{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `update_intrinsics` has cognitive complexity 12 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `update_intrinsics` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 87 more): Same pattern found in 87 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 87 more): Same pattern found in 87 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 367 more): Same pattern found in 367 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 367 more): Same pattern found in 367 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 144 more): Same pattern found in 144 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 144 more): Same pattern found in 144 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 283 more): Same pattern found in 283 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 283 more): Same pattern found in 283 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM ubuntu:22.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `rust:alpine` unpinned: `container/services image: rust:alpine` without `@s", "shortDescription": {"text": "[MINED126] Workflow container/services image `rust:alpine` unpinned: `container/services image: rust:alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain disc"}, "fullDescription": {"text": "Replace with `rust:alpine@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_cargo_miri_multi_target: Test function `test_cargo_miri_multi_target` runs code b", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_cargo_miri_multi_target: Test function `test_cargo_miri_multi_target` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying a"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSynthetic", "shortDescription": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises A"}, "fullDescription": {"text": "Initialize `self.data_ptr = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED002", "name": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check.", "shortDescription": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.ZULIP_API_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.ZULIP_API_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ZULIP_API_TOKEN }` lets a PR from any fork exfiltrate the se"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`", "shortDescription": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import array` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/748"}, "properties": {"repository": "rust-lang/rust", "repoUrl": "https://github.com/rust-lang/rust", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62145, "scanner": "repobility-ast-engine", "fingerprint": "e456bd8976570d5c9e74e52d4285c27cbcb9d212d08ed3e36c7998a927366195", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e456bd8976570d5c9e74e52d4285c27cbcb9d212d08ed3e36c7998a927366195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/lib/smol_str/src/gdb_smolstr_printer.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62144, "scanner": "repobility-ast-engine", "fingerprint": "99819a173e650f05b8047483ec4c3f458d57e1be7840592c32e4f130c088c5a3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99819a173e650f05b8047483ec4c3f458d57e1be7840592c32e4f130c088c5a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/lib/smol_str/src/gdb_smolstr_printer.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62143, "scanner": "repobility-ast-engine", "fingerprint": "f98b3705dcdf80a10687503c144c5cbc292042cd128eecf31c93b80c14ca8861", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f98b3705dcdf80a10687503c144c5cbc292042cd128eecf31c93b80c14ca8861"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/lib/smol_str/src/gdb_smolstr_printer.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62142, "scanner": "repobility-ast-engine", "fingerprint": "1c6301dfea675c9a17f3fa05e06ffa394592e2fdfda3e01bc38e5c8f8bad2eeb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c6301dfea675c9a17f3fa05e06ffa394592e2fdfda3e01bc38e5c8f8bad2eeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/lib/smol_str/src/gdb_smolstr_printer.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62141, "scanner": "repobility-ast-engine", "fingerprint": "bc8f714cab2d2340c1c155bedb09b151cac8fe3793ffaf01047bb41cc1734d54", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc8f714cab2d2340c1c155bedb09b151cac8fe3793ffaf01047bb41cc1734d54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/lib/smol_str/src/gdb_smolstr_printer.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62137, "scanner": "repobility-ast-engine", "fingerprint": "11bad74b1116f316371bb95e8422ed23654365e6545662d8483d574b4f894baf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11bad74b1116f316371bb95e8422ed23654365e6545662d8483d574b4f894baf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_batchmode/runner.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62136, "scanner": "repobility-ast-engine", "fingerprint": "27cf2171f55b1651342da48a4bf5ff7d3728debfb076860430131fd83434b4fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27cf2171f55b1651342da48a4bf5ff7d3728debfb076860430131fd83434b4fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootstrap/bootstrap.py"}, "region": {"startLine": 1406}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62135, "scanner": "repobility-ast-engine", "fingerprint": "ca433062d9fb348385ec0da0c4ce3fb224c6211a23a36862da4e600dacd0d197", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca433062d9fb348385ec0da0c4ce3fb224c6211a23a36862da4e600dacd0d197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootstrap/bootstrap.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62131, "scanner": "repobility-ast-engine", "fingerprint": "747760bdc19275fc4c5066ef9ef241f20a555f71849fba2b9e0599c23b874ac3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|747760bdc19275fc4c5066ef9ef241f20a555f71849fba2b9e0599c23b874ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/gdb_load_rust_pretty_printers.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62130, "scanner": "repobility-ast-engine", "fingerprint": "4d6afea0ea08a1404ec7236f04a83cdee7d172a377d0844435e4095b23cdcc79", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d6afea0ea08a1404ec7236f04a83cdee7d172a377d0844435e4095b23cdcc79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62103, "scanner": "repobility-docker", "fingerprint": "99ee7d65f15826fc49295d35ee1dec9549db8c5c8eba4ce75a19001924770eec", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|99ee7d65f15826fc49295d35ee1dec9549db8c5c8eba4ce75a19001924770eec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/actions/github-release/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 62102, "scanner": "repobility-docker", "fingerprint": "48abb663c576ce611dda3177087209251c7867d5f26106786e3d2d9a73af1a81", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 3 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 3, "correlation_key": "fp|48abb663c576ce611dda3177087209251c7867d5f26106786e3d2d9a73af1a81", "dependency_install_line": 6}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/actions/github-release/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62100, "scanner": "repobility-docker", "fingerprint": "6774460fc4b9fb9a9b3e9f5b701ec36df915081a3f92e8a0fc4cbda05b3234f1", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6774460fc4b9fb9a9b3e9f5b701ec36df915081a3f92e8a0fc4cbda05b3234f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-rust-for-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62099, "scanner": "repobility-docker", "fingerprint": "5ec8b7b17f5ab9b8094f3fc7bdec4a7f9a1e97839c865633234f4f900aba608d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5ec8b7b17f5ab9b8094f3fc7bdec4a7f9a1e97839c865633234f4f900aba608d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-tools/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62098, "scanner": "repobility-docker", "fingerprint": "b6da818713f74c59f224433981b8592a7ca297b74fb0870accbaed18c56581c4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b6da818713f74c59f224433981b8592a7ca297b74fb0870accbaed18c56581c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-nopt/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62097, "scanner": "repobility-docker", "fingerprint": "f3d25dc6c06bc8c6351ffe757a7f7c48e8f8b8d0bd19c255503e3d119b084a11", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f3d25dc6c06bc8c6351ffe757a7f7c48e8f8b8d0bd19c255503e3d119b084a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-miri/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62096, "scanner": "repobility-docker", "fingerprint": "47a3ffcfa0ea7caef530e24bc827355c3cc9368943fba41bcd00b684615afb6a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:26.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|47a3ffcfa0ea7caef530e24bc827355c3cc9368943fba41bcd00b684615afb6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-llvm-22/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62095, "scanner": "repobility-docker", "fingerprint": "9262196bb293c455fd713f21be951c0ce48e7935d0519ca1af60b63d33ee6b4f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9262196bb293c455fd713f21be951c0ce48e7935d0519ca1af60b63d33ee6b4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-llvm-21/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62094, "scanner": "repobility-docker", "fingerprint": "4e34ecbda76c2577578773492ca179b662b9adf68e44c2d1775f1b10b3cdb37c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4e34ecbda76c2577578773492ca179b662b9adf68e44c2d1775f1b10b3cdb37c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-gcc-core-tests/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62093, "scanner": "repobility-docker", "fingerprint": "3cc2127ba8e51a66a7b9957859b517605acbc7dd7120d00888fa32424c738c53", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3cc2127ba8e51a66a7b9957859b517605acbc7dd7120d00888fa32424c738c53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-gcc/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62092, "scanner": "repobility-docker", "fingerprint": "fe4830ba764c2ed06706082f94bb096d5cf3e61bd7a3952a02deae4d6d004c92", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fe4830ba764c2ed06706082f94bb096d5cf3e61bd7a3952a02deae4d6d004c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-distcheck/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62091, "scanner": "repobility-docker", "fingerprint": "696eab320913693d333863c823798e53867234e15d7880ed84ee4d4284cd7eae", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|696eab320913693d333863c823798e53867234e15d7880ed84ee4d4284cd7eae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-debug/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62090, "scanner": "repobility-docker", "fingerprint": "fdc88e1c7020c250bbd34ea569dc03cadd1e98a46b25a698d186931a00493526", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fdc88e1c7020c250bbd34ea569dc03cadd1e98a46b25a698d186931a00493526"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu-aux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62089, "scanner": "repobility-docker", "fingerprint": "e2ab598ddd615c4adca0ada3599c7dcbf42067480cd98db717a9c73a8eb32659", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e2ab598ddd615c4adca0ada3599c7dcbf42067480cd98db717a9c73a8eb32659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62088, "scanner": "repobility-docker", "fingerprint": "193f5dbcfac4023acb7cb9965bb271364fa27af58b3dc1902b68713b4d46ae53", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|193f5dbcfac4023acb7cb9965bb271364fa27af58b3dc1902b68713b4d46ae53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-fuchsia/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62087, "scanner": "repobility-docker", "fingerprint": "2d33a9c598c795c648eeddab093e5e6b6e80b529698020c8a478c886527868c8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2d33a9c598c795c648eeddab093e5e6b6e80b529698020c8a478c886527868c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/tidy/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62086, "scanner": "repobility-docker", "fingerprint": "d368b2ad84012ca13b1c82cb16e367a08b8514dd76834c5bb2a5c3bd1d9e409b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d368b2ad84012ca13b1c82cb16e367a08b8514dd76834c5bb2a5c3bd1d9e409b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/test-various/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62085, "scanner": "repobility-docker", "fingerprint": "929c7edf51095ddcc85335a5491e1b13fd9008357cd759966c24894d7032f03b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|929c7edf51095ddcc85335a5491e1b13fd9008357cd759966c24894d7032f03b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/pr-check-2/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62084, "scanner": "repobility-docker", "fingerprint": "f693f1fcec22efa299b9e538f1a2f00448164a1fc10d3e4fce2990bab1adaa1a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f693f1fcec22efa299b9e538f1a2f00448164a1fc10d3e4fce2990bab1adaa1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/pr-check-1/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62083, "scanner": "repobility-docker", "fingerprint": "d9bd40ffbcd304c9f3ac07fcc769cc8ea98daa39e3db9ba54cf87573ba3fc692", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d9bd40ffbcd304c9f3ac07fcc769cc8ea98daa39e3db9ba54cf87573ba3fc692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/optional-x86_64-gnu-parallel-frontend/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62082, "scanner": "repobility-docker", "fingerprint": "7034dcfb688c4f8f3a607d7bfa31d820fa6266d3d7d47170d764ebe56f1cad59", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7034dcfb688c4f8f3a607d7bfa31d820fa6266d3d7d47170d764ebe56f1cad59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/i686-gnu-nopt/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62081, "scanner": "repobility-docker", "fingerprint": "7af9c4b45f2261d9b52f3b656018504d2919236f0c62b45224392e8de331705e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7af9c4b45f2261d9b52f3b656018504d2919236f0c62b45224392e8de331705e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/i686-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62080, "scanner": "repobility-docker", "fingerprint": "95a6e7851dc6b90a7cd9018f129e199c5dde52a46d02af6a413854265ca5e1db", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|95a6e7851dc6b90a7cd9018f129e199c5dde52a46d02af6a413854265ca5e1db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-solaris/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62079, "scanner": "repobility-docker", "fingerprint": "031496ced9092dadd9e0cddeaf5673840bff7de548c3d69c64e28da98bcee20d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|031496ced9092dadd9e0cddeaf5673840bff7de548c3d69c64e28da98bcee20d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-netbsd/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62077, "scanner": "repobility-docker", "fingerprint": "3a8ae38bfac0eb4ecebf92701efc33e81625395f5b010aae06eb9bf9501243df", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3a8ae38bfac0eb4ecebf92701efc33e81625395f5b010aae06eb9bf9501243df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62076, "scanner": "repobility-docker", "fingerprint": "6df09b3261d14ce987d785b3868671cd0ec66ae2b00c4481c38660809fdc467f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/centos:7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6df09b3261d14ce987d785b3868671cd0ec66ae2b00c4481c38660809fdc467f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-linux/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62075, "scanner": "repobility-docker", "fingerprint": "b27e2246805e707ff4584f704f0f70c4ba6a99739cf3116f695dde9fbb48c528", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:18.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b27e2246805e707ff4584f704f0f70c4ba6a99739cf3116f695dde9fbb48c528"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-illumos/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62074, "scanner": "repobility-docker", "fingerprint": "a8fad9e1ed83f27f2419f66f51eb6360198b5b1f249a9add626dd100a690a48d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a8fad9e1ed83f27f2419f66f51eb6360198b5b1f249a9add626dd100a690a48d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-freebsd/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62073, "scanner": "repobility-docker", "fingerprint": "04066344a1f0fcb25b96af07e393caae2b225ae96b616aa8d91a7b20fb89174a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|04066344a1f0fcb25b96af07e393caae2b225ae96b616aa8d91a7b20fb89174a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-various-2/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62071, "scanner": "repobility-docker", "fingerprint": "0a758c1e48b244f39c3122354e73dcba360a67f4241b71bcea450e91e581274b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0a758c1e48b244f39c3122354e73dcba360a67f4241b71bcea450e91e581274b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-various-1/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62069, "scanner": "repobility-docker", "fingerprint": "732575d26ee0007e70b00a40a5aa67dc9b46e9bd7ce8cffa7aae222ad2980376", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|732575d26ee0007e70b00a40a5aa67dc9b46e9bd7ce8cffa7aae222ad2980376"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-sparcv9-solaris/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62068, "scanner": "repobility-docker", "fingerprint": "cf1fe7c972fa6a7c69c5859e1d8c047fc1cdc108fcaf7be2f05b08911aab1d8f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cf1fe7c972fa6a7c69c5859e1d8c047fc1cdc108fcaf7be2f05b08911aab1d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-s390x-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62067, "scanner": "repobility-docker", "fingerprint": "29b67202a3cd4578a038a1afbf50553845df080ae0da0dcadacc87b8e850c86b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|29b67202a3cd4578a038a1afbf50553845df080ae0da0dcadacc87b8e850c86b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-riscv64-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62066, "scanner": "repobility-docker", "fingerprint": "0695a218d8ac14a386631ca204da90417db54123199c051a8b0393d55d3fa3e6", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0695a218d8ac14a386631ca204da90417db54123199c051a8b0393d55d3fa3e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-powerpc64le-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62065, "scanner": "repobility-docker", "fingerprint": "915babde42816d93d565aec1c6665d60ab5ce3727dfc37a47bdca889bb8e616b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|915babde42816d93d565aec1c6665d60ab5ce3727dfc37a47bdca889bb8e616b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-powerpc64le-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62064, "scanner": "repobility-docker", "fingerprint": "5dc0bad04e7163ee6cbe42b1be4603a61fdec0e8c56749ae408f4d2b80f66c63", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5dc0bad04e7163ee6cbe42b1be4603a61fdec0e8c56749ae408f4d2b80f66c63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-powerpc64-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