{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/382"}, "properties": {"repository": "boxlite-ai/boxlite", "repoUrl": "https://github.com/boxlite-ai/boxlite.git", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12509, "scanner": "repobility-docker", "fingerprint": "cb34fd61b791fbb4d635817c3e10c145f5b37127fa3ba11504c1dafc4fa8a4a9", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cb34fd61b791fbb4d635817c3e10c145f5b37127fa3ba11504c1dafc4fa8a4a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/ssh-gateway/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12508, "scanner": "repobility-docker", "fingerprint": "e3fab4b9ca1f314f507ecb1c203a456e53fdc598d5f7a060985a5218802bc6b1", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e3fab4b9ca1f314f507ecb1c203a456e53fdc598d5f7a060985a5218802bc6b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/snapshot-manager/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12507, "scanner": "repobility-docker", "fingerprint": "a785ba3101867beb5dcba7187014784c3ed82f6bcb75dceb7b8f5abc74f355a7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.22", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a785ba3101867beb5dcba7187014784c3ed82f6bcb75dceb7b8f5abc74f355a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/runner/Dockerfile"}, "region": {"startLine": 63}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12506, "scanner": "repobility-docker", "fingerprint": "8338b810819d7e1a6349b9a24a965d900e4333e862492612d8537e8eb5aea350", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8338b810819d7e1a6349b9a24a965d900e4333e862492612d8537e8eb5aea350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/proxy/Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12505, "scanner": "repobility-docker", "fingerprint": "71d80b1b9c3f49efe37a471bdddb634e15dbe2f36818fd9f62c3d43655309023", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|71d80b1b9c3f49efe37a471bdddb634e15dbe2f36818fd9f62c3d43655309023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/Dockerfile"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12503, "scanner": "repobility-docker", "fingerprint": "730f465b7c75d63ccc04f3df6d94a1a1b002d605de3ae16886807c96391115d5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:24-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|730f465b7c75d63ccc04f3df6d94a1a1b002d605de3ae16886807c96391115d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 12498, "scanner": "repobility-threat-engine", "fingerprint": "1615ebf6c9348f02f4ba76471a4c3efe05363e97f1e7d3a9cf2d59307480ab5a", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|118|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/box_runtime.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12496, "scanner": "repobility-threat-engine", "fingerprint": "056dd4c30e87c31c8e2645fee7ef94abde6c0f83ed8e6ac240eeb20f9a4ff45b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|056dd4c30e87c31c8e2645fee7ef94abde6c0f83ed8e6ac240eeb20f9a4ff45b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/sync_api/_boxlite.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12495, "scanner": "repobility-threat-engine", "fingerprint": "4375adc28c5c48534fd923cc954b7e4416c4e3e7a2f543797ec04233c3a3d97e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4375adc28c5c48534fd923cc954b7e4416c4e3e7a2f543797ec04233c3a3d97e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/interactivebox.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12494, "scanner": "repobility-threat-engine", "fingerprint": "cecc534a09c891b88bd71cfa68930a60ee5d6b0ea260447aaf4db1d7befcd0da", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cecc534a09c891b88bd71cfa68930a60ee5d6b0ea260447aaf4db1d7befcd0da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 12493, "scanner": "repobility-threat-engine", "fingerprint": "5033f08fe844f2acb328bf30c332d063df6bfcabc8b57bed29ebaa5cdf94c8d2", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|sdks/python/src/options.rs|103|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/src/options.rs"}, "region": {"startLine": 103}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12488, "scanner": "repobility-agent-runtime", "fingerprint": "27d251a9bbf0336bff13f6ef26b415ac2188e3f3a0aa959aad12f3aaa9078743", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|27d251a9bbf0336bff13f6ef26b415ac2188e3f3a0aa959aad12f3aaa9078743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/terminal/static/index.html"}, "region": {"startLine": 548}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 12487, "scanner": "repobility-agent-runtime", "fingerprint": "b18fe9a74ce8e5611fd0e96a3e9e85cc4946d523282a8948fdac3647b928f7cb", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b18fe9a74ce8e5611fd0e96a3e9e85cc4946d523282a8948fdac3647b928f7cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 196}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12486, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23c6b8cfcdf7615536989e55f3e8e08c229193b962ee720e188259250543cd1f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 333, "correlation_key": "fp|23c6b8cfcdf7615536989e55f3e8e08c229193b962ee720e188259250543cd1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12485, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa1fdb7a512e283f682327519923409f7ced109f431b0ead40b204bc514798d2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|aa1fdb7a512e283f682327519923409f7ced109f431b0ead40b204bc514798d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12484, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20494c54164322065052e2382deb757459cd23c5b516bd3476119d561492e75e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_config.go", "duplicate_line": 1, "correlation_key": "fp|20494c54164322065052e2382deb757459cd23c5b516bd3476119d561492e75e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12483, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a7a962afca0397ecd2e976c6f64d0301d79c767e132555472d1ec5c7129f535", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_audit.go", "duplicate_line": 82, "correlation_key": "fp|1a7a962afca0397ecd2e976c6f64d0301d79c767e132555472d1ec5c7129f535"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_jobs.go"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12482, "scanner": "repobility-ai-code-hygiene", "fingerprint": "356620283da5018c74a507328f02dbf30bebf200721e4b3d43531830ce0c44a8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|356620283da5018c74a507328f02dbf30bebf200721e4b3d43531830ce0c44a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_jobs.