{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@astrojs/starlight` is minor version(s) behind (0.38.3 -> 0.39.3)", "shortDescription": {"text": "npm package `@astrojs/starlight` is minor version(s) behind (0.38.3 -> 0.39.3)"}, "fullDescription": {"text": "`@astrojs/starlight` is pinned/resolved at 0.38.3 but the latest stable release on the npm registry is 0.39.3 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2020-0168", "name": "mach: RUSTSEC-2020-0168", "shortDescription": {"text": "mach: RUSTSEC-2020-0168"}, "fullDescription": {"text": "mach is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0057", "name": "fxhash: RUSTSEC-2025-0057", "shortDescription": {"text": "fxhash: RUSTSEC-2025-0057"}, "fullDescription": {"text": "fxhash - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1191"}, "properties": {"repository": "tmandry/glide", "repoUrl": "https://github.com/tmandry/glide", "branch": "main"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 119691, "scanner": "repobility-threat-engine", "fingerprint": "36325f873bebb87ed1b4afc8e590756c1939f9bcf679780e0a8badb9ef5c40fb", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/actor/wm_controller.rs|58|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/wm_controller.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@astrojs/starlight` is minor version(s) behind (0.38.3 -> 0.39.3)"}, "properties": {"repobilityId": 119667, "scanner": "repobility-dependency-currency", "fingerprint": "c3734e2cbed5ed997a4342c9707b8fceac4404fed5b26b9ff33c59be658f98aa", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@astrojs/starlight", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.39.3", "correlation_key": "fp|c3734e2cbed5ed997a4342c9707b8fceac4404fed5b26b9ff33c59be658f98aa", "current_version": "0.38.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 119689, "scanner": "repobility-threat-engine", "fingerprint": "b0811e157f5b25ff0defe39bccf8a2060dfa8263d6723148ebe692d678a977e7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b0811e157f5b25ff0defe39bccf8a2060dfa8263d6723148ebe692d678a977e7", "aggregated_count": 2}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 119688, "scanner": "repobility-threat-engine", "fingerprint": "e2c972a004e7ef01a5339c1c10e75a37af8a506498812a7ee5eb56901d961675", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2c972a004e7ef01a5339c1c10e75a37af8a506498812a7ee5eb56901d961675"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/model/selection.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 119687, "scanner": "repobility-threat-engine", "fingerprint": "1512f24096a19dde4c90179d66432eefc346c517a3cb914da4c92290b9047161", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1512f24096a19dde4c90179d66432eefc346c517a3cb914da4c92290b9047161"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/reactor/testing.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 119686, "scanner": "repobility-threat-engine", "fingerprint": "e5c5a36ef29b3244bb94dcec81ba69c9508335ec4ef61aef0ca0db3fcf148cad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5c5a36ef29b3244bb94dcec81ba69c9508335ec4ef61aef0ca0db3fcf148cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/notification_center.rs"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 119685, "scanner": "repobility-threat-engine", "fingerprint": "7f07aa25aa2dbaac89c1d932d8aafe6e19f9152419d5ddd5083f6afd9c2fc0e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7f07aa25aa2dbaac89c1d932d8aafe6e19f9152419d5ddd5083f6afd9c2fc0e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "site/src/plugins/remark-readme-import.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 119684, "scanner": "repobility-threat-engine", "fingerprint": "d910029b0469188ecc0de169d5e6eb18042f624acf91c2bc1b88bb9e2753b0bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d910029b0469188ecc0de169d5e6eb18042f624acf91c2bc1b88bb9e2753b0bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "site/src/plugins/remark-readme-import.ts"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 119683, "scanner": "repobility-threat-engine", "fingerprint": "44ee9adda4bb4a8cfcd5a744c44e45cf3deccc6e0e74f8caa2b7648fbb1bdcb4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44ee9adda4bb4a8cfcd5a744c44e45cf3deccc6e0e74f8caa2b7648fbb1bdcb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "site/src/plugins/remark-readme-import.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 119682, "scanner": "repobility-threat-engine", "fingerprint": "7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "aggregated_count": 2}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 119681, "scanner": "repobility-threat-engine", "fingerprint": "4ee0469abb0bc8e1235aa6b2540b41c88371446945f49eabfe11cb83dbdf2cd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ee0469abb0bc8e1235aa6b2540b41c88371446945f49eabfe11cb83dbdf2cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/reactor/replay.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 119680, "scanner": "repobility-threat-engine", "fingerprint": "1b47039f6d505eb4239ab7fc2f2cdb636566dcd8a2805971c77f96bc1d2e9cf6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b47039f6d505eb4239ab7fc2f2cdb636566dcd8a2805971c77f96bc1d2e9cf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/mouse.rs"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 119679, "scanner": "repobility-threat-engine", "fingerprint": "663946f2fc345e4f5e0378614fc2425767988f78a551789823da0157f0ad617b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|663946f2fc345e4f5e0378614fc2425767988f78a551789823da0157f0ad617b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/make_windows.rs"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 119678, "scanner": "repobility-threat-engine", "fingerprint": "f4795bed0bf1f6a15a5f7002813392ca9507506d72622c4cb03b22d8e8022084", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f4795bed0bf1f6a15a5f7002813392ca9507506d72622c4cb03b22d8e8022084", "aggregated_count": 