Scanned: February 17, 2026
Report Version: 1.0.0
How does your project compare?
Scan your repo free →Overall Grade
B888 total findings
Architecture
D475
Correctness
A84
Performance
A189
Security
A140
What Traditional Tools Missed
| Category | Colosseum | Bandit | Semgrep |
|---|---|---|---|
| Total | 888 | 0 | 0 |
888 findings (100%) were not detected by Bandit or Semgrep. These include compound vulnerabilities, logic errors, and context-dependent security issues that rule-based scanners aren't designed to catch.
Notable Findings
CriticalArchitecture
Function '_evaluate_all_alerts' has complexity 16
Impact: Function '_evaluate_all_alerts' has complexity 16
Recommended Fix: Review and remediate.
CriticalArchitecture
Function '_evaluate_all_alerts' has complexity 16
Impact: Function '_evaluate_all_alerts' has complexity 16
Recommended Fix: Review and remediate.
HighSecurity
Function 'to_language_token' has 4 missing defense layers (input_validation, type_safety, error_hand
Impact: Function 'to_language_token' has 4 missing defense layers (input_validation, type_safety, error_handling, logging) around dangerous operation(s): self.special_tokens.get. Hard barrier gap detected — A
Recommended Fix: Add input validation (isinstance checks, bounds checking, or sanitization calls) before dangerous operations. Add error handling with proper recovery — log errors, re-raise, or return safe defaults (n
HighSecurity
Function 'to_language_token' has 4 missing defense layers (input_validation, type_safety, error_hand
Impact: Function 'to_language_token' has 4 missing defense layers (input_validation, type_safety, error_handling, logging) around dangerous operation(s): self.special_tokens.get. Hard barrier gap detected — A
Recommended Fix: Add input validation (isinstance checks, bounds checking, or sanitization calls) before dangerous operations. Add error handling with proper recovery — log errors, re-raise, or return safe defaults (n
HighCorrectness
I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full,
Impact: I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full, permission denied), the exception propagates unhandled. Severity=6 (disrupts function), Occurrence=8
Recommended Fix: Wrap I/O operations in try/except with specific exception types (IOError, ConnectionError, TimeoutError). Log the failure and either retry, return a default, or re-raise with context.
HighCorrectness
I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full,
Impact: I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full, permission denied), the exception propagates unhandled. Severity=6 (disrupts function), Occurrence=8
Recommended Fix: Wrap I/O operations in try/except with specific exception types (IOError, ConnectionError, TimeoutError). Log the failure and either retry, return a default, or re-raise with context.
HighCorrectness
I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full,
Impact: I/O call 'open' in '_download' has no error handling. FMEA: if this fails (network down, disk full, permission denied), the exception propagates unhandled. Severity=6 (disrupts function), Occurrence=8
Recommended Fix: Wrap I/O operations in try/except with specific exception types (IOError, ConnectionError, TimeoutError). Log the failure and either retry, return a default, or re-raise with context.
Responsible Disclosure
This public report is intended to demonstrate the depth of analysis possible with modern code scanning tools and to help the broader open source community understand common vulnerability patterns.
Scan Your Python Repo Free
Find vulnerabilities traditional tools miss. Deep analysis of Python codebases with side-by-side tool comparison.
Embed This Badge
[](https://battleharden.dev/reports/whisper)