{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "depends_on controls startup order, but without condition: service_healthy an app can start while the database is still initializing and fail intermittently."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "A frontend journey appears to ask for consent to share identity/KYC/biometric data, but backend code does not show a consent audit model with scope, purpose, legal text version, timestamp, IP, or user-agent evidence."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/307"}, "properties": {"repository": "casdoor/casdoor", "repoUrl": "https://github.com/casdoor/casdoor", "branch": "master"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 9887, "scanner": "repobility-journey-contract", "fingerprint": "07f448f71d323b21afb8c1b18cde8c7aa6cf4ad9e552b0f5f65ca9079fa38b46", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|web/src/auth/web3auth.js|54|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/auth/Web3Auth.js"}, "region": {"startLine": 54}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 9886, "scanner": "repobility-journey-contract", "fingerprint": "0fe5e4c363d17f69ab97b14817c5092ac9c1ebbea1d353686cc32ac78b4312c9", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|215|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/public/AuthCallbackHandler.js"}, "region": {"startLine": 215}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 9885, "scanner": "repobility-docker", "fingerprint": "c57c541beacbceac95098af0ca1a9e4dff5b9004397c6eac845cd43f4ffab652", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|c57c541beacbceac95098af0ca1a9e4dff5b9004397c6eac845cd43f4ffab652"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 9878, "scanner": "repobility-docker", "fingerprint": "a156242dd27dabfd41467a6d04d8d65419bd4cccb8016c111253565bc443c638", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a156242dd27dabfd41467a6d04d8d65419bd4cccb8016c111253565bc443c638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 54}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 9876, "scanner": "repobility-docker", "fingerprint": "b9926c3f4df26ab1625ac2a8994ca3fb7c22e2c7cd0a9289678697f6424d0bc7", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b9926c3f4df26ab1625ac2a8994ca3fb7c22e2c7cd0a9289678697f6424d0bc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 60}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 9875, "scanner": "repobility-docker", "fingerprint": "05c152ae3beea0fbf677deb401e3872c2c2dfc3c88c66e5b9639d7705a1b833c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "debian:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|05c152ae3beea0fbf677deb401e3872c2c2dfc3c88c66e5b9639d7705a1b833c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 54}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 9874, "scanner": "repobility-docker", "fingerprint": "1d44ec683f63c6dc40b49fd2810cf03cc23228ac4d0efce80507798d38f0e846", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1d44ec683f63c6dc40b49fd2810cf03cc23228ac4d0efce80507798d38f0e846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 9873, "scanner": "repobility-docker", "fingerprint": "83b52730d0f73fad25ca7b5c55b6c8fd17426afc1ca8e2f6955a60bdffa45fa2", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|83b52730d0f73fad25ca7b5c55b6c8fd17426afc1ca8e2f6955a60bdffa45fa2", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 9868, "scanner": "repobility-threat-engine", "fingerprint": "de5158863bae510ed8afde0102c89998dcde38589623e63475b765b25d9b143f", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|object/syncer.go|15|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "object/syncer.go"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 9867, "scanner": "repobility-threat-engine", "fingerprint": "bfd91e32a63f5df2aa13c94f81a610ce14b2215f993f7f216ec77ed4ac6b9f6c", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|object/user.go|67|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "object/user.go"}, "region": {"startLine": 678}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 9866, "scanner": "repobility-threat-engine", "fingerprint": "37473b790fba0fcf044f466c61161698fe02e0ffcc5679147590146bd8b9e8f4", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Low entropy value (-0.0 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|object/organization.go|19|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "object/organization.go"}, "region": {"startLine": 195}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 9861, "scanner": "repobility-agent-runtime", "fingerprint": "95b6b5e05d64f08e3922ac72de583126fc3d04af4df245b7cfe28f63656b22d2", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|95b6b5e05d64f08e3922ac72de583126fc3d04af4df245b7cfe28f63656b22d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/provider/ScanProviderFields.