10}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 119677, "scanner": "repobility-threat-engine", "fingerprint": "2885a83f0d479d9282b98ba64e021b118539db0b0c2faad82c749795e4a11ff0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2885a83f0d479d9282b98ba64e021b118539db0b0c2faad82c749795e4a11ff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/group_bars.rs"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 119676, "scanner": "repobility-threat-engine", "fingerprint": "cc6fa96da6457c2e4ec16929426821edde163bb8b71537bdbb62cbffcf2107fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc6fa96da6457c2e4ec16929426821edde163bb8b71537bdbb62cbffcf2107fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/make_windows.rs"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 119675, "scanner": "repobility-threat-engine", "fingerprint": "1c65b47acd2cc7a9c300646c5a55331f6907e70fb9213c0fe4e548b271014010", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c65b47acd2cc7a9c300646c5a55331f6907e70fb9213c0fe4e548b271014010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/group_indicators.rs"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 119674, "scanner": "repobility-threat-engine", "fingerprint": "27821e687fbef96b730708a0d99a3059143f0f1e8da2cdb6a2a5ac5496fb2878", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|27821e687fbef96b730708a0d99a3059143f0f1e8da2cdb6a2a5ac5496fb2878", "aggregated_count": 11}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `mdast-util-from-markdown` is patch version(s) behind (2.0.2 -> 2.0.3)"}, "properties": {"repobilityId": 119668, "scanner": "repobility-dependency-currency", "fingerprint": "4a9699e60f7a0ebe37d37710d00eea7e2503a71561d83b54aec6753e3edbae65", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "mdast-util-from-markdown", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.0.3", "correlation_key": "fp|4a9699e60f7a0ebe37d37710d00eea7e2503a71561d83b54aec6753e3edbae65", "current_version": "2.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "site/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 119695, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2020-0168", "level": "error", "message": {"text": "mach: RUSTSEC-2020-0168"}, "properties": {"repobilityId": 119694, "scanner": "osv-scanner", "fingerprint": "38b9eca45b57c339189088b6bd5f1a43143de007b2de6eb2c0df800f1a4bbd2d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "mach", "rule_id": "RUSTSEC-2020-0168", "scanner": "osv-scanner", "correlation_key": "fp|38b9eca45b57c339189088b6bd5f1a43143de007b2de6eb2c0df800f1a4bbd2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0057", "level": "error", "message": {"text": "fxhash: RUSTSEC-2025-0057"}, "properties": {"repobilityId": 119693, "scanner": "osv-scanner", "fingerprint": "81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fxhash", "rule_id": "RUSTSEC-2025-0057", "scanner": "osv-scanner", "correlation_key": "fp|81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 119692, "scanner": "repobility-threat-engine", "fingerprint": "9cc5fb6962f01cdad3ff4ab874e09726c0222532fba3b1b7965ba9c6947f2947", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(ExecCmd", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9cc5fb6962f01cdad3ff4ab874e09726c0222532fba3b1b7965ba9c6947f2947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/wm_controller.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 119690, "scanner": "repobility-threat-engine", "fingerprint": "77cdaa037b81ad866465d20fae9ed7de260e169828051de8578c1c21e6662013", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|77cdaa037b81ad866465d20fae9ed7de260e169828051de8578c1c21e6662013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/reactor/testing.rs"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 119673, "scanner": "repobility-threat-engine", "fingerprint": "05edef457ca3427b08d6f073667e6bb5e0142628f755d55cd1dbd36fd4fd475f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05edef457ca3427b08d6f073667e6bb5e0142628f755d55cd1dbd36fd4fd475f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/notification_center.rs"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 119672, "scanner": "repobility-threat-engine", "fingerprint": "2a227a3cef0d0b3cfa156ca67272ef968c5e2c270876ac8d8d7cb6bcee68389f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a227a3cef0d0b3cfa156ca67272ef968c5e2c270876ac8d8d7cb6bcee68389f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/mouse.rs"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 119671, "scanner": "repobility-threat-engine", "fingerprint": "02d592f73bf2300d4ae455c48543e0fd628143196c15bdaa6f8b37214f7937f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02d592f73bf2300d4ae455c48543e0fd628143196c15bdaa6f8b37214f7937f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/group_indicators.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 119670, "scanner": "repobility-threat-engine", "fingerprint": "943c4a42317ca4ac2054d2dd10cee80329ac55243aafc46f583635de550f4df1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "indicator.view.update(group_data);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|943c4a42317ca4ac2054d2dd10cee80329ac55243aafc46f583635de550f4df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/actor/group_bars.rs"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 119669, "scanner": "repobility-threat-engine", "fingerprint": "7a43e36a90825a0c08d1f18ea4f63f6ccc4d677d33b921f0e8c3121992742f67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "indicator_view.update(group_data_with_frame);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a43e36a90825a0c08d1f18ea4f63f6ccc4d677d33b921f0e8c3121992742f67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/group_indicators.rs"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 