62063, "scanner": "repobility-docker", "fingerprint": "97f4b5174a83706755333d1f9929fc4261a9968fc7c7e0ec50c310c998eed5e3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|97f4b5174a83706755333d1f9929fc4261a9968fc7c7e0ec50c310c998eed5e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-powerpc64-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62062, "scanner": "repobility-docker", "fingerprint": "59c58094bd76869b2544c33adddaf8a33417e8142b1063cbb015778347b31d20", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|59c58094bd76869b2544c33adddaf8a33417e8142b1063cbb015778347b31d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-powerpc-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62061, "scanner": "repobility-docker", "fingerprint": "297360d5e02535d521f2d7487b651f47ecb10fb127ec7767cfe76f2abc0331cd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|297360d5e02535d521f2d7487b651f47ecb10fb127ec7767cfe76f2abc0331cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-ohos-x86_64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62060, "scanner": "repobility-docker", "fingerprint": "cf027d6c9c308f10ea8fc86afbe008c5a3af40498f5db39681de2014c14b8258", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cf027d6c9c308f10ea8fc86afbe008c5a3af40498f5db39681de2014c14b8258"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-ohos-armv7/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62059, "scanner": "repobility-docker", "fingerprint": "71012d0f3814d93254464372a02622189c93e2bcac5234166b3a4ac449b86c7c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|71012d0f3814d93254464372a02622189c93e2bcac5234166b3a4ac449b86c7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-ohos-aarch64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62058, "scanner": "repobility-docker", "fingerprint": "0b8ee79c16bd39a1e6cd4a9f7a87d09d87f79e569ebaf48b03262e0f8a09bb67", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0b8ee79c16bd39a1e6cd4a9f7a87d09d87f79e569ebaf48b03262e0f8a09bb67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-mipsel-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62057, "scanner": "repobility-docker", "fingerprint": "7ad5778f2e50404b80e4f626ad824692240f767225c3e2f40d4b1ba9e2d72488", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ad5778f2e50404b80e4f626ad824692240f767225c3e2f40d4b1ba9e2d72488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-mips64el-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62056, "scanner": "repobility-docker", "fingerprint": "cede3ed4a2168e4f75011836ae367ea572d002931dfa9df2084fad50d2d649e5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cede3ed4a2168e4f75011836ae367ea572d002931dfa9df2084fad50d2d649e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-mips64-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62055, "scanner": "repobility-docker", "fingerprint": "aae29649d446eec0a3fa7df0472402c43d923a130eee42905c8c17948a2c44b3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|aae29649d446eec0a3fa7df0472402c43d923a130eee42905c8c17948a2c44b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-mips-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62054, "scanner": "repobility-docker", "fingerprint": "95f850e661543c323894127f42d76824f7b3ad86369811cf1a6d1cf4304eb64a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|95f850e661543c323894127f42d76824f7b3ad86369811cf1a6d1cf4304eb64a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-loongarch64-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62053, "scanner": "repobility-docker", "fingerprint": "b691bc4cebd8a403004d56c118d30e418e79beded19ce23c423239324dc0aab6", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b691bc4cebd8a403004d56c118d30e418e79beded19ce23c423239324dc0aab6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-loongarch64-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62052, "scanner": "repobility-docker", "fingerprint": "4e75057652a99918de3683d1184e815cd2426a9a8f6d47dbbd71155504d0754b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "centos:7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4e75057652a99918de3683d1184e815cd2426a9a8f6d47dbbd71155504d0754b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-i686-linux/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62051, "scanner": "repobility-docker", "fingerprint": "decca1b84dd2baaefc85815b0878e076c2aa3bdafe29247e85b5ada3f05bfe2e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|decca1b84dd2baaefc85815b0878e076c2aa3bdafe29247e85b5ada3f05bfe2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-i586-gnu-i586-i686-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62049, "scanner": "repobility-docker", "fingerprint": "687a039ea8517d6b2d3f9f106dc65d80146251c7c89f2e7719e070d32807601a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|687a039ea8517d6b2d3f9f106dc65d80146251c7c89f2e7719e070d32807601a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-armv7-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62048, "scanner": "repobility-docker", "fingerprint": "7bb6ded9ef82fffb96e19cedb0660b2ed82332fb0dc859dce2122191e7e38afb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7bb6ded9ef82fffb96e19cedb0660b2ed82332fb0dc859dce2122191e7e38afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-armhf-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62047, "scanner": "repobility-docker", "fingerprint": "678a41ccd38f069fd844bdd212402ba043826c4c18b91624cb3f23c80d2396c2", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|678a41ccd38f069fd844bdd212402ba043826c4c18b91624cb3f23c80d2396c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-arm-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62046, "scanner": "repobility-docker", "fingerprint": "15fb63de724a207115fed314a4499afa7ecf443c01d37371de31dfecbf2b3245", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/rust-lang/ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|15fb63de724a207115fed314a4499afa7ecf443c01d37371de31dfecbf2b3245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-arm-linux-gnueabi/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62045, "scanner": "repobility-docker", "fingerprint": "18ac567e3e8c60639942001470daa6fc6a7b79079885db4e755c8750a141a4b3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|18ac567e3e8c60639942001470daa6fc6a7b79079885db4e755c8750a141a4b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62044, "scanner": "repobility-docker", "fingerprint": "ace02ca91167cf09d6fc8b80d941a056960a58292cf8a162fa1b3561d1458c96", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ace02ca91167cf09d6fc8b80d941a056960a58292cf8a162fa1b3561d1458c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/riscv64gc-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62042, "scanner": "repobility-docker", "fingerprint": "7afd4dd2f9c20015bc25d96d172a8627e3e5fc1e61d03f5e8a9e704d918137dd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7afd4dd2f9c20015bc25d96d172a8627e3e5fc1e61d03f5e8a9e704d918137dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-redox/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62041, "scanner": "repobility-docker", "fingerprint": "5685c20e86441913a841f3d0ef5b45452a3652cd4354effec42d49953ef81880", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5685c20e86441913a841f3d0ef5b45452a3652cd4354effec42d49953ef81880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-haiku/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62039, "scanner": "repobility-docker", "fingerprint": "0b6e3f501a2f80818a884bbb68ad478b93d55ae907db1375574801af12d03c67", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0b6e3f501a2f80818a884bbb68ad478b93d55ae907db1375574801af12d03c67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-dragonfly/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62037, "scanner": "repobility-docker", "fingerprint": "76068d713ec91713cfe82b86acd62e13c7dbd2c113f8a0b0e7c1cf8fdcf8353c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|76068d713ec91713cfe82b86acd62e13c7dbd2c113f8a0b0e7c1cf8fdcf8353c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62036, "scanner": "repobility-docker", "fingerprint": "e847066c8ebcc00d89ec9d0d182bc935bb8c47ba5a6ca94cb5196a5eadbf6dbf", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e847066c8ebcc00d89ec9d0d182bc935bb8c47ba5a6ca94cb5196a5eadbf6dbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-sparc64-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62034, "scanner": "repobility-docker", "fingerprint": "5fed778be71f85b01924434179a0fd3fabbc0a9be98b4cf40e335e2d011308b8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5fed778be71f85b01924434179a0fd3fabbc0a9be98b4cf40e335e2d011308b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-powerpcspe-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62032, "scanner": "repobility-docker", "fingerprint": "67f8b848414bfe8d3fb9e326776c9b30909c0330ac75c2f09a0162226ec3fc21", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|67f8b848414bfe8d3fb9e326776c9b30909c0330ac75c2f09a0162226ec3fc21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-m68k-linux/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62030, "scanner": "repobility-docker", "fingerprint": "fb9e6d433589bb29790e6974fee2b521f7b07dbd78b9e5c8002be62aef6a70d0", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fb9e6d433589bb29790e6974fee2b521f7b07dbd78b9e5c8002be62aef6a70d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-i686-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62029, "scanner": "repobility-docker", "fingerprint": "e949fcde45f7c2bb95809e7cf3265adad0ccae864711040e3641e9f2f99a2920", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e949fcde45f7c2bb95809e7cf3265adad0ccae864711040e3641e9f2f99a2920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-armv7-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62028, "scanner": "repobility-docker", "fingerprint": "ebcc69e705afdbc04589dd5215b90c34f101543925508bac83c2fb08f276ad2e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:16.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ebcc69e705afdbc04589dd5215b90c34f101543925508bac83c2fb08f276ad2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-aarch64-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62027, "scanner": "repobility-docker", "fingerprint": "b03e2dac3c558fc4e60f101e9e7c75a6d0435782268b2df26faea8215fb30ead", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b03e2dac3c558fc4e60f101e9e7c75a6d0435782268b2df26faea8215fb30ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/armhf-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62025, "scanner": "repobility-docker", "fingerprint": "202e92edf32703427331e03ecffde7b6de8ed752d983ea63b192236e36a96416", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|202e92edf32703427331e03ecffde7b6de8ed752d983ea63b192236e36a96416"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/arm-android/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62023, "scanner": "repobility-docker", "fingerprint": "89f63e98d275e01ffed6d6d8f04191f2dad0f2717ae8e1d5af436dbd3d5f912f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "centos:7", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|89f63e98d275e01ffed6d6d8f04191f2dad0f2717ae8e1d5af436dbd3d5f912f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-aarch64/dist-aarch64-linux/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62022, "scanner": "repobility-docker", "fingerprint": "edd5e951dc112cad1f9e958a1d73f43c63c74af08e3e5c09f3744c07b8106987", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:26.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|edd5e951dc112cad1f9e958a1d73f43c63c74af08e3e5c09f3744c07b8106987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-aarch64/dist-aarch64-freebsd/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62021, "scanner": "repobility-docker", "fingerprint": "479a0de87702d5fbb2e34b09aa559a919bc31ffa81f2af4c45b7cf6da246abb7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|479a0de87702d5fbb2e34b09aa559a919bc31ffa81f2af4c45b7cf6da246abb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-aarch64/aarch64-gnu-llvm-21/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62020, "scanner": "repobility-docker", "fingerprint": "fd9863038b53f84cca05c146259c4d9cf75eea3427028dc72ec2882e8f5227b7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|fd9863038b53f84cca05c146259c4d9cf75eea3427028dc72ec2882e8f5227b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-aarch64/aarch64-gnu-debug/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62019, "scanner": "repobility-docker", "fingerprint": "8d7cf6a7e08c23cd947dd87fc03c8425c54e0510d37f911c41383313f817814a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8d7cf6a7e08c23cd947dd87fc03c8425c54e0510d37f911c41383313f817814a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-aarch64/aarch64-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62018, "scanner": "repobility-docker", "fingerprint": "d737ff854d310edd6d0f4272246dc7a962660dc0669a87dd4a2cc9a69a230574", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d737ff854d310edd6d0f4272246dc7a962660dc0669a87dd4a2cc9a69a230574"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62015, "scanner": "repobility-docker", "fingerprint": "c9c0a50adc785bd4590e9b30c6e72c0c1ead4ddb50a0f559bc7749230acdd4ef", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c9c0a50adc785bd4590e9b30c6e72c0c1ead4ddb50a0f559bc7749230acdd4ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/wasm32-wasip1/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62013, "scanner": "repobility-docker", "fingerprint": "0b70c002d37f7f18c792abc118f12b9ae6239b77186f6fb14248d031056afaaf", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0b70c002d37f7f18c792abc118f12b9ae6239b77186f6fb14248d031056afaaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/s390x-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62011, "scanner": "repobility-docker", "fingerprint": "8ba6e5db8ee84f577bf88400cf1baf0e4e6d5c5f64703239560cd31dc0fe7092", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8ba6e5db8ee84f577bf88400cf1baf0e4e6d5c5f64703239560cd31dc0fe7092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62009, "scanner": "repobility-docker", "fingerprint": "6f5d8a44355c0d391624cf3aa98d79ca6d6931158fbb89d266a33ce4e2f5c313", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6f5d8a44355c0d391624cf3aa98d79ca6d6931158fbb89d266a33ce4e2f5c313"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv32gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62007, "scanner": "repobility-docker", "fingerprint": "01f0dd1c315b1db797aa7aace568b79ed920913433584f080788e8c9d3eede85", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|01f0dd1c315b1db797aa7aace568b79ed920913433584f080788e8c9d3eede85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62005, "scanner": "repobility-docker", "fingerprint": "b4cb35c80d67fe76e0d38120f41d9ec8b53740ae61cf063b901ab4c31cc8490e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b4cb35c80d67fe76e0d38120f41d9ec8b53740ae61cf063b901ab4c31cc8490e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62003, "scanner": "repobility-docker", "fingerprint": "871d629d04f6de757d078aeae599ebf791aaebd923119fd4ff9e07eebdf20afa", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|871d629d04f6de757d078aeae599ebf791aaebd923119fd4ff9e07eebdf20afa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62001, "scanner": "repobility-docker", "fingerprint": "526f61bb8ae53916038cc7a2a00079b4ac3387514146dbaaf42abc22be45745a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|526f61bb8ae53916038cc7a2a00079b4ac3387514146dbaaf42abc22be45745a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/nvptx64-nvidia-cuda/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61999, "scanner": "repobility-docker", "fingerprint": "c88cd1a3eb5a68a63ff63eec2e965b8657c28f9e0b5e685e2e5457a575a01174", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c88cd1a3eb5a68a63ff63eec2e965b8657c28f9e0b5e685e2e5457a575a01174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mipsel-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61997, "scanner": "repobility-docker", "fingerprint": "32fcf5953c97245301e53e0fb98b2a58f36f8aeb7549f104001120dbd6ed4040", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|32fcf5953c97245301e53e0fb98b2a58f36f8aeb7549f104001120dbd6ed4040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61995, "scanner": "repobility-docker", "fingerprint": "2e51af229acc92feed8c272cc22e8e6a4fe3967d15223ef311b981ab4cb4b293", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2e51af229acc92feed8c272cc22e8e6a4fe3967d15223ef311b981ab4cb4b293"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61993, "scanner": "repobility-docker", "fingerprint": "c88eb0a60f734635246eb7be22be457af715a660ece00a6477ca1a101938ced2", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c88eb0a60f734635246eb7be22be457af715a660ece00a6477ca1a101938ced2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61991, "scanner": "repobility-docker", "fingerprint": "21a0d40e9f3653278c18d016d12cd0367c4b21f25954a696edb5b773243937ef", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|21a0d40e9f3653278c18d016d12cd0367c4b21f25954a696edb5b773243937ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61989, "scanner": "repobility-docker", "fingerprint": "53b3efaba347e4cd5453d0aff54bd5c6a3e5899df5d71fb4e8e2ced9111a4f06", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|53b3efaba347e4cd5453d0aff54bd5c6a3e5899df5d71fb4e8e2ced9111a4f06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61987, "scanner": "repobility-docker", "fingerprint": "a73b32fa3678695fe718675b56877f927996fb23d93e3d1e8643d4d439c45c6f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a73b32fa3678695fe718675b56877f927996fb23d93e3d1e8643d4d439c45c6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61985, "scanner": "repobility-docker", "fingerprint": "75c3c252dea4365195527cd603cc19db8592a61f82229ad6ebf6ba3793a6ef05", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|75c3c252dea4365195527cd603cc19db8592a61f82229ad6ebf6ba3793a6ef05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/hexagon-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61983, "scanner": "repobility-docker", "fingerprint": "9204b5acd5e59ebd12754dac1f36b5b8355a79bf8fd042fdc0f97f3cb0dcac7f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9204b5acd5e59ebd12754dac1f36b5b8355a79bf8fd042fdc0f97f3cb0dcac7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61981, "scanner": "repobility-docker", "fingerprint": "bd439cd1c3e72d18daecf94026593484591772f2078da34300ba81a1175841e4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bd439cd1c3e72d18daecf94026593484591772f2078da34300ba81a1175841e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61979, "scanner": "repobility-docker", "fingerprint": "d4e6527f5e16897f434b1eddeaba49413a21966ddf158b1874b53d28adfdf4a7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d4e6527f5e16897f434b1eddeaba49413a21966ddf158b1874b53d28adfdf4a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/amdgcn-amd-amdhsa/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