{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `pynacl` has no version pin: Unpinned pip requirement means every fresh install may resolve", "shortDescription": {"text": "[MINED124] requirements.txt: `pynacl` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible instal"}, "fullDescription": {"text": "Replace `pynacl` with `pynacl==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `message_handler` has cognitive complexity 8 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `message_handler` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `pozil/auto-assign-issue` pinned to mutable ref `@v2`: `uses: pozil/auto-assign-issue@v2` resolves at ", "shortDescription": {"text": "[MINED115] Action `pozil/auto-assign-issue` pinned to mutable ref `@v2`: `uses: pozil/auto-assign-issue@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: pozil/auto-assign-issue@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/python:3.12` not pinned by digest: `FROM mcr.microsoft.com/d", "shortDescription": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/python:3.12` not pinned by digest: `FROM mcr.microsoft.com/devcontainers/python:3.12` resolves the tag at build time. The registry CAN re-push a different image for the same tag, s"}, "fullDescription": {"text": "Replace with: `FROM mcr.microsoft.com/devcontainers/python:3.12@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.close` used but never assigned in __init__: Method `__exit__` of class `PersistentEventStore` reads `se", "shortDescription": {"text": "[MINED108] `self.close` used but never assigned in __init__: Method `__exit__` of class `PersistentEventStore` reads `self.close`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the firs"}, "fullDescription": {"text": "Initialize `self.close = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED020", "name": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / s", "shortDescription": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/849"}, "properties": {"repository": "microsoft/ai-agents-for-beginners", "repoUrl": "https://github.com/microsoft/ai-agents-for-beginners", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pynacl` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76800, "scanner": "repobility-supply-chain", "fingerprint": "c0543c13d32b28d3d3c225237dd80c2905a8ed5005eb72014fa3e720b0b36007", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c0543c13d32b28d3d3c225237dd80c2905a8ed5005eb72014fa3e720b0b36007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `jcs` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76799, "scanner": "repobility-supply-chain", "fingerprint": "2449fbba624acbfe544370a9d9caf47244e1ea8aab4a1ad5066f796ac5b27092", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2449fbba624acbfe544370a9d9caf47244e1ea8aab4a1ad5066f796ac5b27092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76798, "scanner": "repobility-supply-chain", "fingerprint": "1cda812d8b1ad5328430c8f21f4f75c9140f221c650faa79e807364499c4bd71", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1cda812d8b1ad5328430c8f21f4f75c9140f221c650faa79e807364499c4bd71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `python-dotenv` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76797, "scanner": "repobility-supply-chain", "fingerprint": "76e24f524c67b2d881a878ec6956aaf2b602cd7677a4d4387862d0d7d85c7863", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76e24f524c67b2d881a878ec6956aaf2b602cd7677a4d4387862d0d7d85c7863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pillow` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76796, "scanner": "repobility-supply-chain", "fingerprint": "9b0a069ea4f2962c9cb44925d87a01b11b6a125e5a9b2b01d98a821493d5791e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b0a069ea4f2962c9cb44925d87a01b11b6a125e5a9b2b01d98a821493d5791e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pandas` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76795, "scanner": "repobility-supply-chain", "fingerprint": "4d6b4e56c088a16388ed8b73e94c3f27ab50c729d0002ee5185420dd60c085db", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d6b4e56c088a16388ed8b73e94c3f27ab50c729d0002ee5185420dd60c085db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76794, "scanner": "repobility-supply-chain", "fingerprint": "ac3d67f709a4263e67497d641f908491d82e9b6968347178dc99f51b567bf459", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac3d67f709a4263e67497d641f908491d82e9b6968347178dc99f51b567bf459"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `nest-asyncio` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76793, "scanner": "repobility-supply-chain", "fingerprint": "68b2ac28b09d15202f8322aa6b98f29d17e5e176c7709e37750a807a48bb24e9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|68b2ac28b09d15202f8322aa6b98f29d17e5e176c7709e37750a807a48bb24e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `ipykernel` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76792, "scanner": "repobility-supply-chain", "fingerprint": "bfd7a443