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12481, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2096d3416e5048321c4c8f3b6c79c85b3f9e2734348d80c58bc0fc6e6e2039a3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|2096d3416e5048321c4c8f3b6c79c85b3f9e2734348d80c58bc0fc6e6e2039a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_health.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12480, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2f5513196770e224521e0022d18aac2e2fe69d7bec97cba0e9b053945545404", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_config.go", "duplicate_line": 1, "correlation_key": "fp|b2f5513196770e224521e0022d18aac2e2fe69d7bec97cba0e9b053945545404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_health.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12479, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57c434b6475f1c6e298aa54cd9d2036e1aa565ee620d261ad16d816ffaf75350", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 94, "correlation_key": "fp|57c434b6475f1c6e298aa54cd9d2036e1aa565ee620d261ad16d816ffaf75350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_docker_registry.go"}, "region": {"startLine": 99}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12478, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5f88bd20a08dbfa83ff4b50dafc4669860aa83b80371f52195857bace5f1a96", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|b5f88bd20a08dbfa83ff4b50dafc4669860aa83b80371f52195857bace5f1a96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_docker_registry.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12477, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdd102c9f1664adfdf50fc8501b69f29b64b41bf49a680c7ec717a009f1571c9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|cdd102c9f1664adfdf50fc8501b69f29b64b41bf49a680c7ec717a009f1571c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_config.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12476, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58fb98a62b2515a451edf45b97f7d1b206cef44a940e5e86a9b3367aa4a8ef8f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|58fb98a62b2515a451edf45b97f7d1b206cef44a940e5e86a9b3367aa4a8ef8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_audit.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12475, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77f98885af5c96f0df250acbb0f92f4defdda230624a4b0b1e9cab5e8280a1c1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|77f98885af5c96f0df250acbb0f92f4defdda230624a4b0b1e9cab5e8280a1c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_api_keys.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12474, "scanner": "repobility-ai-code-hygiene", "fingerprint": "702c196811f8710e6dd88b1fb138254aa5ccdcd0b3b7cf5fc5dc60e3b3fcf0c3", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v8", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|702c196811f8710e6dd88b1fb138254aa5ccdcd0b3b7cf5fc5dc60e3b3fcf0c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v7_to_v8.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12473, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce0fdc52fa95512928b2284c987282d54f0194caa16722c4e0398372a52af4b0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v7", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ce0fdc52fa95512928b2284c987282d54f0194caa16722c4e0398372a52af4b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v6_to_v7.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12472, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e5bb4e0c33a967f7cad27a2f9462424d063ccd9681611d75618ecb160e8e09a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v6", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1e5bb4e0c33a967f7cad27a2f9462424d063ccd9681611d75618ecb160e8e09a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v5_to_v6.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12471, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7300ea382625f2d1e590990eaae13cecc6838b4898433b71786f0f34a70f087", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v5", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|e7300ea382625f2d1e590990eaae13cecc6838b4898433b71786f0f34a70f087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v4_to_v5.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12470, "scanner": "repobility-ai-code-hygiene", "fingerprint": "417a944f88a4a04247df96862a70a90f89203fc5fe1e868b918d09702c38ba41", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v4", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|417a944f88a4a04247df96862a70a90f89203fc5fe1e868b918d09702c38ba41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v3_to_v4.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12469, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d49328f40aef6ef5ba941e6b65237c7e466ee01917f9a2bbdf5b23c28ebff0c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v3", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8d49328f40aef6ef5ba941e6b65237c7e466ee01917f9a2bbdf5b23c28ebff0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v2_to_v3.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 12504, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12491, "scanner": "repobility-threat-engine", "fingerprint": "d240ab4d265d6e2e3644e0fc05a83adab4b2624ff29075dcb031ea9bd7082d61", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.Chmod(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d240ab4d265d6e2e3644e0fc05a83adab4b2624ff29075dcb031ea9bd7082d61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/cmd/setup/main.go"}, "region": {"startLine": 170}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12490, "scanner": "repobility-threat-engine", "fingerprint": "0ce6c486ebc32016d2730e2a819f22a1c84ca1d41e5e76fbce338d2ba5e3c77a", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = stdout.Write(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ce6c486ebc32016d2730e2a819f22a1c84ca1d41e5e76fbce338d2ba5e3c77a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/exec.go"}, "region": {"startLine": 118}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 