{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_LARGE_FILES", "name": "Average file size is 685 lines (recommend <300)", "shortDescription": {"text": "Average file size is 685 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `validate_structure` has cognitive complexity 10 (SonarSource scale). Cogn", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `validate_structure` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recu"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves", "shortDescription": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files co"}, "fullDescription": {"text": "Replace with: `uses: actions/download-artifact@<40-char-sha>  # v8` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.requires` used but never assigned in __init__: Method `requirements` of class `sqlite3mc` reads `self.r", "shortDescription": {"text": "[MINED108] `self.requires` used but never assigned in __init__: Method `requirements` of class `sqlite3mc` reads `self.requires`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first"}, "fullDescription": {"text": "Initialize `self.requires = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1099"}, "properties": {"repository": "utelle/SQLite3MultipleCiphers", "repoUrl": "https://github.com/utelle/SQLite3MultipleCiphers", "branch": "main"}, "results": [{"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 685 lines (recommend <300)"}, "properties": {"repobilityId": 108010, "scanner": "repobility-core", "fingerprint": "bd08df1dec789f4e101aab11ec007963164e4093e21bc070877640b5bbb2cf88", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|bd08df1dec789f4e101aab11ec007963164e4093e21bc070877640b5bbb2cf88"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108046, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03ec72bf5a3ae36b4ca35b5ac7759b2f1390ea99bf03101ec47ababb697389b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128x2/aegis128x2_armcrypto.c", "duplicate_line": 6, "correlation_key": "fp|03ec72bf5a3ae36b4ca35b5ac7759b2f1390ea99bf03101ec47ababb697389b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256x2/aegis256x2_armcrypto.c"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108045, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a5a6a6fb67f822da5784fc908c15319a7282ba6e7f8960ce25791027c0fbd2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis256/aegis256_aesni.c", "duplicate_line": 31, "correlation_key": "fp|4a5a6a6fb67f822da5784fc908c15319a7282ba6e7f8960ce25791027c0fbd2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256x2/aegis256x2_altivec.c"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108044, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2839a5f5daf2c0ac76b9b26a0da00abea122ab09d95a07a282412d8e620ef3c8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128x2/aegis128x2_altivec.c", "duplicate_line": 5, "correlation_key": "fp|2839a5f5daf2c0ac76b9b26a0da00abea122ab09d95a07a282412d8e620ef3c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256x2/aegis256x2_altivec.c"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108043, "scanner": "repobility-ai-code-hygiene", "fingerprint": "316c7289f46f966391eadb711a1fbf2d7aec63e73ee69765c4eda7aa4666ea32", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis256/aegis256_aesni.c", "duplicate_line": 31, "correlation_key": "fp|316c7289f46f966391eadb711a1fbf2d7aec63e73ee69765c4eda7aa4666ea32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256x2/aegis256x2_aesni.c"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108042, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ece4b02350cadb63db294ff5dea702e0d437c7cb2d47700b90d72dd448b30131", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128x2/aegis128x2_aesni.c", "duplicate_line": 5, "correlation_key": "fp|ece4b02350cadb63db294ff5dea702e0d437c7cb2d47700b90d72dd448b30131"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256x2/aegis256x2_aesni.c"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108041, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4f4d14cc27bd0075843bd8130692cc0be56fe79e1709bff0fd9b02f8364e566", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis256/aegis256_aesni.c", "duplicate_line": 31, "correlation_key": "fp|f4f4d14cc27bd0075843bd8130692cc0be56fe79e1709bff0fd9b02f8364e566"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_soft.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108040, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ac4257812d29e453639433f188299fbc5d87c979ab555b0d188241ec5aa2910", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_soft.c", "duplicate_line": 2, "correlation_key": "fp|7ac4257812d29e453639433f188299fbc5d87c979ab555b0d188241ec5aa2910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_soft.