{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_format_item` has cognitive complexity 23 (SonarSource scale). Cognitive ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_format_item` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 23."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC017", "name": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.", "shortDescription": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely"}, "fullDescription": {"text": "1) Enforce a maximum input length BEFORE sending to the API: e.g. `if len(text) > 4000: return error`. 2) Use token counting (tiktoken for OpenAI, anthropic's token counter) to enforce token-level limits. 3) Set max_tokens on the API call to cap response cost. 4) Add rate limiting per user/IP to prevent automated abuse. 5) Monitor API spend with alerts for unusual usage patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "llm_injection", "severity": "low", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED020", "name": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / s", "shortDescription": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: peaceiris/actions-gh-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `python:3.11-slim` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `python:3.11-slim` not pinned by digest"}, "fullDescription": {"text": "`FROM python:3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_raises_when_endpoint_missing", "shortDescription": {"text": "Phantom test coverage: test_raises_when_endpoint_missing"}, "fullDescription": {"text": "Test function `test_raises_when_endpoint_missing` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._cleanup` used but never assigned in __init__", "shortDescription": {"text": "`self._cleanup` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_2xx_slack_ok_false_prints_yellow_warning` of class `TestHTTPStatusHandling` reads `self._cleanup`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `warnings` used but not imported", "shortDescription": {"text": "Missing import: `warnings` used but not imported"}, "fullDescription": {"text": "The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/187"}, "properties": {"repository": "Thysrael/Horizon", "repoUrl": "https://github.com/Thysrael/Horizon", "branch": "main"}, "results": [{"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 39991, "scanner": "repobility-threat-engine", "fingerprint": "28f6e4693d697b7aa81178979877c5d54cb6685e242608247a69c638d81566dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url=\"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|28f6e4693d697b7aa81178979877c5d54cb6685e242608247a69c638d81566dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook_cli.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 39987, "scanner": "repobility-threat-engine", "fingerprint": "49ea2478d4e31ecc2281a02372699eefc216640d5abc3b7f3213a5e27f5c6389", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"Fetching Twitter (Apify) for users: {user", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|49ea2478d4e31ecc2281a02372699eefc216640d5abc3b7f3213a5e27f5c6389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scrapers/twitter.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_format_item` has cognitive complexity 23 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=10, nested_bonus=1, or=11."}, "properties": {"repobilityId": 39972, "scanner": "repobility-threat-engine", "fingerprint": "9ba9a3d2466aa3e482e8af02e97c9e6b12a69806828613a1ba106bc85e03ec00", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 23 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_format_item", "breakdown": {"if": 10, "or": 11, "else": 1, "nested_bonus": 1}, "complexity": 23, "correlation_key": "fp|9ba9a3d2466aa3e482e8af02e97c9e6b12a69806828613a1ba106bc85e03ec00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/summarizer.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 39970, "scanner": "repobility-threat-engine", "fingerprint": "f8d09c460d2a2bdb0a18bd7e851b10bcf815b53a4a844d8beadc15439db2be1b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        response = await client.complete(\n            system=RECOMMEND_SYSTEM,\n            user", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f8d09c460d2a2bdb0a18bd7e851b10bcf815b53a4a844d8beadc15439db2be1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/setup/ai_recommend.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 39969, "scanner": "repobility-threat-engine", "fingerprint": "be8aceadfb03f2b38db4e6b689afb24240953203b6addd5514dbd08defe85823", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        resp = await client.get(HN_SEARCH_URL, params=params)\n        resp.raise_for_status()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|be8aceadfb03f2b38db4e6b689afb24240953203b6addd5514dbd08defe85823"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/search.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 39968, "scanner": "repobility-threat-engine", "fingerprint": "9475341dc078a6338e966bb334b33924038b7f570ce352cf758b804910f8da47", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n            # Suppress primp \"Impersonate ... does not exist\" stderr warning\n            stderr", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9475341dc078a6338e966bb334b33924038b7f570ce352cf758b804910f8da47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/enricher.