{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/screenshot."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/screenshot."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-mj87-hwqh-73pj", "name": "python-multipart: GHSA-mj87-hwqh-73pj", "shortDescription": {"text": "python-multipart: GHSA-mj87-hwqh-73pj"}, "fullDescription": {"text": "python-multipart affected by Denial of Service via large multipart preamble or epilogue data"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mf9w-mj56-hr94", "name": "python-dotenv: GHSA-mf9w-mj56-hr94", "shortDescription": {"text": "python-dotenv: GHSA-mf9w-mj56-hr94"}, "fullDescription": {"text": "python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-6w46-j5rx-g56g", "name": "pytest: GHSA-6w46-j5rx-g56g", "shortDescription": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "fullDescription": {"text": "pytest has vulnerable tmpdir handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r73j-pqj5-w3x7", "name": "pillow: GHSA-r73j-pqj5-w3x7", "shortDescription": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "fullDescription": {"text": "Pillow has a PDF Parsing Trailer Infinite Loop (DoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-5xmw-vc9v-4wf2", "name": "pillow: GHSA-5xmw-vc9v-4wf2", "shortDescription": {"text": "pillow: GHSA-5xmw-vc9v-4wf2"}, "fullDescription": {"text": "Pillow has a heap buffer overflow with nested list coordinates"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-65pc-fj4g-8rjx", "name": "idna: GHSA-65pc-fj4g-8rjx", "shortDescription": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "fullDescription": {"text": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-48c2-rrv3-qjmp", "name": "yaml: GHSA-48c2-rrv3-qjmp", "shortDescription": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "fullDescription": {"text": "yaml is vulnerable to Stack Overflow via deeply nested YAML collections"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f886-m6hf-6m8v", "name": "brace-expansion: GHSA-f886-m6hf-6m8v", "shortDescription": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "fullDescription": {"text": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g4f-4pwh-qvx6", "name": "ajv: GHSA-2g4f-4pwh-qvx6", "shortDescription": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "fullDescription": {"text": "ajv has ReDoS when using `$data` option"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `recognize_roi` has cognitive complexity 15 (SonarSource scale). Cognitive", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `recognize_roi` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `astral-sh/setup-uv@v7` is 1 major version(s) behind (latest v8.2.0)", "shortDescription": {"text": "GitHub Action `astral-sh/setup-uv@v7` is 1 major version(s) behind (latest v8.2.0)"}, "fullDescription": {"text": "`uses: astral-sh/setup-uv@v7` is 1 major version(s) behind the latest published release v8.2.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `npm-run-all2` is 1 major version(s) behind (8.0.4 -> 9.0.1)", "shortDescription": {"text": "npm package `npm-run-all2` is 1 major version(s) behind (8.0.4 -> 9.0.1)"}, "fullDescription": {"text": "`npm-run-all2` is pinned/resolved at 8.0.4 but the latest stable release on the npm registry is 9.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-5239-wwwm-4pmq", "name": "pygments: GHSA-5239-wwwm-4pmq", "shortDescription": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "fullDescription": {"text": "Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-142", "name": "urllib3: PYSEC-2026-142", "shortDescription": {"text": "urllib3: PYSEC-2026-142"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-141", "name": "urllib3: PYSEC-2026-141", "shortDescription": {"text": "urllib3: PYSEC-2026-141"}, "fullDescription": {"text": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-161", "name": "starlette: PYSEC-2026-161", "shortDescription": {"text": "starlette: PYSEC-2026-161"}, "fullDescription": {"text": "BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pp6c-gr5w-3c5g", "name": "python-multipart: GHSA-pp6c-gr5w-3c5g", "shortDescription": {"text": "python-multipart: GHSA-pp6c-gr5w-3c5g"}, "fullDescription": {"text": "python-multipart has Denial of Service via unbounded multipart part headers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-whj4-6x5x-4v2j", "name": "pillow: GHSA-whj4-6x5x-4v2j", "shortDescription": {"text": "pillow: GHSA-whj4-6x5x-4v2j"}, "fullDescription": {"text": "FITS GZIP decompression bomb in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-pwv6-vv43-88gr", "name": "pillow: GHSA-pwv6-vv43-88gr", "shortDescription": {"text": "pillow: GHSA-pwv6-vv43-88gr"}, "fullDescription": {"text": "Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cfh3-3jmp-rvhc", "name": "pillow: GHSA-cfh3-3jmp-rvhc", "shortDescription": {"text": "pillow: GHSA-cfh3-3jmp-rvhc"}, "fullDescription": {"text": "Pillow affected by out-of-bounds write when loading PSD images"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-165", "name": "pillow: PYSEC-2026-165", "shortDescription": {"text": "pillow: PYSEC-2026-165"}, "fullDescription": {"text": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-q39q-566r", "name": "vite: GHSA-v2wj-q39q-566r", "shortDescription": {"text": "vite: GHSA-v2wj-q39q-566r"}, "fullDescription": {"text": "Vite: `server.fs.deny` bypassed with queries"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p9ff-h696-f583", "name": "vite: GHSA-p9ff-h696-f583", "shortDescription": {"text": "vite: GHSA-p9ff-h696-f583"}, "fullDescription": {"text": "Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7r86-cg39-jmmj", "name": "minimatch: GHSA-7r86-cg39-jmmj", "shortDescription": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "fullDescription": {"text": "minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3ppc-4f35-3m26", "name": "minimatch: GHSA-3ppc-4f35-3m26", "shortDescription": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "fullDescription": {"text": "minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-23c5-xmqv-rm74", "name": "minimatch: GHSA-23c5-xmqv-rm74", "shortDescription": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "fullDescription": {"text": "minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-wf6x-7x77-mvgw", "name": "immutable: GHSA-wf6x-7x77-mvgw", "shortDescription": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "fullDescription": {"text": "Immutable is vulnerable to Prototype Pollution"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-rf6f-7fwh-wjgh", "name": "flatted: GHSA-rf6f-7fwh-wjgh", "shortDescription": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "fullDescription": {"text": "Prototype Pollution via parse() in NodeJS flatted"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-25h7-pfq9-p65f", "name": "flatted: GHSA-25h7-pfq9-p65f", "shortDescription": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "fullDescription": {"text": "flatted vulnerable to unbounded recursion DoS in parse() revive phase"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `mikepenz/action-junit-report` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `mikepenz/action-junit-report` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: mikepenz/action-junit-report@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.14`", "shortDescription": {"text": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.14`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.14.14`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /api/open_logs_folder has no auth", "shortDescription": {"text": "FastAPI POST /api/open_logs_folder has no auth"}, "fullDescription": {"text": "Handler `open_logs_folder` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._get_window` used but never assigned in __init__", "shortDescription": {"text": "`self._get_window` used but never assigned in __init__"}, "fullDescription": {"text": "Method `restore` of class `WindowManager` reads `self._get_window`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_execute_stop_event", "shortDescription": {"text": "Phantom test coverage: test_execute_stop_event"}, "fullDescription": {"text": "Test function `test_execute_stop_event` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `queue` used but not imported", "shortDescription": {"text": "Missing import: `queue` used but not imported"}, "fullDescription": {"text": "The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/987"}, "properties": {"repository": "Logical-Byte/endfield-essence-recognizer", "repoUrl": "https://github.com/Logical-Byte/endfield-essence-recognizer", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 93055, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 93054, "scanner": "repobility-journey-contract", "fingerprint": "05a0b027c6cb51d6926483c400b982b1c3236d1febb52e08d7478e0565db809f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/data/{param}", "correlation_key": "fp|05a0b027c6cb51d6926483c400b982b1c3236d1febb52e08d7478e0565db809f", "backend_endpoint_count": 6}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/gameData/gameData.