61977, "scanner": "repobility-docker", "fingerprint": "9bb67156f5a241279dc5be13a0d7a8e2b09556e4902e39866079fe4ee84566cd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9bb67156f5a241279dc5be13a0d7a8e2b09556e4902e39866079fe4ee84566cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64_be-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61975, "scanner": "repobility-docker", "fingerprint": "58499ddcfb03919b2cfe501a4189da2020e1b1c1adfe666ef680dd5ea20e95ed", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:25.10", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|58499ddcfb03919b2cfe501a4189da2020e1b1c1adfe666ef680dd5ea20e95ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61973, "scanner": "repobility-docker", "fingerprint": "5255f073f42c721e6fb616096c61b65f007da83b17859a634ce543a5eb45d434", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5255f073f42c721e6fb616096c61b65f007da83b17859a634ce543a5eb45d434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61970, "scanner": "repobility-docker", "fingerprint": "5145c45a4a7956e0429713656396d766d5321e94eb7d0166bd909930fc9a991b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5145c45a4a7956e0429713656396d766d5321e94eb7d0166bd909930fc9a991b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/wasm32-unknown-unknown/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61967, "scanner": "repobility-docker", "fingerprint": "0ad065720243a04e4c3ca85bc8d2d71b3b5ec5be06357c5683b42c857620d830", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0ad065720243a04e4c3ca85bc8d2d71b3b5ec5be06357c5683b42c857620d830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7m-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61964, "scanner": "repobility-docker", "fingerprint": "34ecd02361757c4f6e075bea74990d0b83e8b31cffe8b6bd8bed6e10b24244ce", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|34ecd02361757c4f6e075bea74990d0b83e8b31cffe8b6bd8bed6e10b24244ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61961, "scanner": "repobility-docker", "fingerprint": "99e19b4231dff08d27c6695cdbe77418256a6eac524f4ca1dde257719d1dd0e9", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|99e19b4231dff08d27c6695cdbe77418256a6eac524f4ca1dde257719d1dd0e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61958, "scanner": "repobility-docker", "fingerprint": "3467ee4a082d6a09891a90cd15b04387a8b418552717fa39a6a11075995b9277", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3467ee4a082d6a09891a90cd15b04387a8b418552717fa39a6a11075995b9277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv6m-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61955, "scanner": "repobility-docker", "fingerprint": "cea02349a8edd76ab98f62cb38e23abcf3de5d78cabc1f9019b0c64a83e02abf", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cea02349a8edd76ab98f62cb38e23abcf3de5d78cabc1f9019b0c64a83e02abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61952, "scanner": "repobility-docker", "fingerprint": "68569ae8461a36be01c320abde460a08a0e9305b1e2e64b701f3bf97ad2774cd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|68569ae8461a36be01c320abde460a08a0e9305b1e2e64b701f3bf97ad2774cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61949, "scanner": "repobility-docker", "fingerprint": "84d75d1255cb3b598ef504ea78948dd90716c9add53b0225e845792250075715", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|84d75d1255cb3b598ef504ea78948dd90716c9add53b0225e845792250075715"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61946, "scanner": "repobility-docker", "fingerprint": "ee066f806a5587de02a86b2551df79ebb5d90263dd85e8da15459fabb4057c7c", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ee066f806a5587de02a86b2551df79ebb5d90263dd85e8da15459fabb4057c7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61943, "scanner": "repobility-docker", "fingerprint": "8cfd6a19cd6db725bad23ef7baeec99b6b8aa7bcd8806dfb2afb3845548bc4af", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8cfd6a19cd6db725bad23ef7baeec99b6b8aa7bcd8806dfb2afb3845548bc4af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mipsel-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61940, "scanner": "repobility-docker", "fingerprint": "a1de090237d0b6ec53eead9a8639de90d8dea614b935cb89acfcb61ec990978f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a1de090237d0b6ec53eead9a8639de90d8dea614b935cb89acfcb61ec990978f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61937, "scanner": "repobility-docker", "fingerprint": "e63700e64df9b6a7aaae23ef86a97836b193fe8383aa2f0fb4d16447dca86bf2", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e63700e64df9b6a7aaae23ef86a97836b193fe8383aa2f0fb4d16447dca86bf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61934, "scanner": "repobility-docker", "fingerprint": "d6b23f4ed85f7bdbda7c04efff023c9c9ef03c99424a62a9144dc4178a6017de", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d6b23f4ed85f7bdbda7c04efff023c9c9ef03c99424a62a9144dc4178a6017de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61931, "scanner": "repobility-docker", "fingerprint": "50ee9163da27a4f297be897dc88eb3a94cbf730565709c09d53b6f86b480bb04", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|50ee9163da27a4f297be897dc88eb3a94cbf730565709c09d53b6f86b480bb04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61928, "scanner": "repobility-docker", "fingerprint": "959a493acdd1b7a2c5a9fe2058919226db3f03c3859d65d56058e9bb80f66d86", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|959a493acdd1b7a2c5a9fe2058919226db3f03c3859d65d56058e9bb80f66d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61925, "scanner": "repobility-docker", "fingerprint": "cb21173182cd89fd09c6d2c4b269465f49c224ebaa9c834dd814915186c144c1", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cb21173182cd89fd09c6d2c4b269465f49c224ebaa9c834dd814915186c144c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61922, "scanner": "repobility-docker", "fingerprint": "36fc73bed354a71d387ae54e2fb158cad12b896ed25e0994bdee08b762d1c608", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|36fc73bed354a71d387ae54e2fb158cad12b896ed25e0994bdee08b762d1c608"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61919, "scanner": "repobility-docker", "fingerprint": "764070404d237cafc6914264d710d017c975222379caf46deb1832381de49017", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|764070404d237cafc6914264d710d017c975222379caf46deb1832381de49017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61916, "scanner": "repobility-docker", "fingerprint": "f3432ab815e4bfafd08369829ce91edb2359dd30f613a523e652824d29763918", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f3432ab815e4bfafd08369829ce91edb2359dd30f613a523e652824d29763918"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 61913, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 61912, "scanner": "repobility-docker", "fingerprint": "c420825d4ac9a5123bc078bfccd6e13707abee4be9bb7efc2fa04782ada95267", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$IMAGE", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c420825d4ac9a5123bc078bfccd6e13707abee4be9bb7efc2fa04782ada95267"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 61908, "scanner": "repobility-agent-runtime", "fingerprint": "51b7e819a7faf96acfaba51e4fc42da9896c32c7848bed3cf21d64d269e44fdb", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|51b7e819a7faf96acfaba51e4fc42da9896c32c7848bed3cf21d64d269e44fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/portable-simd/.github/workflows/ci.yml"}, "region": {"startLine": 167}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa912d48b016dd651db30a89a19f9a1035bd92e12baf334593b53e2bb3a0ab7f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|fa912d48b016dd651db30a89a19f9a1035bd92e12baf334593b53e2bb3a0ab7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/pattern/bindings-after-at/bind-by-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f311b64dd0d07670c61b82604a715f53089bdd837724257ae6f36e9aece578c8", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|f311b64dd0d07670c61b82604a715f53089bdd837724257ae6f36e9aece578c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/numeric/uppercase-base-prefix-invalid-no-fix.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e8a3e1f25f2c349ed05223c8f54786175629ad9777b452f3f359920ca658711", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1e8a3e1f25f2c349ed05223c8f54786175629ad9777b452f3f359920ca658711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/numeric/numeric-cast-no-fix.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebbb889a23b1af4e1e7afd1376e01dde70ee3cc77f5603ee0fbc7b3b293143c6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ebbb889a23b1af4e1e7afd1376e01dde70ee3cc77f5603ee0fbc7b3b293143c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/nll/decl-macro-illegal-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb9915545bf05f8bca15af9a6f26e193498f800fa046989ede920de0e2c34187", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "temp", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|cb9915545bf05f8bca15af9a6f26e193498f800fa046989ede920de0e2c34187"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/mir/thir-constparam-temp.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "98d6380bfdc99cb23d3426fc481f16f8338d6f2ad6988a009d9c63bbc76b880f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|98d6380bfdc99cb23d3426fc481f16f8338d6f2ad6988a009d9c63bbc76b880f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/lint/lint-invalid-atomic-ordering-update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30d93df128d03a889bfa7faabd9f6f801318931bdcaa9086f5333c15c2aa117e", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|30d93df128d03a889bfa7faabd9f6f801318931bdcaa9086f5333c15c2aa117e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/lint/forgetting_references-can-fixed.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a89af8faa8394ffc97cddaec157dd8ecffeb2c8e16ccf80179e28d52e9a83423", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|a89af8faa8394ffc97cddaec157dd8ecffeb2c8e16ccf80179e28d52e9a83423"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/lint/forgetting_copy_types-can-fixed.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c09537ae00f62af7d1dffd4c657b248e830e6abf131f67ce6c3d0b7be8c98e74", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c09537ae00f62af7d1dffd4c657b248e830e6abf131f67ce6c3d0b7be8c98e74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/lint/dropping_references-can-fixed.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e3b509f3e5424a75e282993ad19b34dd9362e0284bc2db2b92626de37953a11", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6e3b509f3e5424a75e282993ad19b34dd9362e0284bc2db2b92626de37953a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/let-else/let-else-non-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba5971ac6e908226d3663a47f5c078dc4df11e9d04cef03cdb451effbb5d034a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ba5971ac6e908226d3663a47f5c078dc4df11e9d04cef03cdb451effbb5d034a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/higher-ranked/trait-bounds/hrtb-opt-in-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f5d5585082492a8d52516a3b68d0c42a1d159bf4d98d541cd8a8951ec8806aa", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5f5d5585082492a8d52516a3b68d0c42a1d159bf4d98d541cd8a8951ec8806aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/contracts/contract-captures-via-closure-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4b40fecdf18edf99b6a8179ae6907cf5db00d2d9882a04b66406fce1cf8f5c7", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "final", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b4b40fecdf18edf99b6a8179ae6907cf5db00d2d9882a04b66406fce1cf8f5c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/consts/refs-to-cell-in-final.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c84882c388d3ef75d12f92a08b9b6f6724a1a904af464e909af39ae4917730b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "final", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8c84882c388d3ef75d12f92a08b9b6f6724a1a904af464e909af39ae4917730b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/consts/const-mut-refs/mut_ref_in_final.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ed56094c582c0cddaf21c8000041d26ce44ef0e26b54735e8ba598aa11bcbb1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "final", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8ed56094c582c0cddaf21c8000041d26ce44ef0e26b54735e8ba598aa11bcbb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/consts/const-eval/ptr_fragments_in_final.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "744175c887566c5abe610675765f15b8bcb26e49100b01638a8906650eb3bea9", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|744175c887566c5abe610675765f15b8bcb26e49100b01638a8906650eb3bea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/coherence/coherence-negative-impls-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a114362eef61b328551ef7fa1718b28ec88bb6647a5977206277a66f5f7f51c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3a114362eef61b328551ef7fa1718b28ec88bb6647a5977206277a66f5f7f51c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/coherence/coherence-impls-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f6353149347dbc31dc686fa5f7f99f81a88f264fd1ca70ee10a396ed3a46936", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|7f6353149347dbc31dc686fa5f7f99f81a88f264fd1ca70ee10a396ed3a46936"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/closures/2229_closure_analysis/diagnostics/liveness_unintentional_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04e5f874f89e16cf4fc5fcee087040ec4120a0052056d61f6003f25de0a673b5", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|04e5f874f89e16cf4fc5fcee087040ec4120a0052056d61f6003f25de0a673b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/async-await/default-struct-update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2e80a94bf9c4c29ada88b3f035f64f4f050cde9381c4635c1f4beb4b2f8d9ad", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c2e80a94bf9c4c29ada88b3f035f64f4f050cde9381c4635c1f4beb4b2f8d9ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/array-slice-vec/vec-matching-fixed.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2a214f0b1da00d6ef60de7072e1eb469dd0ec4e4a52c65ad33968eb8e2795ac", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d2a214f0b1da00d6ef60de7072e1eb469dd0ec4e4a52c65ad33968eb8e2795ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/mir-opt/pre-codegen/clone_as_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "035c1c319ba118e223ccd7d764b0df7916c50c95d89577715edb1f54a40359ed", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|035c1c319ba118e223ccd7d764b0df7916c50c95d89577715edb1f54a40359ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/mir-opt/dead-store-elimination/call_arg_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f236d4b14f39bd6b3a427066e058649759e4277dbe78b8eb3ac5c74c0f1f22c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|9f236d4b14f39bd6b3a427066e058649759e4277dbe78b8eb3ac5c74c0f1f22c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/issues/issue-122600-ptr-discriminant-update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "007c391da1647899bad6566b9ceeb20c8b14d7affcf4ec2fb8a236ddb46f5d79", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|007c391da1647899bad6566b9ceeb20c8b14d7affcf4ec2fb8a236ddb46f5d79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/clone_as_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19750877e3338e08d0fa367a863b0cab9c567602b9c288d1794418473f7dc788", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "backup", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|19750877e3338e08d0fa367a863b0cab9c567602b9c288d1794418473f7dc788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rustfmt/src/emitter/files_with_backup.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0eb4ee12b89618e4122154f2343c25fdc490bf84fdc4dfd8e152934ad0990b11", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0eb4ee12b89618e4122154f2343c25fdc490bf84fdc4dfd8e152934ad0990b11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/needless_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e44b3760e89adc42c7638dbf834412e2e7d48268ec84033c41dc2314aef47ef", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copied", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3e44b3760e89adc42c7638dbf834412e2e7d48268ec84033c41dc2314aef47ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/methods/cloned_instead_of_copied.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3dd806e25e86bacc5c3ce7c05ca119276beccdcef34c7fdb57659c272e1fdfe", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c3dd806e25e86bacc5c3ce7c05ca119276beccdcef34c7fdb57659c272e1fdfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/methods/clone_on_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3bb2b8fd3b8e5ad7f52c1a5808ed6dc10a084c44ad67873d3b0cb77a9be5fd60", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3bb2b8fd3b8e5ad7f52c1a5808ed6dc10a084c44ad67873d3b0cb77a9be5fd60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/manual_string_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 61872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "adec92a02086b933633c551d8dc1cb9a28440b5b418645ed908af637f8f07e09", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|adec92a02086b933633c551d8dc1cb9a28440b5b418645ed908af637f8f07e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/derive/expl_impl_clone_on_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 61864, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89212fb2a3b38b912f2392c277ae31c80f343ff9877c8166f908937ae422aad1", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "fixed", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "tests/ui/array-slice-vec/vec-matching.rs", "correlation_key": "fp|89212fb2a3b38b912f2392c277ae31c80f343ff9877c8166f908937ae422aad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/array-slice-vec/vec-matching-fixed.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 61862, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a26bf06b7a228be1d3f74a86dd2a1e39f5925cafd52c8fbb923e58fe4e6e11b5", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "alt", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "tests/run-make/extern-flag-fun/bar.rs", "correlation_key": "fp|a26bf06b7a228be1d3f74a86dd2a1e39f5925cafd52c8fbb923e58fe4e6e11b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/run-make/extern-flag-fun/bar-alt.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 61839, "scanner": "repobility-threat-engine", "fingerprint": "01150b7f092e2556274a736724e9ed95462130a379994ee30e29aaf08917e711", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|01150b7f092e2556274a736724e9ed95462130a379994ee30e29aaf08917e711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/coretests/benches/hash/sip.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 61824, "scanner": "repobility-threat-engine", "fingerprint": "228dada84da07a217cd8fef77e62d651867f90cb5c33517cf93f9e37ffabd516", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "exec(input", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|97|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/build_system/src/rust_tools.