12489, "scanner": "repobility-threat-engine", "fingerprint": "4fa163ca1756c3888adc7c0787b3e335853241b71dc72f6476e5766f4d41f1b8", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = C.boxlite_runtime_drain(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4fa163ca1756c3888adc7c0787b3e335853241b71dc72f6476e5766f4d41f1b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/runtime.go"}, "region": {"startLine": 296}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12468, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2001520d7db302b51780dedd8e97067f7b992137d8cec18f063a23c3d3c809cc", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2001520d7db302b51780dedd8e97067f7b992137d8cec18f063a23c3d3c809cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/jailer/shim_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12467, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bcfa141ef20dbb9d0a2c07dd8bb36fe3e31e2a68a4d431c391184453eff4b8c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v8", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7bcfa141ef20dbb9d0a2c07dd8bb36fe3e31e2a68a4d431c391184453eff4b8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v7_to_v8.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12466, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef654eb0533efd5678718ee1fd7e441c59d64d918cf4a24ca71e2bed7c2f9758", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v7", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ef654eb0533efd5678718ee1fd7e441c59d64d918cf4a24ca71e2bed7c2f9758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v6_to_v7.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12465, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04f88fc3eb4ba14cdfcbb64703bcd35f2d9c411cb90b21e7fb8bbf60f5c6a881", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v6", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|04f88fc3eb4ba14cdfcbb64703bcd35f2d9c411cb90b21e7fb8bbf60f5c6a881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v5_to_v6.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12464, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46084df2e7aa328afd0e219795911b3b0b8ca54f0948207079bef9ebbff44758", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v5", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|46084df2e7aa328afd0e219795911b3b0b8ca54f0948207079bef9ebbff44758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v4_to_v5.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12463, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34bb2d5b8699a644a830c270ca66ecae326e4ea13c32ff66d318db16853a94c5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v4", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|34bb2d5b8699a644a830c270ca66ecae326e4ea13c32ff66d318db16853a94c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v3_to_v4.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12462, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f58b88baf5d7f72d24fe5afef6d68403581ec522fa92aca8c28ee6138e4cf40e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v3", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f58b88baf5d7f72d24fe5afef6d68403581ec522fa92aca8c28ee6138e4cf40e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v2_to_v3.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 12502, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12501, "scanner": "repobility-threat-engine", "fingerprint": "2602e7299bc4927a405ed1ca9bbd05a3dabecfddcdeeadd7667f6f9183ed1834", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "logger.warn('POSTHOG_API_KEY is not set, metrics will not be recorded')", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|6|logger.warn posthog_api_key is not set metrics will not be recorded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/interceptors/metrics.interceptor.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12500, "scanner": "repobility-threat-engine", "fingerprint": "eb351779e06bd39291dc5363127860ff515c2cedc51be6da1f48da88d9496bca", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.error('Failed to get OIDC Management API token', error?.message || String(error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|36|logger.error failed to get oidc management api token error .message string error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/user/user.controller.ts"}, "region": {"startLine": 361}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12499, "scanner": "repobility-threat-engine", "fingerprint": "2ed29e1db0eb13ab2f36e9a575bf4d9496c23de8d7a71506bf6584e382e88437", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.Debug(\"No endpoint configuration found for sandbox token, dropping data\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|logger.debug no endpoint configuration found for sandbox token dropping data"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/exporter/exporter.go"}, "region": {"startLine": 107}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 12497, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 12492, "scanner": "repobility-threat-engine", "fingerprint": "53388be5127d4e949e5be49ce17419626b2505d7e34a06fc7249fa838c776d88", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|53388be5127d4e949e5be49ce17419626b2505d7e34a06fc7249fa838c776d88"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 12512, "scanner": "repobility-journey-contract", "fingerprint": "eaf33bed24881c2ef7ff6f0ec102ae84cb86cdaac67baf6574ca181b9b50f60e", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|198|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/pages/Registries.tsx"}, "region": {"startLine": 198}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 12511, "scanner": "repobility-docker", "fingerprint": "e3d6bf054d8bbb581f2378a294ea8d9bdc6c3acd15ebdf167caa185258c40db0", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e3d6bf054d8bbb581f2378a294ea8d9bdc6c3acd15ebdf167caa185258c40db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/resources/images/skillbox/Dockerfile"}, "region": {"startLine": 54}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 12510, "scanner": "repobility-docker", "fingerprint": "7037bd6910a0dd4a619679ed7351d64fc413931450ad5e29c499113444b19e4a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7037bd6910a0dd4a619679ed7351d64fc413931450ad5e29c499113444b19e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/resources/images/skillbox/Dockerfile"}, "region": {"startLine": 47}}}]}]}]}