daa67fa462abb65715a407be21a3d345e2de88e0b68fcda06f7d4f95", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bfd7a443daa67fa462abb65715a407be21a3d345e2de88e0b68fcda06f7d4f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `httpx` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76791, "scanner": "repobility-supply-chain", "fingerprint": "fae1f17b4959095b4f9ec0fbb379e5252ff4fd87f4d82095ccfa7f4d2011249a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fae1f17b4959095b4f9ec0fbb379e5252ff4fd87f4d82095ccfa7f4d2011249a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76790, "scanner": "repobility-supply-chain", "fingerprint": "cc4dec42a0ef1b277921e3710970409e44ea3729fd33c8ddeac980437b812c20", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc4dec42a0ef1b277921e3710970409e44ea3729fd33c8ddeac980437b812c20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `mcp[cli]` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76789, "scanner": "repobility-supply-chain", "fingerprint": "90852b2ff76c96ec880233e9d386960cc4a11083be17e12d818e2e4172000e2e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90852b2ff76c96ec880233e9d386960cc4a11083be17e12d818e2e4172000e2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `a2a-sdk` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76788, "scanner": "repobility-supply-chain", "fingerprint": "0b282c769dda50eab03234d3e5494b6cb85ef77c97590c68c9060723f7d1fcb0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b282c769dda50eab03234d3e5494b6cb85ef77c97590c68c9060723f7d1fcb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `agent-framework` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76787, "scanner": "repobility-supply-chain", "fingerprint": "b2a54074633e0f8b2adf495756d33f36429ecd826b822e5cf08cc8937654102e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b2a54074633e0f8b2adf495756d33f36429ecd826b822e5cf08cc8937654102e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `azure-search-documents` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76786, "scanner": "repobility-supply-chain", "fingerprint": "d1e13d312380c97f9274d70ec0bba82317aee6161557ef23bf731697740344cd", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1e13d312380c97f9274d70ec0bba82317aee6161557ef23bf731697740344cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `azure-identity` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76785, "scanner": "repobility-supply-chain", "fingerprint": "8cfd2fc4ff2c1da09d6901be535601e952c9bb58287fc48e2f71b8886df9f69c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8cfd2fc4ff2c1da09d6901be535601e952c9bb58287fc48e2f71b8886df9f69c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `azure-ai-projects` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76784, "scanner": "repobility-supply-chain", "fingerprint": "157864b84976b031dc95d6a8608945b17ec78a0ca5395bf17c97a0133c965393", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|157864b84976b031dc95d6a8608945b17ec78a0ca5395bf17c97a0133c965393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `azure-ai-inference` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 76783, "scanner": "repobility-supply-chain", "fingerprint": "d3f3ecdefa2aaad2b8786d27e2be4f8d38ca399cdecf83f6d049f35518c616f7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3f3ecdefa2aaad2b8786d27e2be4f8d38ca399cdecf83f6d049f35518c616f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76782, "scanner": "repobility-ast-engine", "fingerprint": "7b4bb540d80454693ad5afe359d498f9fed19022a652ad84c6e99a102d9b2e23", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b4bb540d80454693ad5afe359d498f9fed19022a652ad84c6e99a102d9b2e23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "14-microsoft-agent-framework/code-samples/hotel_booking_workflow_sample.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76781, "scanner": "repobility-ast-engine", "fingerprint": "7bc23e404147f72acc814599225b608f435ef81e57e067868a3373e39ae599cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bc23e404147f72acc814599225b608f435ef81e57e067868a3373e39ae599cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "14-microsoft-agent-framework/code-samples/hotel_booking_workflow_sample.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76780, "scanner": "repobility-ast-engine", "fingerprint": "08b67c679bef2c067367f7bbefde3d50b7ca765ee2f307676104a88c9da8ff55", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08b67c679bef2c067367f7bbefde3d50b7ca765ee2f307676104a88c9da8ff55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "04-tool-use/code_samples/test_demo_plugins.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76779, "scanner": "repobility-ast-engine", "fingerprint": "f8aa8c24bdcd523388a117e9065fe8e0e50ce396cbe9d32a1b806410b59ae593", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8aa8c24bdcd523388a117e9065fe8e0e50ce396cbe9d32a1b806410b59ae593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/utils.