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108039, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d837b9a46094f2e00e584fd6b59a49b8e7ac06731d4877e0e88317c15b14c8f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128x2/aegis128x2_common.h", "duplicate_line": 362, "correlation_key": "fp|d837b9a46094f2e00e584fd6b59a49b8e7ac06731d4877e0e88317c15b14c8f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_common.h"}, "region": {"startLine": 255}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108038, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bbd4c48b65c620fde78067d01c9f37bc382bf4841a918373be487a5c5dd17bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_common.h", "duplicate_line": 120, "correlation_key": "fp|1bbd4c48b65c620fde78067d01c9f37bc382bf4841a918373be487a5c5dd17bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_common.h"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108037, "scanner": "repobility-ai-code-hygiene", "fingerprint": "531c9c215f22ed3687b4b62b69755d388a094db8102852ba67b65429769930e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis256/aegis256_aesni.c", "duplicate_line": 31, "correlation_key": "fp|531c9c215f22ed3687b4b62b69755d388a094db8102852ba67b65429769930e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_armcrypto.c"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108036, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4ced8e8e5eed844ff922fd3a011150339fe85e006e39aa2fdc46d6d7e97fe6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_armcrypto.c", "duplicate_line": 3, "correlation_key": "fp|c4ced8e8e5eed844ff922fd3a011150339fe85e006e39aa2fdc46d6d7e97fe6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_armcrypto.c"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108035, "scanner": "repobility-ai-code-hygiene", "fingerprint": "779bfdb8a8f0506d54bad399f023103b456c6c6391db11af76fa5d1967b0a5f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis256/aegis256_aesni.c", "duplicate_line": 31, "correlation_key": "fp|779bfdb8a8f0506d54bad399f023103b456c6c6391db11af76fa5d1967b0a5f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_altivec.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108034, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d1d13269fe787ecc07d0520d5fd19c478a6f504ecb4aa55d75b4c2a0387817dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 2, "correlation_key": "fp|d1d13269fe787ecc07d0520d5fd19c478a6f504ecb4aa55d75b4c2a0387817dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_altivec.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108033, "scanner": "repobility-ai-code-hygiene", "fingerprint": "acc42810207c6130664dd6718f1b67ed79a72a9881d9a830c03e1ca6ce679576", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 2, "correlation_key": "fp|acc42810207c6130664dd6718f1b67ed79a72a9881d9a830c03e1ca6ce679576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis256/aegis256_aesni.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108032, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef0f27b5ca069101ee5608c2547be4560f747a03d69a64d36daa0b3309d735f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|ef0f27b5ca069101ee5608c2547be4560f747a03d69a64d36daa0b3309d735f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_soft.c"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108031, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25d156360c53da730fd531c47bb5a894c482ea69ad6538e4044ed59e25a26b98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_common.h", "duplicate_line": 52, "correlation_key": "fp|25d156360c53da730fd531c47bb5a894c482ea69ad6538e4044ed59e25a26b98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_common.h"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108030, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bbeb9e1a4409ae5a0a31ab67a0197da8ebad851bafe0c45d14541b70b83253c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128x2/aegis128x2_common.h", "duplicate_line": 34, "correlation_key": "fp|bbeb9e1a4409ae5a0a31ab67a0197da8ebad851bafe0c45d14541b70b83253c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_common.h"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108029, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d70d9fc715b9ad881ed96f6d11b956ed5a1238716a74384e2f730b5f10221eed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|d70d9fc715b9ad881ed96f6d11b956ed5a1238716a74384e2f730b5f10221eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_avx512.c"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108028, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48d7d0367b0fca1ce9bdc0677285f9a7c76f111c77b5b530bcad2a6b695e9ca4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|48d7d0367b0fca1ce9bdc0677285f9a7c76f111c77b5b530bcad2a6b695e9ca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_avx2.c"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108027, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1da04833380cca013dd69a39abc18648762d2af43120f8b5e171c0dd9ff10e48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 31, "correlation_key": "fp|1da04833380cca013dd69a39abc18648762d2af43120f8b5e171c0dd9ff10e48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_armcrypto.c"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108026, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cef570303ee76d89ffbcc55956207ca46722920fa2e0a3102989db8acbd885b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 