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 93053, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 139, "file_path": "src/endfield_essence_recognizer/server.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/screenshot."}, "properties": {"repobilityId": 93052, "scanner": "repobility-access-control", "fingerprint": "37894090aad3001afaffd2b7e67a3d00bd5330516df18671b00bc7fba0876dfc", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/screenshot", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|168|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/server.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/config."}, "properties": {"repobilityId": 93051, "scanner": "repobility-access-control", "fingerprint": "2d54f185faf6994ef5cea9f5a69a583930b9e09a81078be20d0973ed58b27a56", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/config", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|156|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/server.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/config."}, "properties": {"repobilityId": 93050, "scanner": "repobility-access-control", "fingerprint": "9a1806ad93d30f1b4239a111651ddd5f9f9cd7a5425dbfe02ba92b40668d1b7e", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/config", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|149|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/server.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 93049, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 6, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 93048, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-mj87-hwqh-73pj", "level": "warning", "message": {"text": "python-multipart: GHSA-mj87-hwqh-73pj"}, "properties": {"repobilityId": 93043, "scanner": "osv-scanner", "fingerprint": "8834df3dbd3b1c1b4de1142909b33800225a613b094d9c8dd1da59fb20d9460a", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40347"], "package": "python-multipart", "rule_id": "GHSA-mj87-hwqh-73pj", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2026-40347|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mf9w-mj56-hr94", "level": "warning", "message": {"text": "python-dotenv: GHSA-mf9w-mj56-hr94"}, "properties": {"repobilityId": 93042, "scanner": "osv-scanner", "fingerprint": "9fa45bb35d6c42713aa5ad20c133330f7651c7c5a59abc07a1c90866c86a92fa", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-28684"], "package": "python-dotenv", "rule_id": "GHSA-mf9w-mj56-hr94", "scanner": "osv-scanner", "correlation_key": "vuln|python-dotenv|CVE-2026-28684|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-6w46-j5rx-g56g", "level": "warning", "message": {"text": "pytest: GHSA-6w46-j5rx-g56g"}, "properties": {"repobilityId": 93041, "scanner": "osv-scanner", "fingerprint": "33dc2cc48895af7411c54c511d78df7905a11a77117f845a8d70612b5d14e52f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-71176"], "package": "pytest", "rule_id": "GHSA-6w46-j5rx-g56g", "scanner": "osv-scanner", "correlation_key": "vuln|pytest|CVE-2025-71176|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r73j-pqj5-w3x7", "level": "warning", "message": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "properties": {"repobilityId": 93038, "scanner": "osv-scanner", "fingerprint": "6f9a6229dcf75eb82e837597bbad57d37103d21a6f11e6122226789093f4786e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42310", "CVE-2026-42310"], "package": "pillow", "rule_id": "GHSA-r73j-pqj5-w3x7", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42310|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-5xmw-vc9v-4wf2", "level": "warning", "message": {"text": "pillow: GHSA-5xmw-vc9v-4wf2"}, "properties": {"repobilityId": 93035, "scanner": "osv-scanner", "fingerprint": "0d466a3fdf1f56e9d206a19bf8ccd943ba2afa97dcef0b591b734c2b785dee1f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42309", "CVE-2026-42309"], "package": "pillow", "rule_id": "GHSA-5xmw-vc9v-4wf2", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42309|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-65pc-fj4g-8rjx", "level": "warning", "message": {"text": "idna: GHSA-65pc-fj4g-8rjx"}, "properties": {"repobilityId": 93033, "scanner": "osv-scanner", "fingerprint": "3cb0e6e51097792f0802522bd5a1c534f3c96b9d90576d70a538075f8c4d5bb0", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45409"], "package": "idna", "rule_id": "GHSA-65pc-fj4g-8rjx", "scanner": "osv-scanner", "correlation_key": "vuln|idna|CVE-2024-3651|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-48c2-rrv3-qjmp", "level": "warning", "message": {"text": "yaml: GHSA-48c2-rrv3-qjmp"}, "properties": {"repobilityId": 93032, "scanner": "osv-scanner", "fingerprint": "45dcd1dd3aeb35739480ac576898e9f6b3ba8af26b164ff397d760c319dd2e7f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33532"], "package": "yaml", "rule_id": "GHSA-48c2-rrv3-qjmp", "scanner": "osv-scanner", "correlation_key": "vuln|yaml|CVE-2026-33532|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 93029, "scanner": "osv-scanner", "fingerprint": "74fdacb9b969bc506c65b438d6eb7ff99d8ffa832aea72d9f01429ebfd2cc3d9", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 93027, "scanner": "osv-scanner", "fingerprint": "2510b8057924327e9299fe8e0754f99daed52ce3ac1ece31b2a82e243beabb2e", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 93025, "scanner": "osv-scanner", "fingerprint": "692100fbe84e1958e3a676f8d55bcd6d38a337fdf0a7729a33b890ce3b4d992c", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f886-m6hf-6m8v", "level": "warning", "message": {"text": "brace-expansion: GHSA-f886-m6hf-6m8v"}, "properties": {"repobilityId": 93018, "scanner": "osv-scanner", "fingerprint": "98a1120465a5f7efd7e77749832ffebc052c57b25def61de9cdb3f7030748265", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33750"], "package": "brace-expansion", "rule_id": "GHSA-f886-m6hf-6m8v", "scanner": "osv-scanner", "correlation_key": "vuln|brace-expansion|CVE-2026-33750|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g4f-4pwh-qvx6", "level": "warning", "message": {"text": "ajv: GHSA-2g4f-4pwh-qvx6"}, "properties": {"repobilityId": 93017, "scanner": "osv-scanner", "fingerprint": "b1c137f64d26194e8a5a68d9f9910132470516aebc0c0885b6571a0c29cfa1c8", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-69873"], "package": "ajv", "rule_id": "GHSA-2g4f-4pwh-qvx6", "scanner": "osv-scanner", "correlation_key": "vuln|ajv|CVE-2025-69873|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `recognize_roi` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, for=2, if=5, nested_bonus=5."}, "properties": {"repobilityId": 93005, "scanner": "repobility-threat-engine", "fingerprint": "21dcccb916e34f5862d752f8aa148e0652b914e8879e3c1013cf3ffcb8f97023", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "recognize_roi", "breakdown": {"if": 5, "for": 2, "elif": 1, "else": 1, "continue": 1, "nested_bonus": 5}, "complexity": 15, "correlation_key": "fp|21dcccb916e34f5862d752f8aa148e0652b914e8879e3c1013cf3ffcb8f97023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/recognition/recognizer.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_execute` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=3, if=7, nested_bonus=4, while=1."