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 9860, "scanner": "repobility-agent-runtime", "fingerprint": "5376fb6b7392394c775cd86bab65df342405b261bb64c23fc6632854b4085e57", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|5376fb6b7392394c775cd86bab65df342405b261bb64c23fc6632854b4085e57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/auth/LoginPage.js"}, "region": {"startLine": 414}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6cd972f5d8ca59ca6bd8bf3d12b399c5c2c57c71c0c82dd0560ae149c0a31f5c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "idp/casdoor.go", "duplicate_line": 95, "correlation_key": "fp|6cd972f5d8ca59ca6bd8bf3d12b399c5c2c57c71c0c82dd0560ae149c0a31f5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "idp/custom.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d0a9ef43c9566cee61691f54037ea80ab5f608ec7ffe6f2c9f5fd392d508d0e7", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "idp/alipay.go", "duplicate_line": 206, "correlation_key": "fp|d0a9ef43c9566cee61691f54037ea80ab5f608ec7ffe6f2c9f5fd392d508d0e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "idp/bilibili.go"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e27d0209f3e6039a6ca1d8d0decc84980be9da4a19342e8b141876da69c5f2b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/group_upload.go", "duplicate_line": 9, "correlation_key": "fp|6e27d0209f3e6039a6ca1d8d0decc84980be9da4a19342e8b141876da69c5f2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/user_upload.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77d21bf2a3497dbbb56cd6e322c8388e573a6afeb3b3a77d11e98fdda7fc0daa", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/order.go", "duplicate_line": 39, "correlation_key": "fp|77d21bf2a3497dbbb56cd6e322c8388e573a6afeb3b3a77d11e98fdda7fc0daa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/transaction.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f7fba558626a3043679ac1c82599276c661451b16ed9315d77d6f7fa86612e87", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/order.go", "duplicate_line": 39, "correlation_key": "fp|f7fba558626a3043679ac1c82599276c661451b16ed9315d77d6f7fa86612e87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/subscription.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d2557f546c627776ac7ad84fbbb70ecadc99f8bd0ac522924eb12968638528a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/scan.go", "duplicate_line": 13, "correlation_key": "fp|6d2557f546c627776ac7ad84fbbb70ecadc99f8bd0ac522924eb12968638528a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/server_sync.go"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9b34d456f5a2ae80cf103d0a02b0b0d9e74e183f68113b3fd52081fe112492a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/group_upload.go", "duplicate_line": 9, "correlation_key": "fp|a9b34d456f5a2ae80cf103d0a02b0b0d9e74e183f68113b3fd52081fe112492a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/role_upload.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd3fd6d12e6ca05b784ad9abe9d31fd05e380cc752255e249d36a4e8c585db30", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/order_pay.go", "duplicate_line": 23, "correlation_key": "fp|dd3fd6d12e6ca05b784ad9abe9d31fd05e380cc752255e249d36a4e8c585db30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/product.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b33c7a57f05dec5ad02bdfb985767428f904ccc086f2c0cb52b15ce66aaf112a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/group_upload.go", "duplicate_line": 9, "correlation_key": "fp|b33c7a57f05dec5ad02bdfb985767428f904ccc086f2c0cb52b15ce66aaf112a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/permission_upload.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55249845c61d00fd9e18bfb8a75fd1dbf95311cc2724689a0a7792b3051c2730", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "controllers/order.go", "duplicate_line": 39, "correlation_key": "fp|55249845c61d00fd9e18bfb8a75fd1dbf95311cc2724689a0a7792b3051c2730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "controllers/payment.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac846a8627d22c4df0f37bb74552e8133cfb20c5b4054b55bd00f26d58cfecce", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "captcha/hcaptcha.go", "duplicate_line": 22, "correlation_key": "fp|ac846a8627d22c4df0f37bb74552e8133cfb20c5b4054b55bd00f26d58cfecce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "captcha/turnstile.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "471c9a9e99aeeb34b4f4710aa3992de5be84e35a5d3f7d047aa70263c6ecb87d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "captcha/hcaptcha.go", "duplicate_line": 22, "correlation_key": "fp|471c9a9e99aeeb34b4f4710aa3992de5be84e35a5d3f7d047aa70263c6ecb87d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "captcha/recaptcha.