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 61820, "scanner": "repobility-threat-engine", "fingerprint": "cdd16fb3fe627f38593f4dd18eedc901435f7ef70b3e6c98091f991ee53170d4", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|54|sec045", "duplicate_count": 1, "duplicate_rule_ids": ["SEC045"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["19109937c19a604aa296aa287b5decd63aebc00d4777ac49d272bd783aaef0d3", "cdd16fb3fe627f38593f4dd18eedc901435f7ef70b3e6c98091f991ee53170d4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/scripts/rustc-clif.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 61819, "scanner": "repobility-threat-engine", "fingerprint": "6b23a5bd1f8e7ef39ba81f72c65b2b66c58d40c9b48091b4d9d90f8414efd963", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|84|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/scripts/cargo-clif.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 62078, "scanner": "repobility-docker", "fingerprint": "c725d6f3c12b6b7c9b36243cb535231ceb98d5da9ccf00e770377868075d36b1", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c725d6f3c12b6b7c9b36243cb535231ceb98d5da9ccf00e770377868075d36b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-netbsd/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62072, "scanner": "repobility-docker", "fingerprint": "46f1bcc53ffde46bb0e9002b1fe21d1ad077d6bc7b02295d6504980310eab77f", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|46f1bcc53ffde46bb0e9002b1fe21d1ad077d6bc7b02295d6504980310eab77f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-various-2/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62070, "scanner": "repobility-docker", "fingerprint": "2908f8cdfec3e06dd93daa8a927216c69ac42e226f43a611a591241d6c7bd6f0", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2908f8cdfec3e06dd93daa8a927216c69ac42e226f43a611a591241d6c7bd6f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-various-1/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62050, "scanner": "repobility-docker", "fingerprint": "d353287fa8cdf730470e0b650c4798b2d4a9133920fd8199687a703782c69da3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d353287fa8cdf730470e0b650c4798b2d4a9133920fd8199687a703782c69da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-i586-gnu-i586-i686-musl/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62043, "scanner": "repobility-docker", "fingerprint": "2b1e5d97fb34efcec45677c1651320bf65c31e4741ae6416d44c21ffb7cb9854", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2b1e5d97fb34efcec45677c1651320bf65c31e4741ae6416d44c21ffb7cb9854"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/riscv64gc-gnu/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62040, "scanner": "repobility-docker", "fingerprint": "ca2b27a195f3cd33eeb6b13b733dd9f29bd20fcec381838c5ba4df14bf67a4ed", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ca2b27a195f3cd33eeb6b13b733dd9f29bd20fcec381838c5ba4df14bf67a4ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-haiku/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62038, "scanner": "repobility-docker", "fingerprint": "ceb70b61833f364db8ea601be1f72ea1e70d196a09321b9b8c3c87b4d8c30258", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ceb70b61833f364db8ea601be1f72ea1e70d196a09321b9b8c3c87b4d8c30258"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-x86_64-dragonfly/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62035, "scanner": "repobility-docker", "fingerprint": "760edb1bba43d10bbe953b0b47792ed2c4e465c7fbfb6db4d0e04d0d61d8e3ce", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|760edb1bba43d10bbe953b0b47792ed2c4e465c7fbfb6db4d0e04d0d61d8e3ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-sparc64-linux/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62033, "scanner": "repobility-docker", "fingerprint": "242f9bb48d3b4587b2edaeee58abb94c00d9115718e2bf931f52f582a047ad27", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|242f9bb48d3b4587b2edaeee58abb94c00d9115718e2bf931f52f582a047ad27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-powerpcspe-linux/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62031, "scanner": "repobility-docker", "fingerprint": "9d39e565a0b90fb8a7396d89a0ca26bd4bd83f0ab4a85636d194848e553ff5a6", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|9d39e565a0b90fb8a7396d89a0ca26bd4bd83f0ab4a85636d194848e553ff5a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/disabled/dist-m68k-linux/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62026, "scanner": "repobility-docker", "fingerprint": "4237daa8836f6d361b68ab76295724fe21135775a76cd49c33bdb122dc570423", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4237daa8836f6d361b68ab76295724fe21135775a76cd49c33bdb122dc570423"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/armhf-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62024, "scanner": "repobility-docker", "fingerprint": "74ebf018b466edb1fdaea66390f63716e6f23933331b73a5c02aa38551fea5de", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|74ebf018b466edb1fdaea66390f63716e6f23933331b73a5c02aa38551fea5de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/arm-android/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62017, "scanner": "repobility-docker", "fingerprint": "88086536447df1d74a7d7e85c24232264f4aca11aafb0c6d59821b4d077df7e2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|88086536447df1d74a7d7e85c24232264f4aca11aafb0c6d59821b4d077df7e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62016, "scanner": "repobility-docker", "fingerprint": "7ea240c7f405cdab13eb93aa4dbfa23847361227ece673c3d7d008536ed9f490", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|7ea240c7f405cdab13eb93aa4dbfa23847361227ece673c3d7d008536ed9f490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62014, "scanner": "repobility-docker", "fingerprint": "2b1ddc1f90bee3a51ad48b9e8e092cf283fa48ca395a18a7b32914c301ef3a85", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2b1ddc1f90bee3a51ad48b9e8e092cf283fa48ca395a18a7b32914c301ef3a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/wasm32-wasip1/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62012, "scanner": "repobility-docker", "fingerprint": "bff29529f3dbc6f25eb957ec12dddac27045057b5cc690d5a19a352522c602af", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bff29529f3dbc6f25eb957ec12dddac27045057b5cc690d5a19a352522c602af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/s390x-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62010, "scanner": "repobility-docker", "fingerprint": "bd36ef44ecd24b709f984a034191e7d75b1bd32601c517955d744f2496b02c64", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bd36ef44ecd24b709f984a034191e7d75b1bd32601c517955d744f2496b02c64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62008, "scanner": "repobility-docker", "fingerprint": "047ad60e5adbc36eff50926020c3aec5317697c7e756ad8f4948f36bb8dd9496", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|047ad60e5adbc36eff50926020c3aec5317697c7e756ad8f4948f36bb8dd9496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv32gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62006, "scanner": "repobility-docker", "fingerprint": "9dd2b4f88234c4994c7e6366d5812546adcf39e0b454cfae97474c75357e25c0", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|9dd2b4f88234c4994c7e6366d5812546adcf39e0b454cfae97474c75357e25c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62004, "scanner": "repobility-docker", "fingerprint": "2f7f13c0db54187855486e1dc401b538059d5db26eaf799086feb566d46749b8", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2f7f13c0db54187855486e1dc401b538059d5db26eaf799086feb566d46749b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62002, "scanner": "repobility-docker", "fingerprint": "60a23dff16d36b2f3f164e27a4a2d310a0b73a660bfc2829f13a7b8f02b44e70", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|60a23dff16d36b2f3f164e27a4a2d310a0b73a660bfc2829f13a7b8f02b44e70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 62000, "scanner": "repobility-docker", "fingerprint": "f93f29066f25ffcc1d69579ec44304fcb9cd8f2b0dd5853f834a9f78356712c5", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f93f29066f25ffcc1d69579ec44304fcb9cd8f2b0dd5853f834a9f78356712c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/nvptx64-nvidia-cuda/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61998, "scanner": "repobility-docker", "fingerprint": "276f0cd09236357ceacaaa8b8cc662f19cb6b2be880175249e37b52494248c3e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|276f0cd09236357ceacaaa8b8cc662f19cb6b2be880175249e37b52494248c3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mipsel-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61996, "scanner": "repobility-docker", "fingerprint": "3538a27553aaf08ce4120350dcc9473329699a18932ec804c39d611dcc9eb257", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|3538a27553aaf08ce4120350dcc9473329699a18932ec804c39d611dcc9eb257"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61994, "scanner": "repobility-docker", "fingerprint": "018cdc0c96166e50adf48dd5a1ebbc2445bbe850c223ebb37e807c93337159a1", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|018cdc0c96166e50adf48dd5a1ebbc2445bbe850c223ebb37e807c93337159a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61992, "scanner": "repobility-docker", "fingerprint": "8cea1aaa2649bbd52d84b7cf91e17266f306bf94a6d9561ae748635d34cef49a", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8cea1aaa2649bbd52d84b7cf91e17266f306bf94a6d9561ae748635d34cef49a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61990, "scanner": "repobility-docker", "fingerprint": "93fa075b423b0fcc8d21bc315d85240ed1eaaf17c4ddf9f6e8e815569b16dcdc", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|93fa075b423b0fcc8d21bc315d85240ed1eaaf17c4ddf9f6e8e815569b16dcdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61988, "scanner": "repobility-docker", "fingerprint": "cb842ffcbcfe54ad8b19d27f7af500736f081269dfef4e66495fd9e3161ff434", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cb842ffcbcfe54ad8b19d27f7af500736f081269dfef4e66495fd9e3161ff434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61986, "scanner": "repobility-docker", "fingerprint": "b9af6e27e80fa4279c19673201d8c347c136186132abe2e39a16f7117a6d955e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b9af6e27e80fa4279c19673201d8c347c136186132abe2e39a16f7117a6d955e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61984, "scanner": "repobility-docker", "fingerprint": "e6bbe3a641cdbb8af9387c7ac8593dff34c12a74823481a7ed4893c8b293f7b3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e6bbe3a641cdbb8af9387c7ac8593dff34c12a74823481a7ed4893c8b293f7b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/hexagon-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61982, "scanner": "repobility-docker", "fingerprint": "f61fa1f2bc9d429f82dfc7da01ee2117b7849d2f4a4a43c19ac1b4d03a21d897", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f61fa1f2bc9d429f82dfc7da01ee2117b7849d2f4a4a43c19ac1b4d03a21d897"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61980, "scanner": "repobility-docker", "fingerprint": "71932a928b3f8554b600c2a48f60d3e2d1316a9f5c5dbf1e4bc1069c304345da", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|71932a928b3f8554b600c2a48f60d3e2d1316a9f5c5dbf1e4bc1069c304345da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61978, "scanner": "repobility-docker", "fingerprint": "c435c9960abd2a9baad9051f09c0243bbe3fd5eaab335ee43727f073681be5f3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c435c9960abd2a9baad9051f09c0243bbe3fd5eaab335ee43727f073681be5f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/amdgcn-amd-amdhsa/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61976, "scanner": "repobility-docker", "fingerprint": "a6aee429b9518f41e9a4c73873f007d11829e2fffd314cdacc300f55f104fbe8", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a6aee429b9518f41e9a4c73873f007d11829e2fffd314cdacc300f55f104fbe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64_be-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61974, "scanner": "repobility-docker", "fingerprint": "175c6d9e3eacc7b7c7d8a1e74cdda7bea2f50e4a5e8801a7244543449ea6e95e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|175c6d9e3eacc7b7c7d8a1e74cdda7bea2f50e4a5e8801a7244543449ea6e95e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61972, "scanner": "repobility-docker", "fingerprint": "abcba3cebb2849576aef382abf5332cc37798c8a0454bd97e428ef4f9d9c67b7", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|abcba3cebb2849576aef382abf5332cc37798c8a0454bd97e428ef4f9d9c67b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61969, "scanner": "repobility-docker", "fingerprint": "a5a21351c2e2e53bb12cabd358ef5ede02b2d85722a3ff3e5c98abd7fc4c5750", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a5a21351c2e2e53bb12cabd358ef5ede02b2d85722a3ff3e5c98abd7fc4c5750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/wasm32-unknown-unknown/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61966, "scanner": "repobility-docker", "fingerprint": "cb5fed5de24c13321bb456b51617bc7d7e5758061007abfeb283aa65404d35d0", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cb5fed5de24c13321bb456b51617bc7d7e5758061007abfeb283aa65404d35d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7m-none-eabi/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61963, "scanner": "repobility-docker", "fingerprint": "b0cb19d3595c58459edfd91c11e3c4585a1a4b3bd52c03486786198454d5711c", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b0cb19d3595c58459edfd91c11e3c4585a1a4b3bd52c03486786198454d5711c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabihf/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61960, "scanner": "repobility-docker", "fingerprint": "0028dceb4222f849a7ef4f5b7b49f2bbaf02a9b98482c82d95ebba1a523a10af", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0028dceb4222f849a7ef4f5b7b49f2bbaf02a9b98482c82d95ebba1a523a10af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabi/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61957, "scanner": "repobility-docker", "fingerprint": "df1e369cc16c900562fc8991c46a690041038ac40af039e05a19ac767c4502e3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|df1e369cc16c900562fc8991c46a690041038ac40af039e05a19ac767c4502e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv6m-none-eabi/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61954, "scanner": "repobility-docker", "fingerprint": "da6973c95c8431797fb3e0588dc714e225c976b3962906790234a8d21af208d2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|da6973c95c8431797fb3e0588dc714e225c976b3962906790234a8d21af208d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61951, "scanner": "repobility-docker", "fingerprint": "20efb1bff5489318aef477ebe6714f97c21a2b09ace8be97215047f2879568dc", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|20efb1bff5489318aef477ebe6714f97c21a2b09ace8be97215047f2879568dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61948, "scanner": "repobility-docker", "fingerprint": "17760f236a7ba8e4c787327627996a1aa9b54d7fd4893194b92242c69a1cf289", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|17760f236a7ba8e4c787327627996a1aa9b54d7fd4893194b92242c69a1cf289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61945, "scanner": "repobility-docker", "fingerprint": "434bbcc98bcfd160ffad2e610357b7c36fb23394aa47cda741e418db3b2e7e32", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|434bbcc98bcfd160ffad2e610357b7c36fb23394aa47cda741e418db3b2e7e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61942, "scanner": "repobility-docker", "fingerprint": "da0f6e31d7012d07236764b5c6296b9a442862c65fc98dc2a34f82abf46bf5e4", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|da0f6e31d7012d07236764b5c6296b9a442862c65fc98dc2a34f82abf46bf5e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mipsel-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61939, "scanner": "repobility-docker", "fingerprint": "fef7ec621f30c634c00750e4cf79b621a0ded975be2af6d195efa311b53e3988", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fef7ec621f30c634c00750e4cf79b621a0ded975be2af6d195efa311b53e3988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61936, "scanner": "repobility-docker", "fingerprint": "2066cc66aebb38f10eca9cb3c2a9fcbfe96087a586ca00931330a3046835835d", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2066cc66aebb38f10eca9cb3c2a9fcbfe96087a586ca00931330a3046835835d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61933, "scanner": "repobility-docker", "fingerprint": "35f2cd47ea101ca157b37a5b3b690d4960bfa4aafdc7c0089636b0a53a6d76e2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|35f2cd47ea101ca157b37a5b3b690d4960bfa4aafdc7c0089636b0a53a6d76e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61930, "scanner": "repobility-docker", "fingerprint": "f82dd18f09f37076c31c995b3ba7ba571f1c521126163537dde277a1ea47aac7", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f82dd18f09f37076c31c995b3ba7ba571f1c521126163537dde277a1ea47aac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61927, "scanner": "repobility-docker", "fingerprint": "e745d5a4567bff132971cf098c1d88da433f5068004b9b2f4042f445f787287f", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e745d5a4567bff132971cf098c1d88da433f5068004b9b2f4042f445f787287f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61924, "scanner": "repobility-docker", "fingerprint": "9752cffdc2a82f0ea120f8e0e61b0a25b6c2d2ece0ad9bb245b021bca08d7c20", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|9752cffdc2a82f0ea120f8e0e61b0a25b6c2d2ece0ad9bb245b021bca08d7c20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61921, "scanner": "repobility-docker", "fingerprint": "21218850589d44847761a8c78fa518d1b528b8393349275660ccb7400f44d1b8", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|21218850589d44847761a8c78fa518d1b528b8393349275660ccb7400f44d1b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61918, "scanner": "repobility-docker", "fingerprint": "4c94e87fb65e01fbe731b0ed1601cdea16501071419c3c18e581570677673756", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4c94e87fb65e01fbe731b0ed1601cdea16501071419c3c18e581570677673756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61915, "scanner": "repobility-docker", "fingerprint": "dca44beb7c69b5623855a2cf070236dc157d1a63dfe8cecf81670980a8c68a79", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|dca44beb7c69b5623855a2cf070236dc157d1a63dfe8cecf81670980a8c68a79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabi/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 61911, "scanner": "repobility-docker", "fingerprint": "169bc7aac5b53206b80ed5dfd3692db98dc98d0d611751bc6ebf9386a2e75483", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|169bc7aac5b53206b80ed5dfd3692db98dc98d0d611751bc6ebf9386a2e75483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21350eb98d5d20fc06c2c14b694eff3a97b6734512545953357b376ddb4d20f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_gcc/src/lib.rs", "duplicate_line": 20, "correlation_key": "fp|21350eb98d5d20fc06c2c14b694eff3a97b6734512545953357b376ddb4d20f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_llvm/src/lib.