31, "correlation_key": "fp|2cef570303ee76d89ffbcc55956207ca46722920fa2e0a3102989db8acbd885b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_altivec.c"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108025, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69cbd65103ec6265496f673ff0f04ff00649125bacc4a67c142adca43571d75e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|69cbd65103ec6265496f673ff0f04ff00649125bacc4a67c142adca43571d75e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x4/aegis128x4_aesni.c"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108024, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4dd9d352bc060539ce9b3f35285f2baee95a06ef4469f5b0323f5b1769681633", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|4dd9d352bc060539ce9b3f35285f2baee95a06ef4469f5b0323f5b1769681633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_soft.c"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108023, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61373cb48da7888d587ea2bcf6bf92ad1daed4cc6036f290e2ebad6b2f7b225d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_common.h", "duplicate_line": 52, "correlation_key": "fp|61373cb48da7888d587ea2bcf6bf92ad1daed4cc6036f290e2ebad6b2f7b225d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_common.h"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108022, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d573c632fbb4a387c8dd20926ddcfa9a6a4b79cf7d29bf33982f025745c9435", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|5d573c632fbb4a387c8dd20926ddcfa9a6a4b79cf7d29bf33982f025745c9435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_avx2.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58b7701d8a68a2eebf876fb8a34bd4b768c564957d36457428f9390d1e71440e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 31, "correlation_key": "fp|58b7701d8a68a2eebf876fb8a34bd4b768c564957d36457428f9390d1e71440e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_armcrypto.c"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3db4c754437f061235fc935a4661a2cc9de5c22d9cd3e2e4e707ed468a5a1c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 31, "correlation_key": "fp|a3db4c754437f061235fc935a4661a2cc9de5c22d9cd3e2e4e707ed468a5a1c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_altivec.c"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108019, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf7d63788856f8ed8da70d4c0e26966843103f298de5bf8e699e7c02f62a0079", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|cf7d63788856f8ed8da70d4c0e26966843103f298de5bf8e699e7c02f62a0079"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128x2/aegis128x2_aesni.c"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31c9f025ecd8aaed3666e78df68ca029666fe70b88fd53222ca4d98c27ccab73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_aesni.c", "duplicate_line": 31, "correlation_key": "fp|31c9f025ecd8aaed3666e78df68ca029666fe70b88fd53222ca4d98c27ccab73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128l/aegis128l_soft.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 108017, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe8da8c9a7060b2235e3ccca0d10f620fac7b6a00490e5c2193a00692d9577d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/aegis/aegis128l/aegis128l_altivec.c", "duplicate_line": 31, "correlation_key": "fp|fe8da8c9a7060b2235e3ccca0d10f620fac7b6a00490e5c2193a00692d9577d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/aegis/aegis128l/aegis128l_armcrypto.c"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 108016, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `validate_structure` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=1, if=3, nested_bonus=4, recursion=1."}, "properties": {"repobilityId": 108011, "scanner": "repobility-threat-engine", "fingerprint": "c6ffb5ceaf7d0860c325477fb9c869f36702723b2364bbbae04f4c8e37e8a7b8", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate_structure", "breakdown": {"if": 3, "for": 1, "elif": 1, "recursion": 1, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|c6ffb5ceaf7d0860c325477fb9c869f36702723b2364bbbae04f4c8e37e8a7b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/validate_config.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 108013, "scanner": "repobility-threat-engine", "fingerprint": "e8e393af3c02854e4165b10b0cc724f33368bbcfcbbad87b39d5f29b1e792794", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8e393af3c02854e4165b10b0cc724f33368bbcfcbbad87b39d5f29b1e792794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/argon2/src/run.c"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108096, "scanner": "repobility-supply-chain", "fingerprint": "5177f2e5cae95b709ea9eee7866e4ce320bcb4644e1219652b4cb760c2d3fcc4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5177f2e5cae95b709ea9eee7866e4ce320bcb4644e1219652b4cb760c2d3fcc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 945}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108095, "scanner": "repobility-supply-chain", "fingerprint": "269286ad2f4a3525f5b202950fb67d2fd0fbb5455acf64a82177a825f3cb903d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|269286ad2f4a3525f5b202950fb67d2fd0fbb5455acf64a82177a825f3cb903d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 892}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108094, "scanner": "repobility-supply-chain", "fingerprint": "653c512967b66bb1af7425f25e96c2fb3de074b69f670fa54fc731eae27fdb30", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|653c512967b66bb1af7425f25e96c2fb3de074b69f670fa54fc731eae27fdb30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 