}, "properties": {"repobilityId": 93004, "scanner": "repobility-threat-engine", "fingerprint": "d2e90423d2a20d0805e663e1f8626f9f72856588577f56e7d365093400da7b64", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_execute", "breakdown": {"if": 7, "break": 3, "while": 1, "nested_bonus": 4}, "complexity": 15, "correlation_key": "fp|d2e90423d2a20d0805e663e1f8626f9f72856588577f56e7d365093400da7b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `astral-sh/setup-uv@v7` is 1 major version(s) behind (latest v8.2.0)"}, "properties": {"repobilityId": 92991, "scanner": "repobility-dependency-currency", "fingerprint": "2e2531d56cb0f130021d67441721e536a34549a95f893ccdcb41b68a46d330b6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "astral-sh/setup-uv", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.2.0", "correlation_key": "fp|2e2531d56cb0f130021d67441721e536a34549a95f893ccdcb41b68a46d330b6", "current_version": "v7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v5` is 1 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 92990, "scanner": "repobility-dependency-currency", "fingerprint": "b00d92760d75f2d7b7b6481788d494dcd31ff9fd14c49fee45c26dc79ec67bd7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|b00d92760d75f2d7b7b6481788d494dcd31ff9fd14c49fee45c26dc79ec67bd7", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `softprops/action-gh-release@v2` is 1 major version(s) behind (latest v3.0.0)"}, "properties": {"repobilityId": 92989, "scanner": "repobility-dependency-currency", "fingerprint": "24e8e7015a4ea785ebe8905d9544500fe3f80bf941aa3ab0a0852e8255af16ae", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "softprops/action-gh-release", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.0", "correlation_key": "fp|24e8e7015a4ea785ebe8905d9544500fe3f80bf941aa3ab0a0852e8255af16ae", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `astral-sh/setup-uv@v7` is 1 major version(s) behind (latest v8.2.0)"}, "properties": {"repobilityId": 92988, "scanner": "repobility-dependency-currency", "fingerprint": "18747b2d19ae7c7baaa81e400d18f56c8f5d276faeaac3429ea0bc03ff4c966e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "astral-sh/setup-uv", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.2.0", "correlation_key": "fp|18747b2d19ae7c7baaa81e400d18f56c8f5d276faeaac3429ea0bc03ff4c966e", "current_version": "v7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 92986, "scanner": "repobility-dependency-currency", "fingerprint": "2cb39cc659e22de9957e25cc94e8f3520ea651149f73726933ef4c0cda016d7f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|2cb39cc659e22de9957e25cc94e8f3520ea651149f73726933ef4c0cda016d7f", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v5` is 1 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 92985, "scanner": "repobility-dependency-currency", "fingerprint": "d278991a34e6b5f80c88e2239d3746cb76e99ebd33f59d31795c32dc2697006e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|d278991a34e6b5f80c88e2239d3746cb76e99ebd33f59d31795c32dc2697006e", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `npm-run-all2` is 1 major version(s) behind (8.0.4 -> 9.0.1)"}, "properties": {"repobilityId": 92979, "scanner": "repobility-dependency-currency", "fingerprint": "3a1267f769a9dbed54d50b4a1e5e43d1a88f41b97fc1bdc84079030516669b63", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "npm-run-all2", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.0.1", "correlation_key": "fp|3a1267f769a9dbed54d50b4a1e5e43d1a88f41b97fc1bdc84079030516669b63", "current_version": "8.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `vue-router` is 1 major version(s) behind (4.6.4 -> 5.1.0)"}, "properties": {"repobilityId": 92975, "scanner": "repobility-dependency-currency", "fingerprint": "b4ca0e8a6a5322793366f1aee9103b491edcb7d1bb967bb77299d982d19939f6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vue-router", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.1.0", "correlation_key": "fp|b4ca0e8a6a5322793366f1aee9103b491edcb7d1bb967bb77299d982d19939f6", "current_version": "4.6.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 92951, "scanner": "repobility-ast-engine", "fingerprint": "e1765e4295539c1b64d7c554011ff0726c1b217a84bb6578e8dbf93e43c12f43", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1765e4295539c1b64d7c554011ff0726c1b217a84bb6578e8dbf93e43c12f43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/utils/log.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 92950, "scanner": "repobility-ast-engine", "fingerprint": "0d92922eb3b7421549714a4d63fe901758df5de3438c0a59c7993dd268514d8f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d92922eb3b7421549714a4d63fe901758df5de3438c0a59c7993dd268514d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/user_setting_manager.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "GHSA-5239-wwwm-4pmq", "level": "note", "message": {"text": "pygments: GHSA-5239-wwwm-4pmq"}, "properties": {"repobilityId": 93040, "scanner": "osv-scanner", "fingerprint": "db0fef0ab784fa7e288e01a475a731d75b5105247b655bdfac2babc124377da9", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-4539"], "package": "pygments", "rule_id": "GHSA-5239-wwwm-4pmq", "scanner": "osv-scanner", "correlation_key": "vuln|pygments|CVE-2026-4539|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `decide_actions` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=6, else=1, if=5."}, "properties": {"repobilityId": 93006, "scanner": "repobility-threat-engine", "fingerprint": "bb14717c4c57a8f07da479699def6603041e56cebb3bf9c385f562d7eb97276e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "decide_actions", "breakdown": {"if": 5, "elif": 6, "else": 1}, "complexity": 12, "correlation_key": "fp|bb14717c4c57a8f07da479699def6603041e56cebb3bf9c385f562d7eb97276e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/scanner/action_logic.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `mikepenz/action-junit-report@v6` is minor version(s) behind (latest v6.4.1)"}, "properties": {"repobilityId": 92992, "scanner": "repobility-dependency-currency", "fingerprint": "1ec8abc770d9aa25053e9ca7fe1b47ceec246c89f0e0d64309c20f442c927ad0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "mikepenz/action-junit-report", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.1", "correlation_key": "fp|1ec8abc770d9aa25053e9ca7fe1b47ceec246c89f0e0d64309c20f442c927ad0", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-python@v6` is minor version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 92987, "scanner": "repobility-dependency-currency", "fingerprint": "2d4cb3be1f3143e113768081415ddc1ee5b648d57f04c88b8ee09697431ec51d", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|2d4cb3be1f3143e113768081415ddc1ee5b648d57f04c88b8ee09697431ec51d", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vue-tsc` is minor version(s) behind (3.2.1 -> 3.3.3)"}, "properties": {"repobilityId": 92984, "scanner": "repobility-dependency-currency", "fingerprint": "c53af4db24bdeb15c04680c77d40d758bd10f045f8626f92e2aaca33493eb79a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vue-tsc", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.3.3", "correlation_key": "fp|c53af4db24bdeb15c04680c77d40d758bd10f045f8626f92e2aaca33493eb79a", "current_version": "3.2.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `vite-plugin-vue-devtools` is minor version(s) behind (8.0.5 -> 8.1.2)"}, "properties": {"repobilityId": 92982, "scanner": "repobility-dependency-currency", "fingerprint": "1b501285131bfd153927603327f6bfe11de9f2a38d8b09e61bad6cf23e8588b9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vite-plugin-vue-devtools", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.1.2", "correlation_key": "fp|1b501285131bfd153927603327f6bfe11de9f2a38d8b09e61bad6cf23e8588b9", "current_version": "8.0.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `sass-embedded` is minor version(s) behind (1.97.1 -> 1.100.0)"}, "properties": {"repobilityId": 92981, "scanner": "repobility-dependency-currency", "fingerprint": "5fe0d8af53da36b0b2a0a3d31f2224ffbd31d412efefbfe2c184c7c1e0c7ddce", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "sass-embedded", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.100.0", "correlation_key": "fp|5fe0d8af53da36b0b2a0a3d31f2224ffbd31d412efefbfe2c184c7c1e0c7ddce", "current_version": "1.97.