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8f19aed9344e5bb8d7fc225e40b05566a2260b2b4a243ea7542aa7ba4f666d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_gcc/src/debuginfo.rs", "duplicate_line": 129, "correlation_key": "fp|b8f19aed9344e5bb8d7fc225e40b05566a2260b2b4a243ea7542aa7ba4f666d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_llvm/src/debuginfo/mod.rs"}, "region": {"startLine": 259}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bbf8859499cf556da8e9319a646f9099232ba591ee4b84d01f44fb133e82e984", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_gcc/src/common.rs", "duplicate_line": 220, "correlation_key": "fp|bbf8859499cf556da8e9319a646f9099232ba591ee4b84d01f44fb133e82e984"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_llvm/src/common.rs"}, "region": {"startLine": 230}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e405d1f0fa41f8951a8e8440e1f4370495b3f04d5f60416554bd54b5bcd830ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_gcc/src/back/lto.rs", "duplicate_line": 96, "correlation_key": "fp|e405d1f0fa41f8951a8e8440e1f4370495b3f04d5f60416554bd54b5bcd830ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_llvm/src/back/lto.rs"}, "region": {"startLine": 165}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99e1c8248bf3769f7ce69a9a71dc94879ab5b457d54944b2ac74f18e6dd94c22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_cranelift/src/common.rs", "duplicate_line": 385, "correlation_key": "fp|99e1c8248bf3769f7ce69a9a71dc94879ab5b457d54944b2ac74f18e6dd94c22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/src/context.rs"}, "region": {"startLine": 418}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 61902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d79e9895aa7f2ab7f753b5670f7e51f635b8625c965de97ea64050e36d42900", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "compiler/rustc_codegen_cranelift/scripts/rustc-clif.rs", "duplicate_line": 1, "correlation_key": "fp|0d79e9895aa7f2ab7f753b5670f7e51f635b8625c965de97ea64050e36d42900"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/scripts/rustdoc-clif.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6eebb88eeac4f3e103a105536a53d044289ccc0ace04b9fa1c31bd0eddb6faaf", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "final", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|6eebb88eeac4f3e103a105536a53d044289ccc0ace04b9fa1c31bd0eddb6faaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/consts/const-eval/ptr_fragments_in_final.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0c7274908e9f15386d98b8ac8b639d7d3a9a7e5d8eee8c803839f4e44abe19a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "final", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f0c7274908e9f15386d98b8ac8b639d7d3a9a7e5d8eee8c803839f4e44abe19a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/consts/refs-to-cell-in-final.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0ebc5ed96539d12444353bc9d80bb796771ee6d77b0ea61b94a3e7f274c2c4a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a0ebc5ed96539d12444353bc9d80bb796771ee6d77b0ea61b94a3e7f274c2c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/coherence/coherence-negative-impls-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "636b3cc18d280ca9964ca6c04202a0f2d873c5c3aa869bc0c06c52ea115a5f15", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|636b3cc18d280ca9964ca6c04202a0f2d873c5c3aa869bc0c06c52ea115a5f15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/coherence/coherence-impls-copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bf2b31546164f2e65d0aa6dea2fa5eee12f6d3bbacb2a094ca70ad250fcd44c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|0bf2b31546164f2e65d0aa6dea2fa5eee12f6d3bbacb2a094ca70ad250fcd44c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/closures/2229_closure_analysis/diagnostics/liveness_unintentional_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20ad8ffae2efeafc80e7d2b8b58ef75cbb21f41d0f6c7ddf3cf596655d5402a6", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|20ad8ffae2efeafc80e7d2b8b58ef75cbb21f41d0f6c7ddf3cf596655d5402a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/box/thin_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61865, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d2144356b3cddbfc66a9c25748bf38969149779fb363f2c165c2d00b88262ea", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4d2144356b3cddbfc66a9c25748bf38969149779fb363f2c165c2d00b88262ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ui/async-await/default-struct-update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61863, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bda45ddd92c53c8bda97e057345171d003f038e6714775f69ba970cd6b63f1e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|0bda45ddd92c53c8bda97e057345171d003f038e6714775f69ba970cd6b63f1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/rustdoc-js-std/vec-new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61861, "scanner": "repobility-ai-code-hygiene", "fingerprint": "338de1b672a6a3fb26e456a76b326786ce4081e690fc2d182abee25ed58561fa", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|338de1b672a6a3fb26e456a76b326786ce4081e690fc2d182abee25ed58561fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/mir-opt/pre-codegen/clone_as_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "893a9d14e22c28edd10d48dcf6cf0533bb70ff667dee55498dba1790c855e4c7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|893a9d14e22c28edd10d48dcf6cf0533bb70ff667dee55498dba1790c855e4c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/mir-opt/dead-store-elimination/call_arg_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d25777a6c2a62f4f24f2a0551ea45088afa7fe44b9c80f8515ad9b9d7bfab57", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4d25777a6c2a62f4f24f2a0551ea45088afa7fe44b9c80f8515ad9b9d7bfab57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/mir-opt/dataflow-const-prop/aggregate_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "785ffa3104ff7a4775156a623b3634de258754c41a41042db21d3798fbde0390", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|785ffa3104ff7a4775156a623b3634de258754c41a41042db21d3798fbde0390"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/incremental/unchecked_clean.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57afed19c6607591efd9fe20ea62caa33a1d750fddfd52acd23c675b3eb7fbf8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|57afed19c6607591efd9fe20ea62caa33a1d750fddfd52acd23c675b3eb7fbf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/issues/issue-122600-ptr-discriminant-update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1215d2d24894754204315752d01310303dbce6aa826f228bcd8bd3d294148e8f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "optimized", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1215d2d24894754204315752d01310303dbce6aa826f228bcd8bd3d294148e8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/transmute-optimized.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61855, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56662638bf0f10c2b424f1958eb10b440bb27f9735254f671640e3d0ddc22ec5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|56662638bf0f10c2b424f1958eb10b440bb27f9735254f671640e3d0ddc22ec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/placement-new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61854, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7137bb945264ea84e912b00fbbc43d1449e6671fabd900f07d2bd84fe8800fb4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "optimized", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7137bb945264ea84e912b00fbbc43d1449e6671fabd900f07d2bd84fe8800fb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/match-optimized.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61853, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a48f7b971589609ca073f4d484326be215d56e64f72afabc0827bb27940c3de5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a48f7b971589609ca073f4d484326be215d56e64f72afabc0827bb27940c3de5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/clone_as_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61852, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c88c45a9d91c8c9cabd5136709728e26e54414365dd832e7b62a266bad0e6070", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "optimized", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c88c45a9d91c8c9cabd5136709728e26e54414365dd832e7b62a266bad0e6070"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/cast-optimized.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61851, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f363bc4054f198e71832396325516fbea095b2c8c753328767501eaf3ded2b0b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "optimized", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f363bc4054f198e71832396325516fbea095b2c8c753328767501eaf3ded2b0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/codegen-llvm/array-optimized.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61850, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a8779c17a5faa11fc5bb1c1c9b0a3de7e457e528191b74b04d05011598a155ae", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "backup", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a8779c17a5faa11fc5bb1c1c9b0a3de7e457e528191b74b04d05011598a155ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rustfmt/src/emitter/files_with_backup.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a9c4e3754687f3257380ea7ddeefa5704034932a8253b0bc07d0e774bae6133", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9a9c4e3754687f3257380ea7ddeefa5704034932a8253b0bc07d0e774bae6133"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/crates/ide-assists/src/handlers/generate_default_from_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "957943324e1f9ed9ef82fcd81f52f0209f2d4de5200047188bf25aa6cc18ae98", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|957943324e1f9ed9ef82fcd81f52f0209f2d4de5200047188bf25aa6cc18ae98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/crates/ide-assists/src/handlers/generate_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5ab099924eacde9232f6232cbe76e0ccfed9acb840abcad6aaf94305949d94d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copied", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|e5ab099924eacde9232f6232cbe76e0ccfed9acb840abcad6aaf94305949d94d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/methods/cloned_instead_of_copied.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61846, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14a04742990d8ad3289868fe15afb7ad0f207bceb46d4b76b5ee6e8b80331c84", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|14a04742990d8ad3289868fe15afb7ad0f207bceb46d4b76b5ee6e8b80331c84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/methods/clone_on_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61845, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8df2e7c719f14cc110bb79c4f60fde3b08a34f0e056560df71e4a4ecabf28a15", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8df2e7c719f14cc110bb79c4f60fde3b08a34f0e056560df71e4a4ecabf28a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/derive/expl_impl_clone_on_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61844, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8437dbe04e794a48e7fa0b026b8716624ebf2b7711c35167281e092a9b8719b", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f8437dbe04e794a48e7fa0b026b8716624ebf2b7711c35167281e092a9b8719b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/needless_update.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61843, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d41a0205467ddfd9acc3d8e6493ff42ffa7faed317b53328bb450e1a36ece6f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9d41a0205467ddfd9acc3d8e6493ff42ffa7faed317b53328bb450e1a36ece6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/clippy/clippy_lints/src/manual_string_new.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 61842, "scanner": "repobility-ai-code-hygiene", "fingerprint": "140007b76d9c6ab274498cfbac2efb63d3218e19c7778346b79a1a5e8c0522a1", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|140007b76d9c6ab274498cfbac2efb63d3218e19c7778346b79a1a5e8c0522a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_mir_build/src/builder/expr/as_temp.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `update_intrinsics` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=1, for=2, if=2, nested_bonus=5, ternary=1."}, "properties": {"repobilityId": 61828, "scanner": "repobility-threat-engine", "fingerprint": "2562e59ea6296470e60f17a3f490f40ccf806a7b47bc73c171432d95b686ad1a", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update_intrinsics", "breakdown": {"if": 2, "for": 2, "else": 1, "ternary": 1, "continue": 1, "nested_bonus": 5}, "complexity": 12, "correlation_key": "fp|2562e59ea6296470e60f17a3f490f40ccf806a7b47bc73c171432d95b686ad1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/tools/generate_intrinsics.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_intrinsics_from_llvm` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, for=1, if=4, nested_bonus=4."}, "properties": {"repobilityId": 61827, "scanner": "repobility-threat-engine", "fingerprint": "8d97639fb0652566a996d704876e4d015a712623de0a85bdd9fd6cfa8b0936e8", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_intrinsics_from_llvm", "breakdown": {"if": 4, "for": 1, "continue": 3, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|8d97639fb0652566a996d704876e4d015a712623de0a85bdd9fd6cfa8b0936e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/tools/generate_intrinsics.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61971, "scanner": "repobility-docker", "fingerprint": "1fdbf1b3781fb027a178181a4c0283a78902514add422f15ed927aeb7618db5c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1fdbf1b3781fb027a178181a4c0283a78902514add422f15ed927aeb7618db5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61968, "scanner": "repobility-docker", "fingerprint": "bededb8b14bdcee0efbb14959f9637221b6fa3e7be040c68e36b20b8e920053c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bededb8b14bdcee0efbb14959f9637221b6fa3e7be040c68e36b20b8e920053c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/wasm32-unknown-unknown/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61965, "scanner": "repobility-docker", "fingerprint": "da91f7236f64517a929be8f7e26cdd35823045cacc7c45aacf49ed805eb6dd45", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|da91f7236f64517a929be8f7e26cdd35823045cacc7c45aacf49ed805eb6dd45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7m-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61962, "scanner": "repobility-docker", "fingerprint": "fed508d9b2e4ef894604c37c6e33f93b58d0c8e8a9686ce382cca05e62b40a83", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fed508d9b2e4ef894604c37c6e33f93b58d0c8e8a9686ce382cca05e62b40a83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61959, "scanner": "repobility-docker", "fingerprint": "9002b2eb730bd6d01cab163544ae61c1aa7c0e1e62b4c58edccbe6cb3ed3d2b4", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9002b2eb730bd6d01cab163544ae61c1aa7c0e1e62b4c58edccbe6cb3ed3d2b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv7em-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61956, "scanner": "repobility-docker", "fingerprint": "9bbe7c1c35a99811af28f89ffd99e54fdf50416b870090b1cb943541cf47d9d9", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9bbe7c1c35a99811af28f89ffd99e54fdf50416b870090b1cb943541cf47d9d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/thumbv6m-none-eabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61953, "scanner": "repobility-docker", "fingerprint": "9623b43b9e190d564457364928ba32d61cb476e0913ac1d3f54aed0e5cd6276a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9623b43b9e190d564457364928ba32d61cb476e0913ac1d3f54aed0e5cd6276a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61950, "scanner": "repobility-docker", "fingerprint": "623b3593cc5087f39f3d7212ed322e9500246f3b3bf528142f018b1db1120005", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|623b3593cc5087f39f3d7212ed322e9500246f3b3bf528142f018b1db1120005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61947, "scanner": "repobility-docker", "fingerprint": "16c214a6b44b8d56a7de17e09020226235a084817842b97f391cfe1e403ae78d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|16c214a6b44b8d56a7de17e09020226235a084817842b97f391cfe1e403ae78d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61944, "scanner": "repobility-docker", "fingerprint": "8236021a5bd635168c4fe2675396342c292288451438515bece174b18177c1f6", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|8236021a5bd635168c4fe2675396342c292288451438515bece174b18177c1f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61941, "scanner": "repobility-docker", "fingerprint": "0c3a4d17c6062bea2c1c4847345d9fea51bfb45a6a9b83877f574350c8f2bed2", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0c3a4d17c6062bea2c1c4847345d9fea51bfb45a6a9b83877f574350c8f2bed2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mipsel-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61938, "scanner": "repobility-docker", "fingerprint": "455f6df26eab7349b371a154d3d167c7d1a80c043395c61beace9a05ceb99275", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|455f6df26eab7349b371a154d3d167c7d1a80c043395c61beace9a05ceb99275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61935, "scanner": "repobility-docker", "fingerprint": "1cbadcf77855e6997f938d1d9b54f42bb220c92ef2f3c0354f0ffd8c0fa18ecd", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1cbadcf77855e6997f938d1d9b54f42bb220c92ef2f3c0354f0ffd8c0fa18ecd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61932, "scanner": "repobility-docker", "fingerprint": "13510116334a9a980e5ddec7b06eea6855520ee53b26361557047ae7ea28d493", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|13510116334a9a980e5ddec7b06eea6855520ee53b26361557047ae7ea28d493"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61929, "scanner": "repobility-docker", "fingerprint": "979835f77319d21ac3aa35aa60c12eefe16ea71dff449175b534e0dca3275025", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|979835f77319d21ac3aa35aa60c12eefe16ea71dff449175b534e0dca3275025"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61926, "scanner": "repobility-docker", "fingerprint": "2f510998ca70936ac05dbd5ffc7231ebca0630f5983a91ed7bca78fe2d714acc", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|2f510998ca70936ac05dbd5ffc7231ebca0630f5983a91ed7bca78fe2d714acc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61923, "scanner": "repobility-docker", "fingerprint": "823b5560b9e3e6759772124635ff75fc8b6fbbbfe4ad68e7446b4d8183197eaa", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|823b5560b9e3e6759772124635ff75fc8b6fbbbfe4ad68e7446b4d8183197eaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61920, "scanner": "repobility-docker", "fingerprint": "275d3d0b850073d0659969cbb85c705c231e03f8dbef74bf535815a297bdea7f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|275d3d0b850073d0659969cbb85c705c231e03f8dbef74bf535815a297bdea7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61917, "scanner": "repobility-docker", "fingerprint": "fea6df370f979f7aa441b365a8a7a1e01c7dde228b96d467a0ae7ec5b2cfe4dd", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fea6df370f979f7aa441b365a8a7a1e01c7dde228b96d467a0ae7ec5b2cfe4dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61914, "scanner": "repobility-docker", "fingerprint": "f1537099e360ec30753c80a9133d0199bf7cd8980beab87bb1a3c6cfea068d66", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|f1537099e360ec30753c80a9133d0199bf7cd8980beab87bb1a3c6cfea068d66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/arm-unknown-linux-gnueabi/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 61910, "scanner": "repobility-docker", "fingerprint": "05ebeeb517c4d7c83cbc0c8baade40bc34854e89ab6b4639d44326b6336f5f7c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|05ebeeb517c4d7c83cbc0c8baade40bc34854e89ab6b4639d44326b6336f5f7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 61838, "scanner": "repobility-threat-engine", "fingerprint": "9cb128a05a8fe7107c80544d7d9f86409223f139e9ccb7f0c2d50cb20cf20408", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9cb128a05a8fe7107c80544d7d9f86409223f139e9ccb7f0c2d50cb20cf20408"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/std/src/prelude/v1.