769}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108093, "scanner": "repobility-supply-chain", "fingerprint": "ccdf21917e04ffc7b728951d6823e2b09e1e33921d243d1e4d57f8666de9789b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccdf21917e04ffc7b728951d6823e2b09e1e33921d243d1e4d57f8666de9789b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 745}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108092, "scanner": "repobility-supply-chain", "fingerprint": "79700a1b760f0265bc08f33ab3288c44b370c3e182d21b7948e511fb38634b2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79700a1b760f0265bc08f33ab3288c44b370c3e182d21b7948e511fb38634b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 594}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108091, "scanner": "repobility-supply-chain", "fingerprint": "2dc89255f544752f4b0b6f5d69eba0c24a6aafe3488766774ee3c8c0ab5db2c7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2dc89255f544752f4b0b6f5d69eba0c24a6aafe3488766774ee3c8c0ab5db2c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 580}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108090, "scanner": "repobility-supply-chain", "fingerprint": "b6f1bd82be64a4efdc04f6035d6d19fa6d98e31b4d8f990282711eba2f343c9c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6f1bd82be64a4efdc04f6035d6d19fa6d98e31b4d8f990282711eba2f343c9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 521}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108089, "scanner": "repobility-supply-chain", "fingerprint": "d35ae11fadb07377d9196f4c28ed03ee326f3533c2aa5e973f17702c8a88d9a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d35ae11fadb07377d9196f4c28ed03ee326f3533c2aa5e973f17702c8a88d9a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 456}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v5`: `uses: actions/setup-java@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108088, "scanner": "repobility-supply-chain", "fingerprint": "41960b3a3c705f392dc8169f21c8421f46f74f65bde89b19a65961486c17a398", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41960b3a3c705f392dc8169f21c8421f46f74f65bde89b19a65961486c17a398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108087, "scanner": "repobility-supply-chain", "fingerprint": "f313fe4f085a4e1b3fcfdfe95da4c0a32ec47f845026e3559bfaf82ba19a3c0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f313fe4f085a4e1b3fcfdfe95da4c0a32ec47f845026e3559bfaf82ba19a3c0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 368}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108086, "scanner": "repobility-supply-chain", "fingerprint": "564659151dc94a6f21d92618eb6fd6ee30c40c609e7a5d6fee20bd71172e2752", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|564659151dc94a6f21d92618eb6fd6ee30c40c609e7a5d6fee20bd71172e2752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108085, "scanner": "repobility-supply-chain", "fingerprint": "2f1269550f6d2bb276d86823d49b5fd5bdf732d9e85ee2ed4ea322fde8127f0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2f1269550f6d2bb276d86823d49b5fd5bdf732d9e85ee2ed4ea322fde8127f0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 335}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108084, "scanner": "repobility-supply-chain", "fingerprint": "8385971cb2e59bc4a405d16e9b40ab7d60f72e379585d9a2f501e0f372bda751", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8385971cb2e59bc4a405d16e9b40ab7d60f72e379585d9a2f501e0f372bda751"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108083, "scanner": "repobility-supply-chain", "fingerprint": "4fa7e04fae5b207473c79a192214a894758a03a40f183036516d3a82c7fd5ecf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4fa7e04fae5b207473c79a192214a894758a03a40f183036516d3a82c7fd5ecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108082, "scanner": "repobility-supply-chain", "fingerprint": "b9fd456f4ad1f9a96790ed2d61e9eb50491f36d36f70173737f54f2a1a7e411c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9fd456f4ad1f9a96790ed2d61e9eb50491f36d36f70173737f54f2a1a7e411c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108081, "scanner": "repobility-supply-chain", "fingerprint": "7c7a798e69ed5d7b665a6241c83bcbbfd0d375f409f2325d54695d49a34a35fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c7a798e69ed5d7b665a6241c83bcbbfd0d375f409f2325d54695d49a34a35fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-release.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `uraimo/run-on-arch-action` pinned to mutable ref `@v3`: `uses: uraimo/run-on-arch-action@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108080, "scanner": "repobility-supply-chain", "fingerprint": "a6f137b9bfef0d4702c60f500d1cae66ec684c51dba670d27790dab956315594", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a6f137b9bfef0d4702c60f500d1cae66ec684c51dba670d27790dab956315594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci4sqlite3mc.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108079, "scanner": "repobility-supply-chain", "fingerprint": "e23f64e2805cf2582fc6d0c799de90d37c51fcb388424a608696ca5dec811646", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e23f64e2805cf2582fc6d0c799de90d37c51fcb388424a608696ca5dec811646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci4sqlite3mc.