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `prettier` is minor version(s) behind (3.7.4 -> 3.8.3)"}, "properties": {"repobilityId": 92980, "scanner": "repobility-dependency-currency", "fingerprint": "0b61d702db6381edcba1542c43dd1d8522c99d33218a43f48294f6a18eeedc7d", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.8.3", "correlation_key": "fp|0b61d702db6381edcba1542c43dd1d8522c99d33218a43f48294f6a18eeedc7d", "current_version": "3.7.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `eslint-config-vuetify` is minor version(s) behind (4.3.4 -> 4.6.2)"}, "properties": {"repobilityId": 92978, "scanner": "repobility-dependency-currency", "fingerprint": "c0b9ae04e84115e145f51ccaf74d4af8a5b66d4d6246392510364bae3faece79", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-config-vuetify", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.6.2", "correlation_key": "fp|c0b9ae04e84115e145f51ccaf74d4af8a5b66d4d6246392510364bae3faece79", "current_version": "4.3.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@vue/tsconfig` is minor version(s) behind (0.8.1 -> 0.9.1)"}, "properties": {"repobilityId": 92977, "scanner": "repobility-dependency-currency", "fingerprint": "bfc57f701153c239fea1b3b824b2f2139ef1404334d4cd5bec9b193f857d5b5e", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vue/tsconfig", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.9.1", "correlation_key": "fp|bfc57f701153c239fea1b3b824b2f2139ef1404334d4cd5bec9b193f857d5b5e", "current_version": "0.8.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 92917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99a54cae97e43d4926dc27d06ad2929acf4b5703abfc89f6549f12ca2d4d0be9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "frontend/src/composables/useLanguage.ts", "duplicate_line": 20, "correlation_key": "fp|99a54cae97e43d4926dc27d06ad2929acf4b5703abfc89f6549f12ca2d4d0be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/gameData/gameData.ts"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 93015, "scanner": "repobility-threat-engine", "fingerprint": "703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "aggregated_count": 4}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 93014, "scanner": "repobility-threat-engine", "fingerprint": "85a0adf81c6291ceb590162ff30cf24e37f19d7636907485158fc676e84918ed", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85a0adf81c6291ceb590162ff30cf24e37f19d7636907485158fc676e84918ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/recognition/tasks/attribute_level.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 93013, "scanner": "repobility-threat-engine", "fingerprint": "f894deeab9da8c55e608e309de7c1410fefb68e1d3f3c64e670004fbe188b00b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f894deeab9da8c55e608e309de7c1410fefb68e1d3f3c64e670004fbe188b00b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/recognition/brightness_detector.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 93012, "scanner": "repobility-threat-engine", "fingerprint": "875cef70c51295ae12542b737e3eb1b3216bd9ac8dbde508adee8eca31050b40", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|875cef70c51295ae12542b737e3eb1b3216bd9ac8dbde508adee8eca31050b40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/recognition/base.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 93011, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 93010, "scanner": "repobility-threat-engine", "fingerprint": "c1a897be05bb21f71621f7e4315a0a72b3238718023d845a869cc48b3dfaae27", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c1a897be05bb21f71621f7e4315a0a72b3238718023d845a869cc48b3dfaae27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/exceptions.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 93009, "scanner": "repobility-threat-engine", "fingerprint": "7953e7e5e38bac5a02119355dda8bf6d48f6b84788cd854ed25f9152974737b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7953e7e5e38bac5a02119355dda8bf6d48f6b84788cd854ed25f9152974737b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/layout/base.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 93008, "scanner": "repobility-threat-engine", "fingerprint": "cf1d470be604eb690ff4cb321f8c733b9273bad0c05c605352ba008ad7df410e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cf1d470be604eb690ff4cb321f8c733b9273bad0c05c605352ba008ad7df410e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/interfaces.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 93007, "scanner": "repobility-threat-engine", "fingerprint": "7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_execute", "breakdown": {"if": 7, "break": 3, "while": 1, "nested_bonus": 4}, "aggregated": true, "complexity": 15, "correlation_key": "fp|7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "aggregated_count": 6}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 93001, "scanner": "repobility-threat-engine", "fingerprint": "f7af3ee2888f45b7142795f716f2eb5f08783c91aaee77e2f29f87e4df5bdcff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7af3ee2888f45b7142795f716f2eb5f08783c91aaee77e2f29f87e4df5bdcff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/vite.config.mts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 93000, "scanner": "repobility-threat-engine", "fingerprint": "54df1f88da1e047c155644f9e9834bb5865972d7fa01283a4515c0c4c68a7d0b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54df1f88da1e047c155644f9e9834bb5865972d7fa01283a4515c0c4c68a7d0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/gameData/weapon.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 92996, "scanner": "repobility-threat-engine", "fingerprint": "8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 92995, "scanner": "repobility-threat-engine", "fingerprint": "f5b67b7cca567e57360024acbb0f0f97ed3e9fa59ce66df8200b2cb67fd4fa86", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5b67b7cca567e57360024acbb0f0f97ed3e9fa59ce66df8200b2cb67fd4fa86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/autoFontSizing.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 92994, "scanner": "repobility-threat-engine", "fingerprint": "6fd3b6c5f2a9beedeaddae0e2d12ceabcf92314c8d4a7533775d1505457e0250", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6fd3b6c5f2a9beedeaddae0e2d12ceabcf92314c8d4a7533775d1505457e0250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/composables/useUpdateChecker.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 92993, "scanner": "repobility-threat-engine", "fingerprint": "8f7e12468c5745b49c0d04e83d39541590ecf4a446488206751c7db33547d7de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f7e12468c5745b49c0d04e83d39541590ecf4a446488206751c7db33547d7de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/composables/useLogs.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `vite-plugin-vuetify` is patch version(s) behind (2.1.2 -> 2.1.3)"}, "properties": {"repobilityId": 92983, "scanner": "repobility-dependency-currency", "fingerprint": "cd4aa43de2ef29665e667b40e766d39c605cd2121f26f207bb160f4279556318", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vite-plugin-vuetify", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.1.3", "correlation_key": "fp|cd4aa43de2ef29665e667b40e766d39c605cd2121f26f207bb160f4279556318", "current_version": "2.1.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@vitejs/plugin-vue` is patch version(s) behind (6.0.3 -> 6.0.7)"}, "properties": {"repobilityId": 92976, "scanner": "repobility-dependency-currency", "fingerprint": "8d70cdf43bfdaf5e5cea385c64311cb932ce6bb72b3e9ca6216578de9f7a9ef0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitejs/plugin-vue", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.0.7", "correlation_key": "fp|8d70cdf43bfdaf5e5cea385c64311cb932ce6bb72b3e9ca6216578de9f7a9ef0", "current_version": "6.