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 61837, "scanner": "repobility-threat-engine", "fingerprint": "1e59b3084b17396b13d9964f1cd9e32030fab4c8f18f211ace1f9b534e3c49f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1e59b3084b17396b13d9964f1cd9e32030fab4c8f18f211ace1f9b534e3c49f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/core/src/prelude/v1.rs"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 61836, "scanner": "repobility-threat-engine", "fingerprint": "424fd5cf7b0c25e5addbf7386ab246a7bcbce2497e2915da493e62bf3f6f826f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|424fd5cf7b0c25e5addbf7386ab246a7bcbce2497e2915da493e62bf3f6f826f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/libm-test/examples/plot_file.jl"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 61835, "scanner": "repobility-threat-engine", "fingerprint": "e57a8fc5a0c4f0cf8582232999dc63dd2041124213ec707e57b6b4ecfc5c5ce7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e57a8fc5a0c4f0cf8582232999dc63dd2041124213ec707e57b6b4ecfc5c5ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/libm-test/examples/plot_file.jl"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 61833, "scanner": "repobility-threat-engine", "fingerprint": "862cc80fb0639f6a9e830f5a6aa6efa1f4f35342b23566f4864fda5ffd4fbb86", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|862cc80fb0639f6a9e830f5a6aa6efa1f4f35342b23566f4864fda5ffd4fbb86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/etc/update-api-list.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 61832, "scanner": "repobility-threat-engine", "fingerprint": "1d59622d35bd37a53521768494b244f832774e3404c28693950db22a1bce0ca5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d59622d35bd37a53521768494b244f832774e3404c28693950db22a1bce0ca5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/alloctests/benches/string.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 61831, "scanner": "repobility-threat-engine", "fingerprint": "af6dd1e8733ef890332de8cac6d7215b75d8176f57f2c3e17ed64129405d75fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af6dd1e8733ef890332de8cac6d7215b75d8176f57f2c3e17ed64129405d75fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_llvm/llvm-wrapper/Linker.cpp"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 61830, "scanner": "repobility-threat-engine", "fingerprint": "6b02418ebb0c71b904a7b8efcd4e48330f0e2a0df3d12e269da54d5d128ff273", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b02418ebb0c71b904a7b8efcd4e48330f0e2a0df3d12e269da54d5d128ff273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/tools/generate_intrinsics.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 61829, "scanner": "repobility-threat-engine", "fingerprint": "7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "check_duplicates", "breakdown": {"if": 9, "for": 2, "else": 1, "while": 2, "ternary": 2, "continue": 3, "nested_bonus": 32}, "aggregated": true, "complexity": 51, "correlation_key": "fp|7195ad2ed9d17b05fb3343deb30e489e47b88806e32e44e36b1ae21ff4fb7c7d", "aggregated_count": 6}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 61822, "scanner": "repobility-threat-engine", "fingerprint": "41cd8e822522453693db41bd6a0895919dcda21ac695bc2ee8073b7db25c369d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41cd8e822522453693db41bd6a0895919dcda21ac695bc2ee8073b7db25c369d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/scripts/jit-helpers.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 61821, "scanner": "repobility-threat-engine", "fingerprint": "9a38e81725d4cd7d3858c2dca40b30fff35130f2f83e2579933f8cbdf2284cba", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9a38e81725d4cd7d3858c2dca40b30fff35130f2f83e2579933f8cbdf2284cba"}}}, {"ruleId": "MINED041", "level": "none", "message": {"text": "[MINED041] Rust Unimplemented Macro (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 61818, "scanner": "repobility-threat-engine", "fingerprint": "2e12427c9aeeaa74910073e6a06f9b99f05d01b8d6b4b5dc71396c234fe93aa8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2e12427c9aeeaa74910073e6a06f9b99f05d01b8d6b4b5dc71396c234fe93aa8", "aggregated_count": 17}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 87 more): Same pattern found in 87 additional files. Review if needed."}, "properties": {"repobilityId": 61814, "scanner": "repobility-threat-engine", "fingerprint": "e860e112cefe6f10615233acccaa93a10c91fcbf2112f9294c5a855ff540d3ea", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 87 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e860e112cefe6f10615233acccaa93a10c91fcbf2112f9294c5a855ff540d3ea", "aggregated_count": 87}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 61813, "scanner": "repobility-threat-engine", "fingerprint": "adfb429d04b1dec36ebc6a1c134f1f7a1b03ba0c72c2fa6b82fecb7c83b570a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|adfb429d04b1dec36ebc6a1c134f1f7a1b03ba0c72c2fa6b82fecb7c83b570a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_attr_parsing/src/attributes/proc_macro_attrs.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 61812, "scanner": "repobility-threat-engine", "fingerprint": "f937eabb3675a39d438b65fcfce5772322045000d188a69239e59b0ab81df91a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f937eabb3675a39d438b65fcfce5772322045000d188a69239e59b0ab81df91a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_attr_parsing/src/attributes/macro_attrs.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 61811, "scanner": "repobility-threat-engine", "fingerprint": "f8fae5b5d775cee4230591d994bcabca863f90649953b41594ede7d1769c45b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8fae5b5d775cee4230591d994bcabca863f90649953b41594ede7d1769c45b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_attr_parsing/src/attributes/cfg_select.rs"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 367 more): Same pattern found in 367 additional files. Review if needed."}, "properties": {"repobilityId": 61810, "scanner": "repobility-threat-engine", "fingerprint": "9b36fbb8e0d1b8a8b2e2c5a4828784d254dc18a1290eb0c5100c753690dcc0c1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 367 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9b36fbb8e0d1b8a8b2e2c5a4828784d254dc18a1290eb0c5100c753690dcc0c1", "aggregated_count": 367}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 61809, "scanner": "repobility-threat-engine", "fingerprint": "8f9ab9de746ac66ec937d20e975f479d10e453946d92c5a9ec144e7417a797d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f9ab9de746ac66ec937d20e975f479d10e453946d92c5a9ec144e7417a797d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_attr_parsing/src/safety.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 61808, "scanner": "repobility-threat-engine", "fingerprint": "ef3c78f99ee562100df91ffb92e8ba4e6140cffb10ebd7fb25c370f4c526c419", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef3c78f99ee562100df91ffb92e8ba4e6140cffb10ebd7fb25c370f4c526c419"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_ast/src/ast_traits.rs"}, "region": {"startLine": 342}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 61807, "scanner": "repobility-threat-engine", "fingerprint": "1e2f24626cbeb905677e28c2c323f7faa32b503fb156146a78a6ebdb35d1676d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1e2f24626cbeb905677e28c2c323f7faa32b503fb156146a78a6ebdb35d1676d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_arena/src/tests.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 61806, "scanner": "repobility-threat-engine", "fingerprint": "8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8a77ffb0a8fcdda223aabe32cdaf0e5bdc6cae13db4c9684d2f2d4932a1285a8"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 144 more): Same pattern found in 144 additional files. Review if needed."}, "properties": {"repobilityId": 61802, "scanner": "repobility-threat-engine", "fingerprint": "aee72887a40d7331c5c411551a2fdca59b9df91aba78b3289932c6f72a4ffee8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 144 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aee72887a40d7331c5c411551a2fdca59b9df91aba78b3289932c6f72a4ffee8", "aggregated_count": 144}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 61801, "scanner": "repobility-threat-engine", "fingerprint": "872aff6d9ddf46497fc8c26856774a584f5b6bba60ca6919dad40f5fb3efb0e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|872aff6d9ddf46497fc8c26856774a584f5b6bba60ca6919dad40f5fb3efb0e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_arena/src/tests.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 61800, "scanner": "repobility-threat-engine", "fingerprint": "61f557727ec64b51e8dec45c0cfe7da490e3e868bd17389e22641b7f5394a844", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61f557727ec64b51e8dec45c0cfe7da490e3e868bd17389e22641b7f5394a844"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_abi/src/layout/simple.rs"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 61799, "scanner": "repobility-threat-engine", "fingerprint": "a063ba78c02cff3ef8435b329ea7fb75e579ae78bfa06468f20ecc499da493f5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a063ba78c02cff3ef8435b329ea7fb75e579ae78bfa06468f20ecc499da493f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_abi/src/callconv/reg.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 283 more): Same pattern found in 283 additional files. Review if needed."}, "properties": {"repobilityId": 61798, "scanner": "repobility-threat-engine", "fingerprint": "a176dd34eee7c492d20189bbb62a52227c10ae3074a9559ebd7534a003e40f52", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 283 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a176dd34eee7c492d20189bbb62a52227c10ae3074a9559ebd7534a003e40f52", "aggregated_count": 283}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62207, "scanner": "repobility-supply-chain", "fingerprint": "b08c2206daf933a8236734441434ac6ffba4f2afeec8d921c7a423b56841ebe1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b08c2206daf933a8236734441434ac6ffba4f2afeec8d921c7a423b56841ebe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/dist-x86_64-freebsd/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62206, "scanner": "repobility-supply-chain", "fingerprint": "b52c0cfc3e0d6b8e69634a9a9a511a25015be09728f59e20dbee900487a58ed7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b52c0cfc3e0d6b8e69634a9a9a511a25015be09728f59e20dbee900487a58ed7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ci/docker/host-x86_64/x86_64-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:slim` not pinned by digest: `FROM node:slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62205, "scanner": "repobility-supply-chain", "fingerprint": "91a827a89a47e5bebba5780b1829eb18a99282e4cfb2e11818ee9d1ee0d41077", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|91a827a89a47e5bebba5780b1829eb18a99282e4cfb2e11818ee9d1ee0d41077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/actions/github-release/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `rust:alpine` unpinned: `container/services image: rust:alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 62204, "scanner": "repobility-supply-chain", "fingerprint": "dc09210adeb5655717fc286e07e036696109d2eae65a2a8244289099b34fd778", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc09210adeb5655717fc286e07e036696109d2eae65a2a8244289099b34fd778"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/workflows/release.yaml"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `quay.io/pypa/manylinux_2_28_aarch64` unpinned: `container/services image: quay.io/pypa/manylinux_2_28_aarch64` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 62203, "scanner": "repobility-supply-chain", "fingerprint": "ea2f95d6f82bc7a0cd3f9b0c345b382bbf8c6e033a76eda863aa46e70375dc7c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea2f95d6f82bc7a0cd3f9b0c345b382bbf8c6e033a76eda863aa46e70375dc7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/workflows/release.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `quay.io/pypa/manylinux_2_28_x86_64` unpinned: `container/services image: quay.io/pypa/manylinux_2_28_x86_64` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 62202, "scanner": "repobility-supply-chain", "fingerprint": "b54da890608d0ac8ffd1af216be0b7f6c9876f47b47c1a6728869beb5bcc26fe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b54da890608d0ac8ffd1af216be0b7f6c9876f47b47c1a6728869beb5bcc26fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/workflows/release.yaml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62192, "scanner": "repobility-supply-chain", "fingerprint": "0abb16a7b007f15900cbd5fc653d77a6431f3feb724c2d1f3a27cfac366a773f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0abb16a7b007f15900cbd5fc653d77a6431f3feb724c2d1f3a27cfac366a773f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/armv7-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.04` not pinned by digest: `FROM ubuntu:25.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62191, "scanner": "repobility-supply-chain", "fingerprint": "7f5b9e638cb8930797fd36ff293477c8a68d023c8e20470329b151cabd26f54d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f5b9e638cb8930797fd36ff293477c8a68d023c8e20470329b151cabd26f54d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64el-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62190, "scanner": "repobility-supply-chain", "fingerprint": "90209dd5af74e047683c15dea40b69f6a0aa1dbb162d7471724c0a429b2eb04b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90209dd5af74e047683c15dea40b69f6a0aa1dbb162d7471724c0a429b2eb04b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/wasm32-wasip1/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62189, "scanner": "repobility-supply-chain", "fingerprint": "cbdc428200674ba47dabad3944597506c8f12e8f03559572c77c30d49ef3ec56", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbdc428200674ba47dabad3944597506c8f12e8f03559572c77c30d49ef3ec56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/arm-unknown-linux-gnueabihf/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.04` not pinned by digest: `FROM ubuntu:25.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62188, "scanner": "repobility-supply-chain", "fingerprint": "0135a8cce45ea184dfd41ffe4dee52b26af614860660637262dca9e5520da380", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0135a8cce45ea184dfd41ffe4dee52b26af614860660637262dca9e5520da380"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips64-unknown-linux-gnuabi64/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62187, "scanner": "repobility-supply-chain", "fingerprint": "1924eeba986e07a4b89bf397275eebfb7e189f9aeea15f7ac7b6a400897ede2a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1924eeba986e07a4b89bf397275eebfb7e189f9aeea15f7ac7b6a400897ede2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62186, "scanner": "repobility-supply-chain", "fingerprint": "5c03843ee9fc6076c2346d3940771070514713aee9c3a775e6db3822868b97d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5c03843ee9fc6076c2346d3940771070514713aee9c3a775e6db3822868b97d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i686-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62185, "scanner": "repobility-supply-chain", "fingerprint": "60acb2e882635448e7993fe486eecb0e46c0096ba7192cf1b9b91b7ee7b1681e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60acb2e882635448e7993fe486eecb0e46c0096ba7192cf1b9b91b7ee7b1681e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/aarch64_be-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62184, "scanner": "repobility-supply-chain", "fingerprint": "544f2b38c9b8b2e26fd943852538f5fc777677c4aee23bb77e4db9c8f1a679ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|544f2b38c9b8b2e26fd943852538f5fc777677c4aee23bb77e4db9c8f1a679ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/amdgcn-amd-amdhsa/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62183, "scanner": "repobility-supply-chain", "fingerprint": "58e96dfd5bc37d4424729cdc42564e4a66e1881b47769b99ebb069922fa07aef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|58e96dfd5bc37d4424729cdc42564e4a66e1881b47769b99ebb069922fa07aef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/x86_64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62182, "scanner": "repobility-supply-chain", "fingerprint": "0934b01cd42b2c80b98e38709e1ef46022a3011301788d08548a115fcdbb4b6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0934b01cd42b2c80b98e38709e1ef46022a3011301788d08548a115fcdbb4b6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv64gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62181, "scanner": "repobility-supply-chain", "fingerprint": "1b003ee434cd8900227c7088af1972636c31371d3cd9c53f539044d33fb27e54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b003ee434cd8900227c7088af1972636c31371d3cd9c53f539044d33fb27e54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/loongarch64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62180, "scanner": "repobility-supply-chain", "fingerprint": "b5fd9ba7f0679a95728a8b2f1f8a7284e7ed2857e01393a1089e3407b7ffd222", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5fd9ba7f0679a95728a8b2f1f8a7284e7ed2857e01393a1089e3407b7ffd222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mipsel-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62179, "scanner": "repobility-supply-chain", "fingerprint": "2bfebf4559b8189fe5c1b7fa2d2af8a90a27366fbc156327cb88a348604109d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2bfebf4559b8189fe5c1b7fa2d2af8a90a27366fbc156327cb88a348604109d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62178, "scanner": "repobility-supply-chain", "fingerprint": "22f6c0f81ce2b74a85b58525b5792cc0ac56fd8f3df3e350917886b7b803b76e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22f6c0f81ce2b74a85b58525b5792cc0ac56fd8f3df3e350917886b7b803b76e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/s390x-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62177, "scanner": "repobility-supply-chain", "fingerprint": "943932f491f48287aebf342c5fef45f6ddcdec4d0e9eacdf88b0f4762a915b94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|943932f491f48287aebf342c5fef45f6ddcdec4d0e9eacdf88b0f4762a915b94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/riscv32gc-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62176, "scanner": "repobility-supply-chain", "fingerprint": "19a6e2481cc32721117e9c61df9319b750058c8c7428c9c74da27efa3695fd0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19a6e2481cc32721117e9c61df9319b750058c8c7428c9c74da27efa3695fd0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/i586-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62175, "scanner": "repobility-supply-chain", "fingerprint": "f114d94dbf6d41c41e0ea81a6712018168ee55c844c10eb011b10e6e974aadf6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f114d94dbf6d41c41e0ea81a6712018168ee55c844c10eb011b10e6e974aadf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/hexagon-unknown-linux-musl/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62174, "scanner": "repobility-supply-chain", "fingerprint": "10bcee8adaff2b962e8e29f3194ac84dc792e33148ace9cc4d3ce2fc46859f81", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10bcee8adaff2b962e8e29f3194ac84dc792e33148ace9cc4d3ce2fc46859f81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64le-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62173, "scanner": "repobility-supply-chain", "fingerprint": "5a9b5f8bf21a0e98aee874761d337b6b26518f0427c62c4da72304580ef6c24a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a9b5f8bf21a0e98aee874761d337b6b26518f0427c62c4da72304580ef6c24a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/nvptx64-nvidia-cuda/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62172, "scanner": "repobility-supply-chain", "fingerprint": "4ae944c5dd92711ce11fd9d497c34902d62077d163ae9af999facd1ce7cedf8d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ae944c5dd92711ce11fd9d497c34902d62077d163ae9af999facd1ce7cedf8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/powerpc64-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ubuntu:25.10` not pinned by digest: `FROM ubuntu:25.