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76778, "scanner": "repobility-ast-engine", "fingerprint": "9c8dd12c3264ffcfa38abf7a1bff1e6e00c97ab4c40749ee5f0adcbf5e593387", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c8dd12c3264ffcfa38abf7a1bff1e6e00c97ab4c40749ee5f0adcbf5e593387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/utils.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76777, "scanner": "repobility-ast-engine", "fingerprint": "cd19566a420ce7434a571aedaff49babdda55f5d8cc9c0b24f50878c7065d062", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd19566a420ce7434a571aedaff49babdda55f5d8cc9c0b24f50878c7065d062"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/utils.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76776, "scanner": "repobility-ast-engine", "fingerprint": "fe63ad8449a97cd4d9ea59520eb85cfad0dabe43ce811c0d3810e01d82a02b5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe63ad8449a97cd4d9ea59520eb85cfad0dabe43ce811c0d3810e01d82a02b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76775, "scanner": "repobility-ast-engine", "fingerprint": "8e498145c78042877cf8d90f3e4840bcda029e28c17cd32898e52c4ad2aa06a3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e498145c78042877cf8d90f3e4840bcda029e28c17cd32898e52c4ad2aa06a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76774, "scanner": "repobility-ast-engine", "fingerprint": "d5cd427e5dbaddc8988b159cca1ca59788a7861384cb28bb38e95e443f829774", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5cd427e5dbaddc8988b159cca1ca59788a7861384cb28bb38e95e443f829774"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76773, "scanner": "repobility-ast-engine", "fingerprint": "8853b407eae96066a5a7b4fb62b63a1da8313cc3ec10bfd1acf983deb7ae2abb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8853b407eae96066a5a7b4fb62b63a1da8313cc3ec10bfd1acf983deb7ae2abb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 377}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76772, "scanner": "repobility-ast-engine", "fingerprint": "2bd23805b5369f8c364d9dc1bce82f76a38df7faebd9e617215686013d4185d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bd23805b5369f8c364d9dc1bce82f76a38df7faebd9e617215686013d4185d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76771, "scanner": "repobility-ast-engine", "fingerprint": "83779ab5375cef6c72e1c0f49312aa3a25c433f72cc9e0e6b4711b705a9e979d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83779ab5375cef6c72e1c0f49312aa3a25c433f72cc9e0e6b4711b705a9e979d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76770, "scanner": "repobility-ast-engine", "fingerprint": "70f4ef1f7e25d902eb3b8a38c2833935e2c9c0c3d94922e897579355ad72560a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70f4ef1f7e25d902eb3b8a38c2833935e2c9c0c3d94922e897579355ad72560a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76769, "scanner": "repobility-ast-engine", "fingerprint": "64c79aef51dce409cd0a68e6f823e86f1067455f8b2e88630ea9e9cc5ee36f45", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64c79aef51dce409cd0a68e6f823e86f1067455f8b2e88630ea9e9cc5ee36f45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76768, "scanner": "repobility-ast-engine", "fingerprint": "d535c768c46cb9f54e11c98cfb236ab0297dd657d93d2977fc50cb3c01cc3edb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d535c768c46cb9f54e11c98cfb236ab0297dd657d93d2977fc50cb3c01cc3edb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 455}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76767, "scanner": "repobility-ast-engine", "fingerprint": "9873af9e54b942123aa087d69dc7351d4d42ac3f84e1cedb9d269ccec6f822b5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9873af9e54b942123aa087d69dc7351d4d42ac3f84e1cedb9d269ccec6f822b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/client.py"}, "region": {"startLine": 419}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76763, "scanner": "repobility-ast-engine", "fingerprint": "6ef1b5bad76ce40615b13557a288a618e0e5db47b22382984351c5f0faddd1e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6ef1b5bad76ce40615b13557a288a618e0e5db47b22382984351c5f0faddd1e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 392}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76762, "scanner": "repobility-ast-engine", "fingerprint": "5467cec0452a827e6a37750be1b15e00bca7b43a4cb74ccf5bdbb3154a1272c2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5467cec0452a827e6a37750be1b15e00bca7b43a4cb74ccf5bdbb3154a1272c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 