review: Auto-approval blocked by 3 unresolved issues from previous reviews.

Re-trigger cubic

@arkid15r arkid15r enabled auto-merge June 21, 2026 22:07
@arkid15r arkid15r added this pull request to the merge queue Jun 21, 2026
Merged via the queue into OWASP:main with commit ed6aad4 Jun 21, 2026
33 checks passed
@Adarshkumar0509

Copy link
Copy Markdown
Collaborator Author

Thanks for the help really appreciate that.

@sonarqubecloud

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot mentioned this pull request Jun 28, 2026
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend-tests ci docs Improvements or additions to documentation makefile nestbot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Improve OSSF scorecard fuzzing score

3 participants