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62171, "scanner": "repobility-supply-chain", "fingerprint": "31d23a4d3ed31f16d94a01dbdd859441ee508fd4725128c3d6889582755889c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31d23a4d3ed31f16d94a01dbdd859441ee508fd4725128c3d6889582755889c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/stdarch/ci/docker/mips-unknown-linux-gnu/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62170, "scanner": "repobility-supply-chain", "fingerprint": "0b8d9de5edbf412162009dfc88ea817215712235dac746d919898d454f3b9c13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b8d9de5edbf412162009dfc88ea817215712235dac746d919898d454f3b9c13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62169, "scanner": "repobility-supply-chain", "fingerprint": "2bda174c91b73febdd0ffe630103cdf0056b76d8579b690e160fce982e50c54e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2bda174c91b73febdd0ffe630103cdf0056b76d8579b690e160fce982e50c54e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62168, "scanner": "repobility-supply-chain", "fingerprint": "cee7c194037efd459b8a36a3e8bd7493efc1de463a0f174e43b04a4111b13e8d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cee7c194037efd459b8a36a3e8bd7493efc1de463a0f174e43b04a4111b13e8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62167, "scanner": "repobility-supply-chain", "fingerprint": "6ecdfe1afe52087531808d2b4cdaccbff511b6bdfd647f4e49e8580a0a0df49e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ecdfe1afe52087531808d2b4cdaccbff511b6bdfd647f4e49e8580a0a0df49e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62166, "scanner": "repobility-supply-chain", "fingerprint": "f56f6eac4e1310465d11c2fc5154f1a4e12b27535263ef39c2ea9c9f2610d292", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f56f6eac4e1310465d11c2fc5154f1a4e12b27535263ef39c2ea9c9f2610d292"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62165, "scanner": "repobility-supply-chain", "fingerprint": "96a7cc474dec0d4a4ebedd62c083c75d5b2b775ff966be4efbc54bb337e8aa60", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96a7cc474dec0d4a4ebedd62c083c75d5b2b775ff966be4efbc54bb337e8aa60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/main.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62164, "scanner": "repobility-supply-chain", "fingerprint": "d15925a1739fbebb6042dbb6b0924fc89a3adeb50b9bd955cb309aee59b59c16", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d15925a1739fbebb6042dbb6b0924fc89a3adeb50b9bd955cb309aee59b59c16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/abi-cafe.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62163, "scanner": "repobility-supply-chain", "fingerprint": "18dd3bcbec915bfc7506a558822ae62b250e0b68395b19e76af95023e6771cb5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18dd3bcbec915bfc7506a558822ae62b250e0b68395b19e76af95023e6771cb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/.github/workflows/abi-cafe.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62162, "scanner": "repobility-supply-chain", "fingerprint": "d8c5f33836318ef91b2a58f330490cd9af47039c236fa7e69e0a0fa2b0c8587f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8c5f33836318ef91b2a58f330490cd9af47039c236fa7e69e0a0fa2b0c8587f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/stdarch.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62161, "scanner": "repobility-supply-chain", "fingerprint": "e44a8f780a13554f1dce6e198b663a3efd8ffd076f96942a18453797de99ba97", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e44a8f780a13554f1dce6e198b663a3efd8ffd076f96942a18453797de99ba97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/stdarch.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62160, "scanner": "repobility-supply-chain", "fingerprint": "1365356126127ea754f0915b1d5ba0bfc4debc4e27b6454122863bef2c85bd0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1365356126127ea754f0915b1d5ba0bfc4debc4e27b6454122863bef2c85bd0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/gcc12.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62159, "scanner": "repobility-supply-chain", "fingerprint": "cc69a822aa6bdd7eaf3b8b0b0d78744633502318aea71f115ee2b2b68b5e2a25", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc69a822aa6bdd7eaf3b8b0b0d78744633502318aea71f115ee2b2b68b5e2a25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/gcc12.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62158, "scanner": "repobility-supply-chain", "fingerprint": "ce3286ff3fc78bde1d9c6a616230b3bc8eba3f3bc2f239566188f6be4724acab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce3286ff3fc78bde1d9c6a616230b3bc8eba3f3bc2f239566188f6be4724acab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/release.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62157, "scanner": "repobility-supply-chain", "fingerprint": "d610d5ec0607632326a9cbc7b1fa8e2b3d823ffb555509d699b822f6e2eed314", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d610d5ec0607632326a9cbc7b1fa8e2b3d823ffb555509d699b822f6e2eed314"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/release.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62156, "scanner": "repobility-supply-chain", "fingerprint": "bbeaf037bd389c8cf173f75421737b86a2b4e30d29725b8b4f7ea8bcc44952ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bbeaf037bd389c8cf173f75421737b86a2b4e30d29725b8b4f7ea8bcc44952ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `streetsidesoftware/cspell-action` pinned to mutable ref `@v7`: `uses: streetsidesoftware/cspell-action@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62155, "scanner": "repobility-supply-chain", "fingerprint": "18f0221bf3efebf303a06845fa15477c75441ca11eb129095ce8606163ca307b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18f0221bf3efebf303a06845fa15477c75441ca11eb129095ce8606163ca307b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `crate-ci/typos` pinned to mutable ref `@v1.32.0`: `uses: crate-ci/typos@v1.32.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62154, "scanner": "repobility-supply-chain", "fingerprint": "fa5b792d87aed9f3ac1c840a9a27855d332a744a8d3fa13936ecda179ce06651", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa5b792d87aed9f3ac1c840a9a27855d332a744a8d3fa13936ecda179ce06651"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62153, "scanner": "repobility-supply-chain", "fingerprint": "1fb624dfcf0e2c806f11a871638667025e42b08849655c1210f5ef06e37716ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1fb624dfcf0e2c806f11a871638667025e42b08849655c1210f5ef06e37716ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62152, "scanner": "repobility-supply-chain", "fingerprint": "4a82385b6cdda6c125f04f8b87a71350db1b693de52b29b28af3944be8b6df81", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a82385b6cdda6c125f04f8b87a71350db1b693de52b29b28af3944be8b6df81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62151, "scanner": "repobility-supply-chain", "fingerprint": "4c13258e24a82cf4827028f4c0e24d63b4fbf49f259111b61bd4ebea21215176", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c13258e24a82cf4827028f4c0e24d63b4fbf49f259111b61bd4ebea21215176"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62150, "scanner": "repobility-supply-chain", "fingerprint": "5a6ab70ab150352496f1897a710882294e7982d9ed1f2575a8e664797ee6e44c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a6ab70ab150352496f1897a710882294e7982d9ed1f2575a8e664797ee6e44c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/ci.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62149, "scanner": "repobility-supply-chain", "fingerprint": "5a8e850443be0a539898fc6220018ca0ba93a90595f7c4d8f112130e7835589a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a8e850443be0a539898fc6220018ca0ba93a90595f7c4d8f112130e7835589a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/failures.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62148, "scanner": "repobility-supply-chain", "fingerprint": "26831ad9099ca5ad3afe77fee6de883597cae6178c5edd89501548c04a72b836", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26831ad9099ca5ad3afe77fee6de883597cae6178c5edd89501548c04a72b836"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/failures.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62147, "scanner": "repobility-supply-chain", "fingerprint": "9d95a02eca4c182ae21918fcfd2b302cd37b8ae6b4f6b2877f3966a7f24d0f03", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9d95a02eca4c182ae21918fcfd2b302cd37b8ae6b4f6b2877f3966a7f24d0f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/m68k.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62146, "scanner": "repobility-supply-chain", "fingerprint": "a05633d55c0f8c0bff535a03e0450c3ab003ce3c7869cd871b19eab238d72d5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a05633d55c0f8c0bff535a03e0450c3ab003ce3c7869cd871b19eab238d72d5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/.github/workflows/m68k.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cargo_miri_multi_target: Test function `test_cargo_miri_multi_target` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62140, "scanner": "repobility-ast-engine", "fingerprint": "019603bec41c8ebec8ded774d55ab0e7782d21415969cd0d4da7416831d05c12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|019603bec41c8ebec8ded774d55ab0e7782d21415969cd0d4da7416831d05c12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/test-cargo-miri/run-test.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cargo_miri_test: Test function `test_cargo_miri_test` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62139, "scanner": "repobility-ast-engine", "fingerprint": "b433a66588eb67f1872fd3ba8c9a4f7c1e62e82e93c08e9023b23ef74d0e0834", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b433a66588eb67f1872fd3ba8c9a4f7c1e62e82e93c08e9023b23ef74d0e0834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/test-cargo-miri/run-test.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cargo_miri_run: Test function `test_cargo_miri_run` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62138, "scanner": "repobility-ast-engine", "fingerprint": "eec9b1ceb97813a3443c84e6601bd9e56a1bf3489e798121a3c4866340aa787f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eec9b1ceb97813a3443c84e6601bd9e56a1bf3489e798121a3c4866340aa787f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/test-cargo-miri/run-test.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_option_checking: Test function `test_option_checking` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62134, "scanner": "repobility-ast-engine", "fingerprint": "f3b70b46afd6c094c17376ee81c9d4466a5d98522fd2288b666856fce1f90d28", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3b70b46afd6c094c17376ee81c9d4466a5d98522fd2288b666856fce1f90d28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootstrap/bootstrap_test.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_need_value_args: Test function `test_need_value_args` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62133, "scanner": "repobility-ast-engine", "fingerprint": "0ce2612d0bebe93488fb27bbf843ef6257aa30b0fb83c9f34adaf5bfec78c9d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ce2612d0bebe93488fb27bbf843ef6257aa30b0fb83c9f34adaf5bfec78c9d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootstrap/bootstrap_test.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unknown_args: Test function `test_unknown_args` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62132, "scanner": "repobility-ast-engine", "fingerprint": "2daa3a4bd5aef08489869d7272f27cd901a48f47bab99652a646d4841fd20283", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2daa3a4bd5aef08489869d7272f27cd901a48f47bab99652a646d4841fd20283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bootstrap/bootstrap_test.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62129, "scanner": "repobility-ast-engine", "fingerprint": "7b294d0f9333f2e9b2c8c2461c83eb36f24ccb25c9db74baace6c5d4087e2a23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b294d0f9333f2e9b2c8c2461c83eb36f24ccb25c9db74baace6c5d4087e2a23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62128, "scanner": "repobility-ast-engine", "fingerprint": "9b923f4549699ae0eaf449d07b0a30dd311ae339a0697f93dcbaac2bf88d9c44", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b923f4549699ae0eaf449d07b0a30dd311ae339a0697f93dcbaac2bf88d9c44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 514}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.length` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSyntheticProvider` reads `self.length`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62127, "scanner": "repobility-ast-engine", "fingerprint": "8886671ce2e01f9d13eec85246e19e91814d44cbf00970f146d87bb911a1c37d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8886671ce2e01f9d13eec85246e19e91814d44cbf00970f146d87bb911a1c37d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 512}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.element_type` used but never assigned in __init__: Method `get_child_at_index` of class `StdStringSyntheticProvider` reads `self.element_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62126, "scanner": "repobility-ast-engine", "fingerprint": "8bc63cf4f649e2bde02d1848a9285a6b71a6c7766c0fd2fafc592cd0b1d24800", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bc63cf4f649e2bde02d1848a9285a6b71a6c7766c0fd2fafc592cd0b1d24800"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 517}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.length` used but never assigned in __init__: Method `num_children` of class `StdStringSyntheticProvider` reads `self.length`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62125, "scanner": "repobility-ast-engine", "fingerprint": "1fe0f7d9d059d326a83dbb5448d00f5bc7cf79c8c9d4715095a3e955c3b56695", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1fe0f7d9d059d326a83dbb5448d00f5bc7cf79c8c9d4715095a3e955c3b56695"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 502}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62124, "scanner": "repobility-ast-engine", "fingerprint": "578c7718f1e487fd3e4bda1a676f10fc0d75bfefbfa4d05b5c06a080603aa727", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|578c7718f1e487fd3e4bda1a676f10fc0d75bfefbfa4d05b5c06a080603aa727"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62123, "scanner": "repobility-ast-engine", "fingerprint": "fa3b14e56ae4fcaec09832df5ddba2a84a0badf1505af57fd06df94773266491", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa3b14e56ae4fcaec09832df5ddba2a84a0badf1505af57fd06df94773266491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 489}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.capacity` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.capacity`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62122, "scanner": "repobility-ast-engine", "fingerprint": "d584a701f9ac08f9e870f5db1ed2ded310424e0584f90e0587bae238c1688cbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d584a701f9ac08f9e870f5db1ed2ded310424e0584f90e0587bae238c1688cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 488}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.length` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.length`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62121, "scanner": "repobility-ast-engine", "fingerprint": "6bdfd99723ab53590c80cec502af8df8654f7ead4324d2a6c9a4d6f729f6b4a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bdfd99723ab53590c80cec502af8df8654f7ead4324d2a6c9a4d6f729f6b4a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.length` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.length`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62120, "scanner": "repobility-ast-engine", "fingerprint": "3589fcd4413840965d2f74e324d069eb39c47a69077c1ce017f3044a63de458b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3589fcd4413840965d2f74e324d069eb39c47a69077c1ce017f3044a63de458b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 492}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.capacity` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.capacity`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62119, "scanner": "repobility-ast-engine", "fingerprint": "c0b1c0477eaf815acd726fd2d8bd59268ba840e19888ce1f1bd241f49bed836d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0b1c0477eaf815acd726fd2d8bd59268ba840e19888ce1f1bd241f49bed836d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 