119666, "scanner": "repobility-supply-chain", "fingerprint": "84f3fb8d704f02ed78164a8337d5ffbdace7f0bfb9a4b5096768d5a2f99b1215", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84f3fb8d704f02ed78164a8337d5ffbdace7f0bfb9a4b5096768d5a2f99b1215"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119665, "scanner": "repobility-supply-chain", "fingerprint": "ece6954d3cb5b6d395e9664f1624c4d822a40f4003cf1858abd6fab5d46bb0a5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ece6954d3cb5b6d395e9664f1624c4d822a40f4003cf1858abd6fab5d46bb0a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `apple-actions/import-codesign-certs` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 119664, "scanner": "repobility-supply-chain", "fingerprint": "8602ebb3d0d2b96b666d0401a6a978fad8a149de8656b5971acfedd87aa68a08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8602ebb3d0d2b96b666d0401a6a978fad8a149de8656b5971acfedd87aa68a08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119663, "scanner": "repobility-supply-chain", "fingerprint": "16f08b2f622b393aca1c3ae106f9f4eedaf515a8f3243a1b3f3062a248b1bfa2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16f08b2f622b393aca1c3ae106f9f4eedaf515a8f3243a1b3f3062a248b1bfa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 119662, "scanner": "repobility-supply-chain", "fingerprint": "7a1a137927ed876ffb95e9ddba6b98c3e35db92ca14974c1ef14459b9c6f5b30", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a1a137927ed876ffb95e9ddba6b98c3e35db92ca14974c1ef14459b9c6f5b30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `taiki-e/cache-cargo-install-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 119661, "scanner": "repobility-supply-chain", "fingerprint": "cb43e697ec148d0fbd083787fb1820858a759cc27bdc0c63907e8e68d565043a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb43e697ec148d0fbd083787fb1820858a759cc27bdc0c63907e8e68d565043a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/deploy-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119660, "scanner": "repobility-supply-chain", "fingerprint": "30306ca63f8652fbfc2c43258543a4b26fc691e8aa968550eb0d9f38646cf437", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30306ca63f8652fbfc2c43258543a4b26fc691e8aa968550eb0d9f38646cf437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/site.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `withastro/action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119659, "scanner": "repobility-supply-chain", "fingerprint": "5842dd2626dcf733e507869e2cb2f86403b20aec952f1403f81d746a3cd9e713", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5842dd2626dcf733e507869e2cb2f86403b20aec952f1403f81d746a3cd9e713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/site.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119658, "scanner": "repobility-supply-chain", "fingerprint": "f7b4ea773378ab18d342531152e308d7413c1f6a9561b136bd87eac8841b3bdf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7b4ea773378ab18d342531152e308d7413c1f6a9561b136bd87eac8841b3bdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/site.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `googleapis/release-please-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119657, "scanner": "repobility-supply-chain", "fingerprint": "fe4fe60259cbd3cc8654b053b598752ad39673db5b2e15bc61a39e5ba60ff299", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe4fe60259cbd3cc8654b053b598752ad39673db5b2e15bc61a39e5ba60ff299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-please.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 119656, "scanner": "repobility-supply-chain", "fingerprint": "87b2005bef86285d3d30ae4b883db7018f14ffd95a97e58d586da953822db08b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87b2005bef86285d3d30ae4b883db7018f14ffd95a97e58d586da953822db08b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-please.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `jwalton/gh-find-current-pr` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 119655, "scanner": "repobility-supply-chain", "fingerprint": "cc8fb0d3eac48a5155f8bf0d4b7e0ce35c99803735b00f173ae00e11f40840d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc8fb0d3eac48a5155f8bf0d4b7e0ce35c99803735b00f173ae00e11f40840d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-please.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119654, "scanner": "repobility-supply-chain", "fingerprint": "01e2ff23353bd53c80ae55bafc8712e4be2cd40b531700a4f8674a3b6c484fd5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01e2ff23353bd53c80ae55bafc8712e4be2cd40b531700a4f8674a3b6c484fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-please.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `googleapis/release-please-action` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119653, "scanner": "repobility-supply-chain", "fingerprint": "b436bd9227d7787d2a25b882c72c97a5f361bbf6f14660c6ae2378af994deb2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b436bd9227d7787d2a25b882c72c97a5f361bbf6f14660c6ae2378af994deb2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-please.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119652, "scanner": "repobility-supply-chain", "fingerprint": "f6355c8c3f36682675191bc7d87ebe3c6d2f38992137c8d077ec36660c159ea9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6355c8c3f36682675191bc7d87ebe3c6d2f38992137c8d077ec36660c159ea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 119651, "scanner": "repobility-supply-chain", "fingerprint": "9f85530a0e4d97f2fd1934c58170f654a4a32cd88c2dc9ec2d4ff1cf05fb229b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f85530a0e4d97f2fd1934c58170f654a4a32cd88c2dc9ec2d4ff1cf05fb229b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 119650, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}