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-142", "level": "error", "message": {"text": "urllib3: PYSEC-2026-142"}, "properties": {"repobilityId": 93047, "scanner": "osv-scanner", "fingerprint": "66e1b1aa9022c519776ddad0df70ff61566d315478a0e1d4db634530c7bec89d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44432", "GHSA-mf9v-mfxr-j63j"], "package": "urllib3", "rule_id": "PYSEC-2026-142", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44432|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mf9v-mfxr-j63j", "PYSEC-2026-142"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["66e1b1aa9022c519776ddad0df70ff61566d315478a0e1d4db634530c7bec89d", "a381e5d6707c9f75030a22ee814aac9c80fbfaca862e6fa548c90d2b0d78e00f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-141", "level": "error", "message": {"text": "urllib3: PYSEC-2026-141"}, "properties": {"repobilityId": 93046, "scanner": "osv-scanner", "fingerprint": "202e502152aa0eef57a4c3f3a01e648d30977c8aa06b2acc05a839706b0597b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-44431", "GHSA-qccp-gfcp-xxvc"], "package": "urllib3", "rule_id": "PYSEC-2026-141", "scanner": "osv-scanner", "correlation_key": "vuln|urllib3|CVE-2026-44431|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qccp-gfcp-xxvc", "PYSEC-2026-141"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["202e502152aa0eef57a4c3f3a01e648d30977c8aa06b2acc05a839706b0597b4", "b78af741547635e5ed59316b870c20991733a249d6cd722bd682d0d24fc35efa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-161", "level": "error", "message": {"text": "starlette: PYSEC-2026-161"}, "properties": {"repobilityId": 93045, "scanner": "osv-scanner", "fingerprint": "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-48710", "GHSA-86qp-5c8j-p5mr", "X41-2026-002"], "package": "starlette", "rule_id": "PYSEC-2026-161", "scanner": "osv-scanner", "correlation_key": "vuln|starlette|CVE-2026-48710|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-86qp-5c8j-p5mr", "PYSEC-2026-161"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["20d0e73bab623b5772bb5ee81b54e26f25bfd7b3f632ca3aec483536eb176c89", "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pp6c-gr5w-3c5g", "level": "error", "message": {"text": "python-multipart: GHSA-pp6c-gr5w-3c5g"}, "properties": {"repobilityId": 93044, "scanner": "osv-scanner", "fingerprint": "813234e13bf5f6c49b4449533cb686042249a04d5138b2bb710becb99802b5e4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42561"], "package": "python-multipart", "rule_id": "GHSA-pp6c-gr5w-3c5g", "scanner": "osv-scanner", "correlation_key": "vuln|python-multipart|CVE-2026-42561|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-whj4-6x5x-4v2j", "level": "error", "message": {"text": "pillow: GHSA-whj4-6x5x-4v2j"}, "properties": {"repobilityId": 93039, "scanner": "osv-scanner", "fingerprint": "98044dac30eb4ba02f691bd7b7e748512c82462965771e96cd6fa3bf8175d1f2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-40192", "CVE-2026-40192"], "package": "pillow", "rule_id": "GHSA-whj4-6x5x-4v2j", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-40192|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-pwv6-vv43-88gr", "level": "error", "message": {"text": "pillow: GHSA-pwv6-vv43-88gr"}, "properties": {"repobilityId": 93037, "scanner": "osv-scanner", "fingerprint": "6f5bdd8aaea89083f4f330bfda4f9458df94198bdaab2b182c15b51c2ef87dd9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42311", "CVE-2026-42311"], "package": "pillow", "rule_id": "GHSA-pwv6-vv43-88gr", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42311|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cfh3-3jmp-rvhc", "level": "error", "message": {"text": "pillow: GHSA-cfh3-3jmp-rvhc"}, "properties": {"repobilityId": 93036, "scanner": "osv-scanner", "fingerprint": "05ed8dc5a08e164aa683f9c02787585f96d683af9205418cbf1c22b19b7db128", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-25990", "CVE-2026-25990"], "package": "pillow", "rule_id": "GHSA-cfh3-3jmp-rvhc", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-25990|uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-165", "level": "error", "message": {"text": "pillow: PYSEC-2026-165"}, "properties": {"repobilityId": 93034, "scanner": "osv-scanner", "fingerprint": "6d4525df4fe1593a56084817586ae0b65d5078f84b3ec5e34d3552946d99a8f2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42308", "CVE-2026-42308", "GHSA-wjx4-4jcj-g98j"], "package": "pillow", "rule_id": "PYSEC-2026-165", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42308|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wjx4-4jcj-g98j", "PYSEC-2026-165"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["6d4525df4fe1593a56084817586ae0b65d5078f84b3ec5e34d3552946d99a8f2", "e0b065066fc0d3bedf3e2aa7710014dbc6ec7eaa30b9f9c568fe3b4f37d00126"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-v2wj-q39q-566r", "level": "error", "message": {"text": "vite: GHSA-v2wj-q39q-566r"}, "properties": {"repobilityId": 93031, "scanner": "osv-scanner", "fingerprint": "70b4fd7549996f5fcb62417c4067cd6f4ee3cf1635da8573b261551fda0bfe87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39364"], "package": "vite", "rule_id": "GHSA-v2wj-q39q-566r", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39364|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p9ff-h696-f583", "level": "error", "message": {"text": "vite: GHSA-p9ff-h696-f583"}, "properties": {"repobilityId": 93030, "scanner": "osv-scanner", "fingerprint": "46c71337a76b99909eead0cdbe4aab4353fcb98999eadc31f6a2b26f3f07a176", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39363"], "package": "vite", "rule_id": "GHSA-p9ff-h696-f583", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39363|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 93028, "scanner": "osv-scanner", "fingerprint": "33a451068fa332284ac0397d080062d040c862908da013bd20873cd3b2b76741", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 93026, "scanner": "osv-scanner", "fingerprint": "324257d091ec0c1a8acb27e5350af8c0990193bbae9ff813a13edb9d4f937995", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7r86-cg39-jmmj", "level": "error", "message": {"text": "minimatch: GHSA-7r86-cg39-jmmj"}, "properties": {"repobilityId": 93024, "scanner": "osv-scanner", "fingerprint": "aa05548cb24c76b06439c7c1488ba37f61500c5c636485fe83a8542b54d416be", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27903"], "package": "minimatch", "rule_id": "GHSA-7r86-cg39-jmmj", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27903|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3ppc-4f35-3m26", "level": "error", "message": {"text": "minimatch: GHSA-3ppc-4f35-3m26"}, "properties": {"repobilityId": 93023, "scanner": "osv-scanner", "fingerprint": "d04a223d1fd4bad04f5028107af4cc3d38d3cdb46f473dbf65c5f7df6e78ae92", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-26996"], "package": "minimatch", "rule_id": "GHSA-3ppc-4f35-3m26", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-26996|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-23c5-xmqv-rm74", "level": "error", "message": {"text": "minimatch: GHSA-23c5-xmqv-rm74"}, "properties": {"repobilityId": 93022, "scanner": "osv-scanner", "fingerprint": "bfd3a35b666c5571309a66c6e72683964aa8b3cc38edc93a913091a932c4d309", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27904"], "package": "minimatch", "rule_id": "GHSA-23c5-xmqv-rm74", "scanner": "osv-scanner", "correlation_key": "vuln|minimatch|CVE-2026-27904|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-wf6x-7x77-mvgw", "level": "error", "message": {"text": "immutable: GHSA-wf6x-7x77-mvgw"}, "properties": {"repobilityId": 93021, "scanner": "osv-scanner", "fingerprint": "b37a26f546d26facfebf9da95d77faac0c7475a01b0efb1fe04ebb54ce49cb17", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-29063"], "package": "immutable", "rule_id": "GHSA-wf6x-7x77-mvgw", "scanner": "osv-scanner", "correlation_key": "vuln|immutable|CVE-2026-29063|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-rf6f-7fwh-wjgh", "level": "error", "message": {"text": "flatted: GHSA-rf6f-7fwh-wjgh"}, "properties": {"repobilityId": 93020, "scanner": "osv-scanner", "fingerprint": "173cc9b74af9fc1ce42a0dd12b4f7a2d6d8e929e73b410109f5420fba6856bc8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33228"], "package": "flatted", "rule_id": "GHSA-rf6f-7fwh-wjgh", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-33228|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-25h7-pfq9-p65f", "level": "error", "message": {"text": "flatted: GHSA-25h7-pfq9-p65f"}, "properties": {"repobilityId": 93019, "scanner": "osv-scanner", "fingerprint": "22c02f2c9c898ad9cefb8ba0a0f18d422ed0a80a2fad4796fdf49c9c82cf1850", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-32141"], "package": "flatted", "rule_id": "GHSA-25h7-pfq9-p65f", "scanner": "osv-scanner", "correlation_key": "vuln|flatted|CVE-2026-32141|frontend/package-lock.json"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 93016, "scanner": "repobility-threat-engine", "fingerprint": "a035a9a5ab2a1ab724e8c47b8472a1e1e21cd8ddd7bb515256308c2bc4b6e6f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/api/config\")\nasync def post_config(\n    new_config: UserSetting = Body()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a035a9a5ab2a1ab724e8c47b8472a1e1e21cd8ddd7bb515256308c2bc4b6e6f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/server.