367}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76761, "scanner": "repobility-ast-engine", "fingerprint": "f0e58618cb945df1bc920fc68b3b4e2c2e96a508475ec48e49623bc3b8d04fcd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0e58618cb945df1bc920fc68b3b4e2c2e96a508475ec48e49623bc3b8d04fcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76760, "scanner": "repobility-ast-engine", "fingerprint": "c320a48fc04d0b9d302acb66f7cfbc75d26b9165133a05f0b45a5e97ccac4527", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c320a48fc04d0b9d302acb66f7cfbc75d26b9165133a05f0b45a5e97ccac4527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76759, "scanner": "repobility-ast-engine", "fingerprint": "db47bd699c95f7e58aad4452e3c8d071e87ded21c9defff21651d05abcbaf62c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db47bd699c95f7e58aad4452e3c8d071e87ded21c9defff21651d05abcbaf62c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76758, "scanner": "repobility-ast-engine", "fingerprint": "2ad3b514f98e794cde8d48a384df1c5e8f7a5c52230e45b4623272f70e924de9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ad3b514f98e794cde8d48a384df1c5e8f7a5c52230e45b4623272f70e924de9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 76757, "scanner": "repobility-ast-engine", "fingerprint": "f579688ef0434a69bb0745d7fb35eb0045c058917fdff7de790d7d14097e81b9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f579688ef0434a69bb0745d7fb35eb0045c058917fdff7de790d7d14097e81b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/github-mcp/app.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 76756, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 76755, "scanner": "repobility-docker", "fingerprint": "2d2208484c91d91d396bb391119712bf46319d44b21645394b977aa95113373d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/devcontainers/python:3.12", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2d2208484c91d91d396bb391119712bf46319d44b21645394b977aa95113373d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR015", "level": "warning", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 76752, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": false, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": ".git/objects/pack/pack-08f2fe55531696f0fba2c7577bbac59168c2f438.pack", "size_mb": 327.5}, {"path": ".git/objects/pack/pack-ed09332a957deb4a4bbef2f5e84e5b92e153e838.pack", "size_mb": 53.5}, {"path": "01-intro-to-ai-agents/images/lesson-1-thumbnail.png", "size_mb": 4.6}, {"path": "05-agentic-rag/images/lesson-5-thumbnail.png", "size_mb": 4.6}, {"path": "09-metacognition/images/lesson-9-thumbnail.png", "size_mb": 4.6}], "included_files": 9318, "context_size_mb": 866.9, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 76754, "scanner": "repobility-docker", "fingerprint": "fe0df7880a0cd92ed0782ed4fd2689656c4bebfea25f273167ed6e948904aaa9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fe0df7880a0cd92ed0782ed4fd2689656c4bebfea25f273167ed6e948904aaa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 76753, "scanner": "repobility-docker", "fingerprint": "f52916b5a14eaee26946f9dd590eaa26d5ba143ad6f29b0205deb07e2495cba4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f52916b5a14eaee26946f9dd590eaa26d5ba143ad6f29b0205deb07e2495cba4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76751, "scanner": "repobility-ai-code-hygiene", "fingerprint": "575de219280159c2ded9b53ac2c9c844821b922022fdad755d2410701c04268e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "08-multi-agent/code_samples/workflows-agent-framework/dotNET/01.dotnet-agent-framework-workflow-ghmodel-basic.cs", "duplicate_line": 45, "correlation_key": "fp|575de219280159c2ded9b53ac2c9c844821b922022fdad755d2410701c04268e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "08-multi-agent/code_samples/workflows-agent-framework/dotNET/04.dotnet-agent-framework-workflow-aifoundry-condition.cs"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76750, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91015bf34282951944d91a5251f73374b13d4e92ff14398c5f24cc776b9df2c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "08-multi-agent/code_samples/workflows-agent-framework/dotNET/01.dotnet-agent-framework-workflow-ghmodel-basic.cs", "duplicate_line": 43, "correlation_key": "fp|91015bf34282951944d91a5251f73374b13d4e92ff14398c5f24cc776b9df2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "08-multi-agent/code_samples/workflows-agent-framework/dotNET/02.dotnet-agent-framework-workflow-ghmodel-sequential.cs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76749, "scanner": "repobility-ai-code-hygiene", "fingerprint": "979f8611c29873c7b2cb28f2c14be14814f6058927556d059fe9d3a46955b3c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "01-intro-to-ai-agents/code_samples/01-dotnet-agent-framework.cs", "duplicate_line": 7, "correlation_key": "fp|979f8611c29873c7b2cb28f2c14be14814f6058927556d059fe9d3a46955b3c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "04-tool-use/code_samples/04-dotnet-agent-framework.cs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76748, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da18c077147a516b6cc01c0c59714fa6e4be662df5437c8d91c0bac3e36187f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "01-intro-to-ai-agents/code_samples/01-dotnet-agent-framework.cs", "duplicate_line": 7, "correlation_key": "fp|da18c077147a516b6cc01c0c59714fa6e4be662df5437c8d91c0bac3e36187f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "03-agentic-design-patterns/code_samples/03-dotnet-agent-framework.