491}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.element_type` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.element_type`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62118, "scanner": "repobility-ast-engine", "fingerprint": "5a51f24c1c6fc110bcfe8ef6eb8f63c54d27ae8937cfd68f0360a3f59c2a5860", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a51f24c1c6fc110bcfe8ef6eb8f63c54d27ae8937cfd68f0360a3f59c2a5860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 496}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.capacity` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.capacity`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62117, "scanner": "repobility-ast-engine", "fingerprint": "e4bdc38a29aafe2f6d1d1dc9d7e275f05dd8405f5ecd2478b493e6cdf908be36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4bdc38a29aafe2f6d1d1dc9d7e275f05dd8405f5ecd2478b493e6cdf908be36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.data_ptr` used but never assigned in __init__: Method `update` of class `StdStringSyntheticProvider` reads `self.data_ptr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62116, "scanner": "repobility-ast-engine", "fingerprint": "88c754dc491c8ff99b2399bac201614e367e25d378ea28335a6e4bb4586439c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88c754dc491c8ff99b2399bac201614e367e25d378ea28335a6e4bb4586439c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/lldb_providers.py"}, "region": {"startLine": 470}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_absolute_path` used but never assigned in __init__: Method `get_dir` of class `CachedFiles` reads `self.get_absolute_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62115, "scanner": "repobility-ast-engine", "fingerprint": "3bccdc8a766cc7a7840e850198fe9a03fe2d0f4e676e42538cd50f67fa20bdc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3bccdc8a766cc7a7840e850198fe9a03fe2d0f4e676e42538cd50f67fa20bdc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_path` used but never assigned in __init__: Method `get_dir` of class `CachedFiles` reads `self.resolve_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62114, "scanner": "repobility-ast-engine", "fingerprint": "7670e169bfd3bde7a499c07e4d5278247902149576a70101b6796a20c19f5e15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7670e169bfd3bde7a499c07e4d5278247902149576a70101b6796a20c19f5e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_absolute_path` used but never assigned in __init__: Method `get_tree` of class `CachedFiles` reads `self.get_absolute_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62113, "scanner": "repobility-ast-engine", "fingerprint": "b367964c172c93e995660eec43d9dc41e20158760d31cd64e140df8761e309d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b367964c172c93e995660eec43d9dc41e20158760d31cd64e140df8761e309d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_path` used but never assigned in __init__: Method `get_tree` of class `CachedFiles` reads `self.resolve_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62112, "scanner": "repobility-ast-engine", "fingerprint": "95b3306beb35a7dfa997bb92c54115e65b88f3cfb8b95920a7ed09d521faddf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95b3306beb35a7dfa997bb92c54115e65b88f3cfb8b95920a7ed09d521faddf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_absolute_path` used but never assigned in __init__: Method `get_file` of class `CachedFiles` reads `self.get_absolute_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62111, "scanner": "repobility-ast-engine", "fingerprint": "958fcd8f29fedc310cf7aa263df1c998702e0b4d60c0554e263f1612421bddc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|958fcd8f29fedc310cf7aa263df1c998702e0b4d60c0554e263f1612421bddc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.resolve_path` used but never assigned in __init__: Method `get_file` of class `CachedFiles` reads `self.resolve_path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62110, "scanner": "repobility-ast-engine", "fingerprint": "91be0c17090c82cc92b59b8d0e1c048181d0cde59c493791fb596f9d5e2aba48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91be0c17090c82cc92b59b8d0e1c048181d0cde59c493791fb596f9d5e2aba48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/etc/htmldocck.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.may_skip_libm_ci` used but never assigned in __init__: Method `emit_workflow_output` of class `Context` reads `self.may_skip_libm_ci`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62109, "scanner": "repobility-ast-engine", "fingerprint": "b6bb7caf7a5e5e55bddf9926517ff68e7968d48e768caa63ff433e9abfa4fbeb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6bb7caf7a5e5e55bddf9926517ff68e7968d48e768caa63ff433e9abfa4fbeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/ci-util.py"}, "region": {"startLine": 328}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.changed_routines` used but never assigned in __init__: Method `emit_workflow_output` of class `Context` reads `self.changed_routines`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62108, "scanner": "repobility-ast-engine", "fingerprint": "732f2e3e70c1e98423822de368f6434e32cd351f96a02a25027483683f6a1966", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|732f2e3e70c1e98423822de368f6434e32cd351f96a02a25027483683f6a1966"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/ci-util.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_pr` used but never assigned in __init__: Method `may_skip_libm_ci` of class `Context` reads `self.is_pr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62107, "scanner": "repobility-ast-engine", "fingerprint": "f3d1d2c7d2f032b826a4f59cd2d3797c420f7d9ef1b941eb31c96a071b1f1a80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3d1d2c7d2f032b826a4f59cd2d3797c420f7d9ef1b941eb31c96a071b1f1a80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/ci-util.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._ignore_file` used but never assigned in __init__: Method `changed_routines` of class `Context` reads `self._ignore_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62106, "scanner": "repobility-ast-engine", "fingerprint": "397dd1cf524a2cb48dd8129cc644bf8e3485b5d94d48cd2619798ba1103ff801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|397dd1cf524a2cb48dd8129cc644bf8e3485b5d94d48cd2619798ba1103ff801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/ci-util.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.is_pr` used but never assigned in __init__: Method `_init_change_list` of class `Context` reads `self.is_pr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62105, "scanner": "repobility-ast-engine", "fingerprint": "27334d448aee789bad95c977495ab08f74101fb49e22a4c2ddd22bd67699971c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|27334d448aee789bad95c977495ab08f74101fb49e22a4c2ddd22bd67699971c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/ci/ci-util.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62101, "scanner": "repobility-docker", "fingerprint": "4872ab5808eac50b85c8cdec716d93a64394e3667be21e07fd82ca428a859720", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4872ab5808eac50b85c8cdec716d93a64394e3667be21e07fd82ca428a859720"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/rust-analyzer/.github/actions/github-release/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR015", "level": "error", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 61909, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": true, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": ".git/objects/pack/pack-6bf069220159dfdbf7607cf483da7c4f8545c8bd.pack", "size_mb": 43.3}, {"path": "src/doc/rustc-dev-guide/src/queries/example-0.html", "size_mb": 9.6}, {"path": "tests/ui/parser/survive-peano-lesson-queue.rs", "size_mb": 7.7}, {"path": ".git/index", "size_mb": 6.9}, {"path": ".git/objects/pack/pack-db123e81c6e9939b5b95b3794a63b197e8afa290.pack", "size_mb": 2.4}], "included_files": 50000, "context_size_mb": 173.4, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 61841, "scanner": "repobility-threat-engine", "fingerprint": "c0712a88641774fb17b7ee3308a1362846c6e2e8e929a816110bcc15acb711d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c0712a88641774fb17b7ee3308a1362846c6e2e8e929a816110bcc15acb711d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/std/src/sys/net/connection/uefi/mod.rs"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 61840, "scanner": "repobility-threat-engine", "fingerprint": "1b72a1c6b26fda329b60d3c583b728287d3e0862392b1c043d64ff8006b0249e", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "bytes(request.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b72a1c6b26fda329b60d3c583b728287d3e0862392b1c043d64ff8006b0249e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/std/src/os/xous/services.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 61834, "scanner": "repobility-threat-engine", "fingerprint": "90498cfc296a54cca1d777c17fce21bef4c71bc7c5614f351c52ba2c52ca956f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90498cfc296a54cca1d777c17fce21bef4c71bc7c5614f351c52ba2c52ca956f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "library/compiler-builtins/libm-test/examples/plot_file.jl"}, "region": {"startLine": 16}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `check_duplicates` has cognitive complexity 51 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, else=1, for=2, if=9, nested_bonus=32, ternary=2, while=2."}, "properties": {"repobilityId": 61826, "scanner": "repobility-threat-engine", "fingerprint": "0f27ba68abb07c86a7d24ede668ecad535cda037f2973ec1506d8209116fa164", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 51 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "check_duplicates", "breakdown": {"if": 9, "for": 2, "else": 1, "while": 2, "ternary": 2, "continue": 3, "nested_bonus": 32}, "complexity": 51, "correlation_key": "fp|0f27ba68abb07c86a7d24ede668ecad535cda037f2973ec1506d8209116fa164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/tools/check_intrinsics_duplicates.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 61825, "scanner": "repobility-threat-engine", "fingerprint": "ab9aa4d6b9b1707ba77daa533e262fcb2eeb377288b24da6ca9edfaf60c9e7a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab9aa4d6b9b1707ba77daa533e262fcb2eeb377288b24da6ca9edfaf60c9e7a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/build_system/src/rust_tools.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 61823, "scanner": "repobility-threat-engine", "fingerprint": "1cf034980727f6e7271686a458a7ff537e9d5b7892c1e5259f8ada3044b26422", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1cf034980727f6e7271686a458a7ff537e9d5b7892c1e5259f8ada3044b26422"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/src/debuginfo/line_info.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 61817, "scanner": "repobility-threat-engine", "fingerprint": "86dfac267c69b79b335f2380c4461593f99b5e74d9ff64d719aecd39b12363f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|86dfac267c69b79b335f2380c4461593f99b5e74d9ff64d719aecd39b12363f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/src/unwind_module.rs"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 61816, "scanner": "repobility-threat-engine", "fingerprint": "112b12f043cd5cbb3499c8db14873c7140fe61b8aa17edb747ebe38c206d740c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|112b12f043cd5cbb3499c8db14873c7140fe61b8aa17edb747ebe38c206d740c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/src/main_shim.rs"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 61815, "scanner": "repobility-threat-engine", "fingerprint": "2da285d97536ce181792aa6db6c63e37fcf0b3a5b39f044c0824e4d31529e6ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2da285d97536ce181792aa6db6c63e37fcf0b3a5b39f044c0824e4d31529e6ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/example/issue-59326.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 61805, "scanner": "repobility-threat-engine", "fingerprint": "5a8bb410f65babe569551c625dcc9fca3dd04625336cbae8c939d342d0d07124", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "SIMPLE_RAYTRACER_REPO.fetch(dirs);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a8bb410f65babe569551c625dcc9fca3dd04625336cbae8c939d342d0d07124"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/build_system/bench.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 61804, "scanner": "repobility-threat-engine", "fingerprint": "e838a8fd43cc29753d032f4e54688a2ab8d86077d30ef9ce4656604b702d7801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ABI_CAFE_REPO.fetch(dirs);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e838a8fd43cc29753d032f4e54688a2ab8d86077d30ef9ce4656604b702d7801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_cranelift/build_system/abi_cafe.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 61803, "scanner": "repobility-threat-engine", "fingerprint": "156d33a8201571a533c2061a8caf3a298ca4aa59f1595e57574608187e235318", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "chunk.destroy(chunk.entries);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|156d33a8201571a533c2061a8caf3a298ca4aa59f1595e57574608187e235318"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_arena/src/tests.rs"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 61797, "scanner": "repobility-threat-engine", "fingerprint": "5aec7d3b4c87e246360ce26e217174654d136e3f8a853a0853b6506c5b054780", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5aec7d3b4c87e246360ce26e217174654d136e3f8a853a0853b6506c5b054780"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_abi/src/tests.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 61796, "scanner": "repobility-threat-engine", "fingerprint": "a96af2e5168db788d5f024c378c5b7c45e611a9ec7d96b30433f66cd88470b1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a96af2e5168db788d5f024c378c5b7c45e611a9ec7d96b30433f66cd88470b1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_abi/src/extern_abi/tests.rs"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 61795, "scanner": "repobility-threat-engine", "fingerprint": "6648c6f17a38ae75c00a41c8891c877b5ab9266414d70b6b4a559365ba7bd196", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6648c6f17a38ae75c00a41c8891c877b5ab9266414d70b6b4a559365ba7bd196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc/build.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ZULIP_API_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ZULIP_API_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62201, "scanner": "repobility-supply-chain", "fingerprint": "538206fb70ed487fa4198189dccea8003f64c033edf434b4b43be8db1d1444fc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|538206fb70ed487fa4198189dccea8003f64c033edf434b4b43be8db1d1444fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/.github/workflows/ci.yml"}, "region": {"startLine": 276}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ZULIP_BOT_EMAIL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ZULIP_BOT_EMAIL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62200, "scanner": "repobility-supply-chain", "fingerprint": "1b4ea5e69903b8d2c988d3ad4766107e77cc690fd9293ff5cd7fe561b5e46e40", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b4ea5e69903b8d2c988d3ad4766107e77cc690fd9293ff5cd7fe561b5e46e40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/.github/workflows/ci.yml"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.APP_PRIVATE_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.APP_PRIVATE_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62199, "scanner": "repobility-supply-chain", "fingerprint": "0da9f87a2e4b60be9b778f4d8e200c92d8f4ef4db3d553ee7a632b8a8c8587e5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0da9f87a2e4b60be9b778f4d8e200c92d8f4ef4db3d553ee7a632b8a8c8587e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tools/miri/.github/workflows/ci.yml"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DATADOG_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DATADOG_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62198, "scanner": "repobility-supply-chain", "fingerprint": "847c5134497989e4b42fe0d772276e4d74073ec2cb535bd73baf384f37d279d3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|847c5134497989e4b42fe0d772276e4d74073ec2cb535bd73baf384f37d279d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ARTIFACTS_AWS_SECRET_ACCESS_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ARTIFACTS_AWS_SECRET_ACCESS_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62197, "scanner": "repobility-supply-chain", "fingerprint": "1e2218adb68ddcf95828ec9f8c269a16b08a6c575fd6ea999f1726981a99768c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e2218adb68ddcf95828ec9f8c269a16b08a6c575fd6ea999f1726981a99768c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ARTIFACTS_AWS_ACCESS_KEY_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ARTIFACTS_AWS_ACCESS_KEY_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62196, "scanner": "repobility-supply-chain", "fingerprint": "91946e2be46e8c3e6668eb48b41ef21d98c19c8682be99f41e79f501c1b69795", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|91946e2be46e8c3e6668eb48b41ef21d98c19c8682be99f41e79f501c1b69795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CACHES_AWS_SECRET_ACCESS_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHES_AWS_SECRET_ACCESS_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62195, "scanner": "repobility-supply-chain", "fingerprint": "4f18268d573febf6b95f9681fe554e31b5369891a320eb17ae34b078c461ccd7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f18268d573febf6b95f9681fe554e31b5369891a320eb17ae34b078c461ccd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CACHES_AWS_ACCESS_KEY_ID` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHES_AWS_ACCESS_KEY_ID }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62194, "scanner": "repobility-supply-chain", "fingerprint": "6c348325f66f3eb80897d9617c4eb3e0a6b258d321ddbc70b4b7a34c8c1facc3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6c348325f66f3eb80897d9617c4eb3e0a6b258d321ddbc70b4b7a34c8c1facc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.TOOLSTATE_REPO_ACCESS_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.TOOLSTATE_REPO_ACCESS_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 62193, "scanner": "repobility-supply-chain", "fingerprint": "d8135d136dae0b4f44178300480a700c3651a680172218d585a4c7dd26747339", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8135d136dae0b4f44178300480a700c3651a680172218d585a4c7dd26747339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `array` used but not imported: The file uses `array.something(...)` but never imports `array`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 62104, "scanner": "repobility-ast-engine", "fingerprint": "d38fcfaeb34ead6ae7b518e085d0e08c3876975a6be5d70d9d39a619a64ae370", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d38fcfaeb34ead6ae7b518e085d0e08c3876975a6be5d70d9d39a619a64ae370"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "compiler/rustc_codegen_gcc/tools/generate_intrinsics.py"}, "region": {"startLine": 36}}}]}]}]}