hey, I ran Revos against the public bubustack repos.
It scanned 26 repositories successfully. Only "bobrapet" triggered findings: 5 Kubebuilder issues in `groupversion_info.go` for importing `sigs.k8s.io/controller-runtime/pkg/scheme`.
I think this may be a false positive since Kubebuilder commonly scaffolds that import for "SchemeBuilder".
What kind of architectural issue would you have expected a tool like Revos to catch in a Kubebuilder/operator-style repo?
i made a first rough pass for Go/Kuberbuilder.
it's not Kubernetes security scanning. More like architecture drift detection for operator repos.
it builds the Go import graph and checks basic things like api packages depending on controller-runtime/client-go, api importing controllers and circular deps.
It scanned 26 repositories successfully. Only "bobrapet" triggered findings: 5 Kubebuilder issues in `groupversion_info.go` for importing `sigs.k8s.io/controller-runtime/pkg/scheme`.
I think this may be a false positive since Kubebuilder commonly scaffolds that import for "SchemeBuilder".
What kind of architectural issue would you have expected a tool like Revos to catch in a Kubebuilder/operator-style repo?