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 93003, "scanner": "repobility-threat-engine", "fingerprint": "4a33c6013091d11219d8519003407019e818ce5e5b296df1c475d53c5b54e4e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4a33c6013091d11219d8519003407019e818ce5e5b296df1c475d53c5b54e4e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/hotkey_entrypoints.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 93002, "scanner": "repobility-threat-engine", "fingerprint": "f077a6a04bf0acf2c7f3bb8fca59c84dbd7e4e31527424db0920aa5c0958187d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "image.save(save_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f077a6a04bf0acf2c7f3bb8fca59c84dbd7e4e31527424db0920aa5c0958187d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/generate_templates.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 92999, "scanner": "repobility-threat-engine", "fingerprint": "bd938e9163ec752a157cff9be5ca1bb20dd45784a5dc5f65dbb73b2f85ae54c7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd938e9163ec752a157cff9be5ca1bb20dd45784a5dc5f65dbb73b2f85ae54c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/config.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 92998, "scanner": "repobility-threat-engine", "fingerprint": "8b07d637c4cee1ee6d699f4805894d363696fb7ad9a047bd602f795a21a3dc0b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b07d637c4cee1ee6d699f4805894d363696fb7ad9a047bd602f795a21a3dc0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/gameData/item.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 92997, "scanner": "repobility-threat-engine", "fingerprint": "bd959c18e646dd10d86401bf432a974b2701792010900106de7b8b6417986682", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd959c18e646dd10d86401bf432a974b2701792010900106de7b8b6417986682"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/utils/gameData/gameData.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mikepenz/action-junit-report` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 92974, "scanner": "repobility-supply-chain", "fingerprint": "26e6e6bad20350fdb80fe6faa160fd7d36d1a130d99d359467d17c4af1d4f73b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26e6e6bad20350fdb80fe6faa160fd7d36d1a130d99d359467d17c4af1d4f73b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 92973, "scanner": "repobility-supply-chain", "fingerprint": "44c3c2ff3c7b4b89d452222c71e6e92ddf800090a54997dcb7367fd3a9251b7b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44c3c2ff3c7b4b89d452222c71e6e92ddf800090a54997dcb7367fd3a9251b7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 92972, "scanner": "repobility-supply-chain", "fingerprint": "5aaf1e00dca0f587c3f65b4c4cfc05dec7664bc81d417796f0a2d3dfe2243774", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5aaf1e00dca0f587c3f65b4c4cfc05dec7664bc81d417796f0a2d3dfe2243774"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 92971, "scanner": "repobility-supply-chain", "fingerprint": "bee316bd37d5242b1c388ffe6f76ba4c3718f0797ba20ef52cdedf303ad73793", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bee316bd37d5242b1c388ffe6f76ba4c3718f0797ba20ef52cdedf303ad73793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 92970, "scanner": "repobility-supply-chain", "fingerprint": "9adadd21a099c76322fbec4e474f49a355b56a07d8e9623eba2f53167da90725", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9adadd21a099c76322fbec4e474f49a355b56a07d8e9623eba2f53167da90725"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/backend-ci.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 92969, "scanner": "repobility-supply-chain", "fingerprint": "ce1608e7569c5a39390137074f7bc52f5f8972c215194f924d43df3fa98c4b8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce1608e7569c5a39390137074f7bc52f5f8972c215194f924d43df3fa98c4b8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 92968, "scanner": "repobility-supply-chain", "fingerprint": "dd824e42d2b3f5b7892711285d50d76f5f7cd1c5df96dec680d8c56dc8f2e2ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd824e42d2b3f5b7892711285d50d76f5f7cd1c5df96dec680d8c56dc8f2e2ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 92967, "scanner": "repobility-supply-chain", "fingerprint": "4785decc87c3f507c336b27fe9267b377528e3d123f6a285ac09792d97a277d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4785decc87c3f507c336b27fe9267b377528e3d123f6a285ac09792d97a277d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 92966, "scanner": "repobility-supply-chain", "fingerprint": "f1ca8c474c27507c0f5f6e068a3b9c363c0ea415a9bce23c0b8e80f31bcdf175", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1ca8c474c27507c0f5f6e068a3b9c363c0ea415a9bce23c0b8e80f31bcdf175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 92965, "scanner": "repobility-supply-chain", "fingerprint": "5917c971e16cab8e7cc57c60ab6f5444d1ae55a77238b2da974bd3e0f23af4ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5917c971e16cab8e7cc57c60ab6f5444d1ae55a77238b2da974bd3e0f23af4ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-and-release.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.14`"}, "properties": {"repobilityId": 92964, "scanner": "repobility-supply-chain", "fingerprint": "afc1a30f611be54607b541a8460e6c2f1eeadb13a5c876b1073554b7c6179170", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afc1a30f611be54607b541a8460e6c2f1eeadb13a5c876b1073554b7c6179170"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/astral-sh/uv-pre-commit` pinned to mutable rev `0.9.28`"}, "properties": {"repobilityId": 92963, "scanner": "repobility-supply-chain", "fingerprint": "412b7ab01500bf30a651deebfd8f8c96b59e305eab62538cb9d960855666b657", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|412b7ab01500bf30a651deebfd8f8c96b59e305eab62538cb9d960855666b657"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v3.2.0`"}, "properties": {"repobilityId": 92962, "scanner": "repobility-supply-chain", "fingerprint": "13c7ea0d3b780eef70fc17820c8a47fdbafcd858adc0f8b8dd3b28b70c41bc32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|13c7ea0d3b780eef70fc17820c8a47fdbafcd858adc0f8b8dd3b28b70c41bc32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/open_logs_folder has no auth"}, "properties": {"repobilityId": 92961, "scanner": "repobility-route-auth", "fingerprint": "101c6c22485d62ffc0b6535c8349b7a5bf35f1d2a4384815402587768e1a8ce0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|101c6c22485d62ffc0b6535c8349b7a5bf35f1d2a4384815402587768e1a8ce0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/server.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_window` used but never assigned in __init__"}, "properties": {"repobilityId": 92960, "scanner": "repobility-ast-engine", "fingerprint": "7a9fb39a8513e25ca3d6b859e632ac05bdf25cc8e95749dd6beb2fbe40c6077c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a9fb39a8513e25ca3d6b859e632ac05bdf25cc8e95749dd6beb2fbe40c6077c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/window/manager.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_window` used but never assigned in __init__"}, "properties": {"repobilityId": 92959, "scanner": "repobility-ast-engine", "fingerprint": "af49c3759b0622e2d12c665197352e3946039b3fb6f3163110256e0f056100fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af49c3759b0622e2d12c665197352e3946039b3fb6f3163110256e0f056100fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/window/manager.