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108078, "scanner": "repobility-supply-chain", "fingerprint": "b558efa13c026894f6e33b2924d6a68ec89a9c2352528f4e70b5e04e9c56995a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b558efa13c026894f6e33b2924d6a68ec89a9c2352528f4e70b5e04e9c56995a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci4sqlite3mc.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `github/codeql-action/analyze` pinned to mutable ref `@v4`: `uses: github/codeql-action/analyze@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108077, "scanner": "repobility-supply-chain", "fingerprint": "d074605417dd57f05f7ee2b021d0f52ab83b49ac51543b2e269f9f72eaac2892", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d074605417dd57f05f7ee2b021d0f52ab83b49ac51543b2e269f9f72eaac2892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `github/codeql-action/init` pinned to mutable ref `@v4`: `uses: github/codeql-action/init@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108076, "scanner": "repobility-supply-chain", "fingerprint": "63c45c31f0067456c11762c510d8a0ba03003c09d4ced79431b7c83ec0dc8f9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63c45c31f0067456c11762c510d8a0ba03003c09d4ced79431b7c83ec0dc8f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108075, "scanner": "repobility-supply-chain", "fingerprint": "44a6f2eb4f7ea0e0fc1d0d2cab5205ed67fd009092abaca9cf84644399a786b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44a6f2eb4f7ea0e0fc1d0d2cab5205ed67fd009092abaca9cf84644399a786b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108074, "scanner": "repobility-supply-chain", "fingerprint": "be060564af19586018b688bac60332d37e5e23d7792f21a9ed107d833710b454", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|be060564af19586018b688bac60332d37e5e23d7792f21a9ed107d833710b454"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-amalgamation.yml"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108073, "scanner": "repobility-supply-chain", "fingerprint": "9b06f62596949e1a25a68edb86f91e6ace297c6cccd2cb38f421eaadd4d6d7a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b06f62596949e1a25a68edb86f91e6ace297c6cccd2cb38f421eaadd4d6d7a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-amalgamation.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 108072, "scanner": "repobility-supply-chain", "fingerprint": "7e594aad1cb976b86aa88610c28ede86372b03f1b29992b29355609b7f91542d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e594aad1cb976b86aa88610c28ede86372b03f1b29992b29355609b7f91542d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/generate-amalgamation.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.requires` used but never assigned in __init__: Method `requirements` of class `sqlite3mc` reads `self.requires`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108071, "scanner": "repobility-ast-engine", "fingerprint": "760b9c2be16bb2d4661d54d5541b8f2518d4fead0a5bab56f1c321a73c842326", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|760b9c2be16bb2d4661d54d5541b8f2518d4fead0a5bab56f1c321a73c842326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conan/all/conanfile.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.requires` used but never assigned in __init__: Method `requirements` of class `sqlite3mc` reads `self.requires`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108070, "scanner": "repobility-ast-engine", "fingerprint": "07c7aa0797d7d05e6a2a07006aa9e6fa12834a880fcd17e1fcd7fc7e509335af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07c7aa0797d7d05e6a2a07006aa9e6fa12834a880fcd17e1fcd7fc7e509335af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conan/all/conanfile.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.conan_data` used but never assigned in __init__: Method `source` of class `sqlite3mc` reads `self.conan_data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108069, "scanner": "repobility-ast-engine", "fingerprint": "6d23a1b23e192d652c3ef174a38d74b2e80eea2129065b4c1b244b6d9bb0b57e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d23a1b23e192d652c3ef174a38d74b2e80eea2129065b4c1b244b6d9bb0b57e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "conan/all/conanfile.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._process_pragma_once` used but never assigned in __init__: Method `_process` of class `TranslationUnit` reads `self._process_pragma_once`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108068, "scanner": "repobility-ast-engine", "fingerprint": "0b11c65595f1889c10c7ffd5373219b0f84d7cb133541158ce090c28836d764d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b11c65595f1889c10c7ffd5373219b0f84d7cb133541158ce090c28836d764d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._process_includes` used but never assigned in __init__: Method `_process` of class `TranslationUnit` reads `self._process_includes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108067, "scanner": "repobility-ast-engine", "fingerprint": "eb3bee427dc11f15f4ed53f8141e1056247d9a304a08b59d46b290458aebc690", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb3bee427dc11f15f4ed53f8141e1056247d9a304a08b59d46b290458aebc690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_within` used