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76747, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b8a24f6b96404981f38307e7527013ed93057dae00591022c4b6011f3fa6711", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "01-intro-to-ai-agents/code_samples/01-dotnet-agent-framework.cs", "duplicate_line": 1, "correlation_key": "fp|0b8a24f6b96404981f38307e7527013ed93057dae00591022c4b6011f3fa6711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "02-explore-agentic-frameworks/code_samples/02-dotnet-agent-framework.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `message_handler` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, except=1, if=2, nested_bonus=3."}, "properties": {"repobilityId": 76736, "scanner": "repobility-threat-engine", "fingerprint": "765e52e836da7378a6a9686f84a8bcd88579c957e466427218af4568c693aa32", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "message_handler", "breakdown": {"if": 2, "elif": 2, "except": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|765e52e836da7378a6a9686f84a8bcd88579c957e466427218af4568c693aa32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `run_long_running_task` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=3, except=2, if=5, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 76735, "scanner": "repobility-threat-engine", "fingerprint": "a32032ae268f78dc8ddba5b5d4375a57c92dc599b1c774f52f56216c3f524f3d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run_long_running_task", "breakdown": {"if": 5, "else": 3, "except": 2, "ternary": 1, "nested_bonus": 1}, "complexity": 12, "correlation_key": "fp|a32032ae268f78dc8ddba5b5d4375a57c92dc599b1c774f52f56216c3f524f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `update_title` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, if=6, ternary=1."}, "properties": {"repobilityId": 76734, "scanner": "repobility-threat-engine", "fingerprint": "d0268676ceb2a0860a0c0d5aa9b7864e74996f35f80b5e77d5d93a2fa051fbe2", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update_title", "breakdown": {"if": 6, "elif": 1, "else": 2, "ternary": 1}, "complexity": 10, "correlation_key": "fp|d0268676ceb2a0860a0c0d5aa9b7864e74996f35f80b5e77d5d93a2fa051fbe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".agents/skills/jupyter-notebook/scripts/new_notebook.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 76746, "scanner": "repobility-threat-engine", "fingerprint": "a80e86941c1937b741c01605050088fd81871741329362cbe2c5e60945ec495d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a80e86941c1937b741c01605050088fd81871741329362cbe2c5e60945ec495d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 76745, "scanner": "repobility-threat-engine", "fingerprint": "2431d90f6fe752a311b120b85949521b0b5b2bc20b65f0c5b61baac95e00b76b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2431d90f6fe752a311b120b85949521b0b5b2bc20b65f0c5b61baac95e00b76b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/utils.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 76744, "scanner": "repobility-threat-engine", "fingerprint": "ce16bd10760daf4dc120e6e0f0661166945ebc538cd8fcf81eb0473c6214022d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce16bd10760daf4dc120e6e0f0661166945ebc538cd8fcf81eb0473c6214022d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 76741, "scanner": "repobility-threat-engine", "fingerprint": "04ee5177908ef7a9f5412289201491f0a738dfc2792ca6d3ac8ff2e580229b69", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "print(f\"[red]\u2717 Cannot save tokens: missing session_id or resumption_token[/red]\")", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|5|print f red cannot save tokens: missing session_id or resumption_token /red"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/utils.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 76737, "scanner": "repobility-threat-engine", "fingerprint": "33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "update_title", "breakdown": {"if": 6, "elif": 1, "else": 2, "ternary": 1}, "aggregated": true, "complexity": 10, "correlation_key": "fp|33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "aggregated_count": 1}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pozil/auto-assign-issue` pinned to mutable ref `@v2`: `uses: pozil/auto-assign-issue@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76805, "scanner": "repobility-supply-chain", "fingerprint": "6b058810bae32dda74bcfa53e8aaddf45896022e1613fc1b15a002889d6ca6d0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b058810bae32dda74bcfa53e8aaddf45896022e1613fc1b15a002889d6ca6d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/welcome-pr.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76804, "scanner": "repobility-supply-chain", "fingerprint": "516ad8b16cfb942ad8c01380b78fc743fc67612c78f88aa74fc3bc7cf6cdbb9c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|516ad8b16cfb942ad8c01380b78fc743fc67612c78f88aa74fc3bc7cf6cdbb9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/welcome-pr.