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_window` used but never assigned in __init__"}, "properties": {"repobilityId": 92958, "scanner": "repobility-ast-engine", "fingerprint": "ba810d04693627ac85fdaa3e8a4f737c13a14fb5f2d68036ee167dac11bdfa16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba810d04693627ac85fdaa3e8a4f737c13a14fb5f2d68036ee167dac11bdfa16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/window/manager.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._check_window_and_scene` used but never assigned in __init__"}, "properties": {"repobilityId": 92957, "scanner": "repobility-ast-engine", "fingerprint": "3a5c01f9db86ed5c0ba446591d9f28ceba539cb3817dbe80f9f45d970d102eab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a5c01f9db86ed5c0ba446591d9f28ceba539cb3817dbe80f9f45d970d102eab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._check_window_and_scene` used but never assigned in __init__"}, "properties": {"repobilityId": 92956, "scanner": "repobility-ast-engine", "fingerprint": "c82bf23ac68e88499409def9b77d54c9c7eba30d55bd31925eca9cea8ea3a8d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c82bf23ac68e88499409def9b77d54c9c7eba30d55bd31925eca9cea8ea3a8d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._scan_for_reward` used but never assigned in __init__"}, "properties": {"repobilityId": 92955, "scanner": "repobility-ast-engine", "fingerprint": "492f105909dd664bcf20dfb7aea226431779bc77f792564af280568989dd67bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|492f105909dd664bcf20dfb7aea226431779bc77f792564af280568989dd67bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._check_scene` used but never assigned in __init__"}, "properties": {"repobilityId": 92954, "scanner": "repobility-ast-engine", "fingerprint": "11f49bd5eb3fb90d5ee9b2ab16d01fdbad772bf962180dcd5c72fc7d1e7a8678", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11f49bd5eb3fb90d5ee9b2ab16d01fdbad772bf962180dcd5c72fc7d1e7a8678"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._execute` used but never assigned in __init__"}, "properties": {"repobilityId": 92953, "scanner": "repobility-ast-engine", "fingerprint": "51162ffc88145bfe9c04d32848d5d30c6c1bd2b533a77c22bf44294ad130962f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51162ffc88145bfe9c04d32848d5d30c6c1bd2b533a77c22bf44294ad130962f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/delivery_claimer/engine.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.update_from_model` used but never assigned in __init__"}, "properties": {"repobilityId": 92952, "scanner": "repobility-ast-engine", "fingerprint": "eb148c5faab8e6918c86496058b4c928e248b9b4269803cf3982f3913fbbdf7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb148c5faab8e6918c86496058b4c928e248b9b4269803cf3982f3913fbbdf7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/models/user_setting.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.save_user_setting` used but never assigned in __init__"}, "properties": {"repobilityId": 92949, "scanner": "repobility-ast-engine", "fingerprint": "5f60e9fc4f887504bd828b081aa566ae291980bb5ff98d477903dcbb407b1fd5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f60e9fc4f887504bd828b081aa566ae291980bb5ff98d477903dcbb407b1fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/user_setting_manager.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.save_user_setting` used but never assigned in __init__"}, "properties": {"repobilityId": 92948, "scanner": "repobility-ast-engine", "fingerprint": "2c63d2df5b3e2e6448827700792fa28a65978db3b2cc34d2c4bee364c20ce198", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c63d2df5b3e2e6448827700792fa28a65978db3b2cc34d2c4bee364c20ce198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/user_setting_manager.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.save_user_setting` used but never assigned in __init__"}, "properties": {"repobilityId": 92947, "scanner": "repobility-ast-engine", "fingerprint": "375f22c44d5c56f2a9a318cac57e71742b5c392e1450dd1b6f1028dea55503b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|375f22c44d5c56f2a9a318cac57e71742b5c392e1450dd1b6f1028dea55503b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/user_setting_manager.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.stop` used but never assigned in __init__"}, "properties": {"repobilityId": 92946, "scanner": "repobility-ast-engine", "fingerprint": "e57313a810cda0e6fba312bc7a9db7271712dc968a96ffe60a8c33ab01a7749f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e57313a810cda0e6fba312bc7a9db7271712dc968a96ffe60a8c33ab01a7749f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.start` used but never assigned in __init__"}, "properties": {"repobilityId": 92945, "scanner": "repobility-ast-engine", "fingerprint": "50ad17d2c18036d82893f85bce51a1ec37eae1b3ed213f9cb7c01a222522b1d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50ad17d2c18036d82893f85bce51a1ec37eae1b3ed213f9cb7c01a222522b1d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.log_sink` used but never assigned in __init__"}, "properties": {"repobilityId": 92944, "scanner": "repobility-ast-engine", "fingerprint": "c4c7ff45b5d4f8174d35bc754a78a7dc5b65fccaddc6eda91d220c04a44f3060", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4c7ff45b5d4f8174d35bc754a78a7dc5b65fccaddc6eda91d220c04a44f3060"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.broadcast_loop` used but never assigned in __init__"}, "properties": {"repobilityId": 92943, "scanner": "repobility-ast-engine", "fingerprint": "bd276fd82acdf08179eb0b21bcaea8172cd7dad72d8cf7e9271bc16065eda1b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd276fd82acdf08179eb0b21bcaea8172cd7dad72d8cf7e9271bc16065eda1b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.remove_connection` used but never assigned in __init__"}, "properties": {"repobilityId": 92942, "scanner": "repobility-ast-engine", "fingerprint": "870842886cade37775d0a4dc3a6a7eecdd33eda38ebe38f17e3eb1122c5c339a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|870842886cade37775d0a4dc3a6a7eecdd33eda38ebe38f17e3eb1122c5c339a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.start_scan` used but never assigned in __init__"}, "properties": {"repobilityId": 92940, "scanner": "repobility-ast-engine", "fingerprint": "732da34b807e4e2f2f2a7bd5d0ec604bf836357eabcfdf801b29c3bed3e6f47f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|732da34b807e4e2f2f2a7bd5d0ec604bf836357eabcfdf801b29c3bed3e6f47f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/scanner_service.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.stop_scan` used but never assigned in __init__"}, "properties": {"repobilityId": 92939, "scanner": "repobility-ast-engine", "fingerprint": "0d80d192f0146084e076ad8ea9112ff6d7bbc34538533af8964cf6fd47191765", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d80d192f0146084e076ad8ea9112ff6d7bbc34538533af8964cf6fd47191765"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/scanner_service.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_running` used but never assigned in __init__"}, "properties": {"repobilityId": 92938, "scanner": "repobility-ast-engine", "fingerprint": "cb6a1e73c0b32c11b09164b97f8d34c30266e4b796aa3f23285d865e4f8242ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb6a1e73c0b32c11b09164b97f8d34c30266e4b796aa3f23285d865e4f8242ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/scanner_service.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_running` used but never assigned in __init__"}, "properties": {"repobilityId": 92937, "scanner": "repobility-ast-engine", "fingerprint": "68b24a9b0b122741f12bcc92a65f09535fd73f0b27f873a49d223f690bb818e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|68b24a9b0b122741f12bcc92a65f09535fd73f0b27f873a49d223f690bb818e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/scanner_service.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_running` used but never assigned in __init__"}, "properties": {"repobilityId": 92936, "scanner": "repobility-ast-engine", "fingerprint": "9cf55278207ceda385300c0a22b9f5510d0a5c89fad6e3f160d6842f8eec1f0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9cf55278207ceda385300c0a22b9f5510d0a5c89fad6e3f160d6842f8eec1f0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/scanner_service.