but never assigned in __init__: Method `_process_includes` of class `TranslationUnit` reads `self._is_within`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108066, "scanner": "repobility-ast-engine", "fingerprint": "e73566b71e43eebd5191adf03970d50c4adbdef5343181fb44ac77dc5f2883e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e73566b71e43eebd5191adf03970d50c4adbdef5343181fb44ac77dc5f2883e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_skippable_contexts` used but never assigned in __init__: Method `_process_includes` of class `TranslationUnit` reads `self._find_skippable_contexts`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108065, "scanner": "repobility-ast-engine", "fingerprint": "09d71c0dda13a6d2650c8368a0855bb21e6084e418c34c2145d2dda9cd1c55a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09d71c0dda13a6d2650c8368a0855bb21e6084e418c34c2145d2dda9cd1c55a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._is_within` used but never assigned in __init__: Method `_process_pragma_once` of class `TranslationUnit` reads `self._is_within`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108064, "scanner": "repobility-ast-engine", "fingerprint": "50593017775162da0ff900c6b7836dbb0cdb474561e8a1b6e1401326b444f74d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50593017775162da0ff900c6b7836dbb0cdb474561e8a1b6e1401326b444f74d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._find_skippable_contexts` used but never assigned in __init__: Method `_process_pragma_once` of class `TranslationUnit` reads `self._find_skippable_contexts`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108063, "scanner": "repobility-ast-engine", "fingerprint": "3e6c32e649f8b007df5dc8caba35e4f52652b23088a3e4245944d690ae3330fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e6c32e649f8b007df5dc8caba35e4f52652b23088a3e4245944d690ae3330fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._search_content` used but never assigned in __init__: Method `_find_skippable_contexts` of class `TranslationUnit` reads `self._search_content`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108062, "scanner": "repobility-ast-engine", "fingerprint": "0f0d0be9c7226be056e8a5392ab47f573205ccaca25b692cb92bb9df29d29d2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f0d0be9c7226be056e8a5392ab47f573205ccaca25b692cb92bb9df29d29d2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._search_content` used but never assigned in __init__: Method `_find_skippable_contexts` of class `TranslationUnit` reads `self._search_content`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108061, "scanner": "repobility-ast-engine", "fingerprint": "af5cfb78e469f69f6ed870146950ba238098dcaed1b5d851903a4d02c8581bbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af5cfb78e469f69f6ed870146950ba238098dcaed1b5d851903a4d02c8581bbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._search_content` used but never assigned in __init__: Method `_find_skippable_contexts` of class `TranslationUnit` reads `self._search_content`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108060, "scanner": "repobility-ast-engine", "fingerprint": "4a3eaa4cfb4fd630cf4d51a063a893602cb1f95400a8fceab620585569c8e8cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a3eaa4cfb4fd630cf4d51a063a893602cb1f95400a8fceab620585569c8e8cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.sources` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.sources`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108059, "scanner": "repobility-ast-engine", "fingerprint": "80ead777ee81ee7e8f1791aea461f30ae188e7265dd21bd610a1664f103cd02f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80ead777ee81ee7e8f1791aea461f30ae188e7265dd21bd610a1664f103cd02f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exclude_files` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.exclude_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108058, "scanner": "repobility-ast-engine", "fingerprint": "7ee601ddf8b75d1b7074ace5142bcf722ac57c9b5e3b1ca9740561d2b23d9934", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ee601ddf8b75d1b7074ace5142bcf722ac57c9b5e3b1ca9740561d2b23d9934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.force_include` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.force_include`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108057, "scanner": "repobility-ast-engine", "fingerprint": "dd3e7e943b42596cc99f3fa9f792301065bbaaf1561771d5fba6bfa7e7b500d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd3e7e943b42596cc99f3fa9f792301065bbaaf1561771d5fba6bfa7e7b500d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.include_paths` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.include_paths`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108056, "scanner": "repobility-ast-engine", "fingerprint": "9803c9abf7a800708e9830b970b0f48130506794950ee27e9e390e80eb987ab8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9803c9abf7a800708e9830b970b0f48130506794950ee27e9e390e80eb987ab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.target` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.target`