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pozil/auto-assign-issue` pinned to mutable ref `@v2`: `uses: pozil/auto-assign-issue@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76803, "scanner": "repobility-supply-chain", "fingerprint": "45a1e2c07d1568088c028106444759484d9baca39445e25c9b9288364e17e661", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45a1e2c07d1568088c028106444759484d9baca39445e25c9b9288364e17e661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/welcome-issue.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76802, "scanner": "repobility-supply-chain", "fingerprint": "e0b6a62f64e02c5e2a7b46c28f1277724e6ba3d224e25c000793f97f75098481", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e0b6a62f64e02c5e2a7b46c28f1277724e6ba3d224e25c000793f97f75098481"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/welcome-issue.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `mcr.microsoft.com/devcontainers/python:3.12` not pinned by digest: `FROM mcr.microsoft.com/devcontainers/python:3.12` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 76801, "scanner": "repobility-supply-chain", "fingerprint": "2892d20cc5a04722a37fc94136f859fe0aa4d6137b5a6a5614d973ecbe0d80bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2892d20cc5a04722a37fc94136f859fe0aa4d6137b5a6a5614d973ecbe0d80bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.close` used but never assigned in __init__: Method `__exit__` of class `PersistentEventStore` reads `self.close`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76766, "scanner": "repobility-ast-engine", "fingerprint": "66a3fd842b96db7e683e0252a769ecdc92375e355eb2489aabfe41fe457adb6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66a3fd842b96db7e683e0252a769ecdc92375e355eb2489aabfe41fe457adb6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/server/event_store.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._fetch_events_sync` used but never assigned in __init__: Method `replay_events_after` of class `PersistentEventStore` reads `self._fetch_events_sync`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76765, "scanner": "repobility-ast-engine", "fingerprint": "759c62cbae27cc4d72fd0aa00c873eb431a9a0b425390e8fa902a161a7b7b102", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|759c62cbae27cc4d72fd0aa00c873eb431a9a0b425390e8fa902a161a7b7b102"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/server/event_store.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._store_event_sync` used but never assigned in __init__: Method `store_event` of class `PersistentEventStore` reads `self._store_event_sync`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 76764, "scanner": "repobility-ast-engine", "fingerprint": "fea57594ac9dceae030859dfd741f1154e15acafa268f35b72c96eab325ce86c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fea57594ac9dceae030859dfd741f1154e15acafa268f35b72c96eab325ce86c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/server/event_store.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 76743, "scanner": "repobility-threat-engine", "fingerprint": "d910c3d76a1d059bfce1fbe6253788f26aae161944a5abca280e96ffec9dcb6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d910c3d76a1d059bfce1fbe6253788f26aae161944a5abca280e96ffec9dcb6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 76742, "scanner": "repobility-threat-engine", "fingerprint": "ae4951bc93bac645505a991039f60c0c3096039a3a51e4f446f3a39c8675b3a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae4951bc93bac645505a991039f60c0c3096039a3a51e4f446f3a39c8675b3a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 76740, "scanner": "repobility-threat-engine", "fingerprint": "8a917cfa02c535566b6c8f6a27353db9feaf2ec001f3b3dc73a41351b3abed68", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"\ud83d\udcbe Resumption token received: {token[:20]}...\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|14|print f resumption token received: token :20 ..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "11-agentic-protocols/code_samples/mcp-agents/client/resumable_client.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76739, "scanner": "repobility-threat-engine", "fingerprint": "36d709baf62eb9dd65769302e04cf8a891e456b9123caf597876e385de923f0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "AIFunctionFactory.Create(EstimateTripCost)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|36d709baf62eb9dd65769302e04cf8a891e456b9123caf597876e385de923f0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "04-tool-use/code_samples/04-dotnet-agent-framework.cs"}, "region": {"startLine": 234}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76738, "scanner": "repobility-threat-engine", "fingerprint": "deef11d86d6170c7586b3ab4d0a5ed9794e7f11c301df5641116bbe9a6f7d53c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "AIFunctionFactory.Create(SaveUserPreference)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|deef11d86d6170c7586b3ab4d0a5ed9794e7f11c301df5641116bbe9a6f7d53c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "03-agentic-design-patterns/code_samples/03-dotnet-agent-framework.cs"}, "region": {"startLine": 126}}}]}]}]}