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 9882, "scanner": "repobility-docker", "fingerprint": "22fdf0f5bf76a4544b2f81adbe4b0618060f3b68cc8dbb3551fc4b0e3d111f70", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "casdoor", "dependency": "db", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|22fdf0f5bf76a4544b2f81adbe4b0618060f3b68cc8dbb3551fc4b0e3d111f70", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 9881, "scanner": "repobility-docker", "fingerprint": "b475622bc6c7ce56787d76ba73adf53e45403f7a8f2512d3760503f86cb3db5f", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "casdoor", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b475622bc6c7ce56787d76ba73adf53e45403f7a8f2512d3760503f86cb3db5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 9880, "scanner": "repobility-docker", "fingerprint": "97dfa280054fe91053c0b8faca2031f5a1f0c150e6a81ab204ad66cc0a0e6cca", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "casdoor", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|97dfa280054fe91053c0b8faca2031f5a1f0c150e6a81ab204ad66cc0a0e6cca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 9879, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 9877, "scanner": "repobility-docker", "fingerprint": "3ffa4d45e011ea5b3c776bf5244cf6e4c10fdc32c50b6235285c6f01aacf9d88", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3ffa4d45e011ea5b3c776bf5244cf6e4c10fdc32c50b6235285c6f01aacf9d88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 61}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 9864, "scanner": "repobility-threat-engine", "fingerprint": "c742eefd5ade91a8851bfe16da466da2f450bf06ed50ea029bb3cbee017baa51", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = session.Rollback(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c742eefd5ade91a8851bfe16da466da2f450bf06ed50ea029bb3cbee017baa51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "object/coupon_apply.go"}, "region": {"startLine": 164}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 9863, "scanner": "repobility-threat-engine", "fingerprint": "4e657b7cb4b4685deb36f033a3cab12399577c8a5fd9c88e9adddf170d8d2bd3", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strings.CutSuffix(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4e657b7cb4b4685deb36f033a3cab12399577c8a5fd9c88e9adddf170d8d2bd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routers/theme_filter.go"}, "region": {"startLine": 90}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 9862, "scanner": "repobility-threat-engine", "fingerprint": "f5e7e603d5e215b8a9778b48e92849f0348048dc3fd7b085784408f7042b3c2b", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = logProvider.Write(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5e7e603d5e215b8a9778b48e92849f0348048dc3fd7b085784408f7042b3c2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "routers/authz_filter.go"}, "region": {"startLine": 427}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9872, "scanner": "repobility-threat-engine", "fingerprint": "08a939395cded37f4aba951a1576b88e65cc01c9e6b3dfde4c0b25d62965ad3c", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|30|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/InvitationListPage.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9871, "scanner": "repobility-threat-engine", "fingerprint": "30481e43843bb144d32de1c2608c7998b2cdd7e7cc5b263306239ca56e59b14c", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|web/src/setting.js|1806|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/Setting.js"}, "region": {"startLine": 1806}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9870, "scanner": "repobility-threat-engine", "fingerprint": "192c797f264c324f2fc41cb5060de9d196e1d65cfc3d1f6ff236a419c27e853f", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|web/src/entrylistpage.js|38|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/src/EntryListPage.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 9869, "scanner": "repobility-threat-engine", "fingerprint": "82ea2fc1d3decdb32b747a07b3079adfb59f77b8f2f94223231300665b2c2712", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|82ea2fc1d3decdb32b747a07b3079adfb59f77b8f2f94223231300665b2c2712"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 9865, "scanner": "repobility-threat-engine", "fingerprint": "961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2"}}}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 9888, "scanner": "repobility-journey-contract", "fingerprint": "b2a6f6774c8dc7a72e52997ca6533975dba60121df8c8066c2bc9c5ef6cb4bd0", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|136|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 0}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web/public/ProviderHintRedirect.js"}, "region": {"startLine": 136}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 9884, "scanner": "repobility-docker", "fingerprint": "4ad92c99b3ce9c8d237dce8413156db57a8d746e2c37cfe2f53a0bdec627e86c", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "3306:3306", "target": "3306", "host_ip": "", "published": "3306"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|4ad92c99b3ce9c8d237dce8413156db57a8d746e2c37cfe2f53a0bdec627e86c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 9883, "scanner": "repobility-docker", "fingerprint": "48216062fdcb7ce5affe8298fb14502178289023684c43aa638ef5fa754d4555", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "db", "variable": "MYSQL_ROOT_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|48216062fdcb7ce5affe8298fb14502178289023684c43aa638ef5fa754d4555", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 17}}}]}]}]}