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108055, "scanner": "repobility-ast-engine", "fingerprint": "cd73f7e3de4d7511899a8d6b3af0983304e2b4922f6f423c16b9da987d8fa9ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd73f7e3de4d7511899a8d6b3af0983304e2b4922f6f423c16b9da987d8fa9ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.target` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.target`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108054, "scanner": "repobility-ast-engine", "fingerprint": "7a26f126b8608e678f4bf05c363ddb16d585f41073624458d77daf5909fc6738", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a26f126b8608e678f4bf05c363ddb16d585f41073624458d77daf5909fc6738"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.actual_path` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.actual_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108053, "scanner": "repobility-ast-engine", "fingerprint": "2bb0285a5a638191e46ed9818aa32293a7d46dec3f6a61b3e5192610f9711d64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bb0285a5a638191e46ed9818aa32293a7d46dec3f6a61b3e5192610f9711d64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.sources` used but never assigned in __init__: Method `generate` of class `Amalgamation` reads `self.sources`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108052, "scanner": "repobility-ast-engine", "fingerprint": "9554f4b5ad1ab7b40a75b7f3c15172395d46d75375477a343ee131b8ad129bb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9554f4b5ad1ab7b40a75b7f3c15172395d46d75375477a343ee131b8ad129bb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.find_included_file` used but never assigned in __init__: Method `add_excluded_files` of class `Amalgamation` reads `self.find_included_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108051, "scanner": "repobility-ast-engine", "fingerprint": "33a6f8e9a757de0b22483d6548809b809c9e595281fa684655450945dca9b3cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33a6f8e9a757de0b22483d6548809b809c9e595281fa684655450945dca9b3cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exclude_files` used but never assigned in __init__: Method `add_excluded_files` of class `Amalgamation` reads `self.exclude_files`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108050, "scanner": "repobility-ast-engine", "fingerprint": "7ec2bc55651423fa434b397854506d76d6ca6dfc49d4f6887e333ad9eb6e8d32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ec2bc55651423fa434b397854506d76d6ca6dfc49d4f6887e333ad9eb6e8d32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.actual_path` used but never assigned in __init__: Method `find_included_file` of class `Amalgamation` reads `self.actual_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108049, "scanner": "repobility-ast-engine", "fingerprint": "10c7bbfce6322b0892969902a03d524e87c516f049ffd838857a1d0d67e5e49c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10c7bbfce6322b0892969902a03d524e87c516f049ffd838857a1d0d67e5e49c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.actual_path` used but never assigned in __init__: Method `find_included_file` of class `Amalgamation` reads `self.actual_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108048, "scanner": "repobility-ast-engine", "fingerprint": "0ea7a1edf8b49ce5facaefdc4f5f8ad7b56090aff90b5f61794f0529f43ed043", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ea7a1edf8b49ce5facaefdc4f5f8ad7b56090aff90b5f61794f0529f43ed043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.include_paths` used but never assigned in __init__: Method `find_included_file` of class `Amalgamation` reads `self.include_paths`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 108047, "scanner": "repobility-ast-engine", "fingerprint": "864724b96bd8ebb5aaf5ff8759b480ec92e06863e795c10c8115df8bc267a445", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|864724b96bd8ebb5aaf5ff8759b480ec92e06863e795c10c8115df8bc267a445"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/amalgamate.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 108015, "scanner": "repobility-threat-engine", "fingerprint": "ae38d61045261ffea675a6eea4d2ee83753b897114450467bff259d9ec0bcb54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae38d61045261ffea675a6eea4d2ee83753b897114450467bff259d9ec0bcb54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/sha1.c"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 108014, "scanner": "repobility-threat-engine", "fingerprint": "7f39a9056cc809a6b56578a124c5a5f3c8d1f71260b8b5a150a8553ef9863b28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f39a9056cc809a6b56578a124c5a5f3c8d1f71260b8b5a150a8553ef9863b28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codec_algos.c"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 108012, "scanner": "repobility-threat-engine", "fingerprint": "8ce8ebe68d3a890dc15fc7c87dbf091f32c3e63380b6146eb2788d9efeca0b8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "h.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ce8ebe68d3a890dc15fc7c87dbf091f32c3e63380b6146eb2788d9efeca0b8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_sha3.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 108009, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}