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._safe_play` used but never assigned in __init__"}, "properties": {"repobilityId": 92935, "scanner": "repobility-ast-engine", "fingerprint": "1661f9aba12d19d4ed083ca4ffd31d6236d4148ce6156ed86ca831179b42a0f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1661f9aba12d19d4ed083ca4ffd31d6236d4148ce6156ed86ca831179b42a0f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/audio_service.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._safe_play` used but never assigned in __init__"}, "properties": {"repobilityId": 92934, "scanner": "repobility-ast-engine", "fingerprint": "d35365f049a97b69ff1242e322a0b11e77da215cff909a90a7fec0a077a9e73a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d35365f049a97b69ff1242e322a0b11e77da215cff909a90a7fec0a077a9e73a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/audio_service.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_webview_prod_url` used but never assigned in __init__"}, "properties": {"repobilityId": 92933, "scanner": "repobility-ast-engine", "fingerprint": "54c7ca2c497fc37f95cff8d6579e09caec7dfce934bc59224a0eea593ef53d72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54c7ca2c497fc37f95cff8d6579e09caec7dfce934bc59224a0eea593ef53d72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/core/config.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_execute_stop_event"}, "properties": {"repobilityId": 92932, "scanner": "repobility-ast-engine", "fingerprint": "34984a9553da6cadbb312d4c3d58ecd7924231fefae876baa6e4096d95fbc252", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34984a9553da6cadbb312d4c3d58ecd7924231fefae876baa6e4096d95fbc252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/core/delivery_claimer/test_delivery_claimer_engine.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_execute_initial_scene_check_fails_resolution"}, "properties": {"repobilityId": 92931, "scanner": "repobility-ast-engine", "fingerprint": "c3cdc04cfd5a7edfadfdc688f2fec6be88a2291b5dcd5ddd302027da5af8158a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3cdc04cfd5a7edfadfdc688f2fec6be88a2291b5dcd5ddd302027da5af8158a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/core/delivery_claimer/test_delivery_claimer_engine.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_capture_and_save_no_focus_no_post"}, "properties": {"repobilityId": 92930, "scanner": "repobility-ast-engine", "fingerprint": "0c27682e4abb8cf244efd1b3263ead1827a25a3395c1d651a5567a01350a6709", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c27682e4abb8cf244efd1b3263ead1827a25a3395c1d651a5567a01350a6709"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/services/test_screenshot_service.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_capture_and_save_not_exists"}, "properties": {"repobilityId": 92929, "scanner": "repobility-ast-engine", "fingerprint": "09d50ea06547dc37b1d410237b69fb436923ff24f45293440f14b7fbe05160de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09d50ea06547dc37b1d410237b69fb436923ff24f45293440f14b7fbe05160de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/services/test_screenshot_service.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_log_history_replay"}, "properties": {"repobilityId": 92927, "scanner": "repobility-ast-engine", "fingerprint": "2fa383f374b0777d1d422fe8471ccde1b31f48096c622d1e91b924b96b8a52f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fa383f374b0777d1d422fe8471ccde1b31f48096c622d1e91b924b96b8a52f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/services/test_log_service.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_recognize_roi_preprocessing"}, "properties": {"repobilityId": 92926, "scanner": "repobility-ast-engine", "fingerprint": "7c0d42663c8916a0ae63549e05777b4975a96928d3ef876cc770e2aca34cead2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c0d42663c8916a0ae63549e05777b4975a96928d3ef876cc770e2aca34cead2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/recognition/test_recognizer.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_recognize_roi_color_conversion"}, "properties": {"repobilityId": 92925, "scanner": "repobility-ast-engine", "fingerprint": "8a22c4150454f020ec7d8b4530c23a78142453c5a0dee94e3ff6ce0f38582f90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a22c4150454f020ec7d8b4530c23a78142453c5a0dee94e3ff6ce0f38582f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/recognition/test_recognizer.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_manager"}, "properties": {"repobilityId": 92924, "scanner": "repobility-ast-engine", "fingerprint": "eb037e09c6ed70800ef164ac8903d829057594afcf576d2827e2ef91822b795a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb037e09c6ed70800ef164ac8903d829057594afcf576d2827e2ef91822b795a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_user_setting_api.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_settings_file"}, "properties": {"repobilityId": 92923, "scanner": "repobility-ast-engine", "fingerprint": "b05c77289e1d3e4632f2cf6e209f7a5271edab481a5b7635d97fd057064d2d0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b05c77289e1d3e4632f2cf6e209f7a5271edab481a5b7635d97fd057064d2d0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_user_setting_api.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_click_no_window"}, "properties": {"repobilityId": 92922, "scanner": "repobility-ast-engine", "fingerprint": "4d698af4c35a7d4574f0fcbb1bf787b83332c57ae367cb7fc9019982050a4618", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d698af4c35a7d4574f0fcbb1bf787b83332c57ae367cb7fc9019982050a4618"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_window_manager.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_click"}, "properties": {"repobilityId": 92921, "scanner": "repobility-ast-engine", "fingerprint": "9f9dce8bafa14a996ad8ec1288d70dc869c1ebb63c30fac8e942591e37817b11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f9dce8bafa14a996ad8ec1288d70dc869c1ebb63c30fac8e942591e37817b11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_window_manager.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_screenshot_no_window"}, "properties": {"repobilityId": 92920, "scanner": "repobility-ast-engine", "fingerprint": "59b85f719864a23695a93de429217e8761d7d18f71b4a7bc7a138919eacd1ea9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59b85f719864a23695a93de429217e8761d7d18f71b4a7bc7a138919eacd1ea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_window_manager.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_client_size_no_window"}, "properties": {"repobilityId": 92919, "scanner": "repobility-ast-engine", "fingerprint": "1af5af532422aec261c1bfb86e6cebed67282e93390920dc9e5beed8a842a4b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1af5af532422aec261c1bfb86e6cebed67282e93390920dc9e5beed8a842a4b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_window_manager.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_update_from_dict_invalid_data"}, "properties": {"repobilityId": 92918, "scanner": "repobility-ast-engine", "fingerprint": "f8c8a8ec5eaefb804dbb91a258b237b1ee1a7d6b38c3b768b6f627938b47d85a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8c8a8ec5eaefb804dbb91a258b237b1ee1a7d6b38c3b768b6f627938b47d85a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_setting_manager.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 92941, "scanner": "repobility-ast-engine", "fingerprint": "02c760ceb88273af6ac70d82db3eeab91c7009457b2ea98eec59928ffdb52713", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02c760ceb88273af6ac70d82db3eeab91c7009457b2ea98eec59928ffdb52713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/endfield_essence_recognizer/services/log_service.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 92928, "scanner": "repobility-ast-engine", "fingerprint": "f6950369e7f9b13267485512e5014d33b62ec45f37ac903b7b596d690fc347a2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6950369e7f9b13267485512e5014d33b62ec45f37ac903b7b596d690fc347a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/services/test_log_service.py"}, "region": {"startLine": 126}}}]}]}]}