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39960, "scanner": "repobility-ast-engine", "fingerprint": "5d801605968ad324f87b68ab6ae9a9a4b3d4f69845d748fe569da33a164f20fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d801605968ad324f87b68ab6ae9a9a4b3d4f69845d748fe569da33a164f20fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/analyzer.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39959, "scanner": "repobility-ast-engine", "fingerprint": "7c85d6c56b4a9dd2d3d81fe8d64f4c6865188429ca30c128f3ba504bafdc43a3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c85d6c56b4a9dd2d3d81fe8d64f4c6865188429ca30c128f3ba504bafdc43a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/enricher.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39958, "scanner": "repobility-ast-engine", "fingerprint": "aacf5fa433aa4aa3863cfdcfe76be416e4b538cf07134194abfc295f76aa2406", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aacf5fa433aa4aa3863cfdcfe76be416e4b538cf07134194abfc295f76aa2406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/enricher.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39957, "scanner": "repobility-ast-engine", "fingerprint": "7a4b397b7695cb91647cdafb4a5362412c19dc07d27ed0f61fb6884cd19dddc4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a4b397b7695cb91647cdafb4a5362412c19dc07d27ed0f61fb6884cd19dddc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/enricher.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39956, "scanner": "repobility-ast-engine", "fingerprint": "b7f4b4977f5a45763eec9f6da9e1d1c56af45f92f916b9783a6fc7fe528090b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7f4b4977f5a45763eec9f6da9e1d1c56af45f92f916b9783a6fc7fe528090b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/client.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39955, "scanner": "repobility-ast-engine", "fingerprint": "0a820086ee04343aff4f64c2fb330a8927249981f830596648e2b1d351df37e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a820086ee04343aff4f64c2fb330a8927249981f830596648e2b1d351df37e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/client.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39954, "scanner": "repobility-ast-engine", "fingerprint": "08beb6b63f256f5402e03cb0e7c8554354eea06ded6ceb8cf46a294458dcf2cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08beb6b63f256f5402e03cb0e7c8554354eea06ded6ceb8cf46a294458dcf2cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scrapers/rss.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39953, "scanner": "repobility-ast-engine", "fingerprint": "4bf93bb36996d224412861dbe8dcc61a223b53e40d6e1d95d2d87ccf4a364fb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4bf93bb36996d224412861dbe8dcc61a223b53e40d6e1d95d2d87ccf4a364fb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/service.py"}, "region": {"startLine": 585}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39951, "scanner": "repobility-ast-engine", "fingerprint": "0ca24e35e934816de499eadf4b784dacb5e887d494443317810a445945d948ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ca24e35e934816de499eadf4b784dacb5e887d494443317810a445945d948ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39950, "scanner": "repobility-ast-engine", "fingerprint": "65db7dba6e19a3fe35a7ccae07fdd1c3990919dec55de6b1645658ac61a01556", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65db7dba6e19a3fe35a7ccae07fdd1c3990919dec55de6b1645658ac61a01556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 367}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39949, "scanner": "repobility-ast-engine", "fingerprint": "5ffd5d75747fc1e9476bb075db90858d55c68e857b258b2db0e2c3b13eb9d11d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ffd5d75747fc1e9476bb075db90858d55c68e857b258b2db0e2c3b13eb9d11d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 345}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39948, "scanner": "repobility-ast-engine", "fingerprint": "bf48b69fb62a2eda751fcd11a3de86f86cd9da8d89db2848a4078c7363b32177", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf48b69fb62a2eda751fcd11a3de86f86cd9da8d89db2848a4078c7363b32177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39947, "scanner": "repobility-ast-engine", "fingerprint": "121806e830e8390e8bf06ec216e33ff930d8eab853aadf1c1237e8c849b06b1b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|121806e830e8390e8bf06ec216e33ff930d8eab853aadf1c1237e8c849b06b1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39946, "scanner": "repobility-ast-engine", "fingerprint": "102b94266a1fcf4a5194fb374135e4c01576164c9caeff5bbfdd7e282834af71", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|102b94266a1fcf4a5194fb374135e4c01576164c9caeff5bbfdd7e282834af71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39945, "scanner": "repobility-ast-engine", "fingerprint": "04985118328eb4e032a895a239bbf363f14cb2a04a7ebfd28543bd5612c87e67", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04985118328eb4e032a895a239bbf363f14cb2a04a7ebfd28543bd5612c87e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/server.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39943, "scanner": "repobility-ast-engine", "fingerprint": "377157dc1d1e15101c2b182b5dad609a17c2ca22ce47feea6264625344559f7d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|377157dc1d1e15101c2b182b5dad609a17c2ca22ce47feea6264625344559f7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook_cli.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39942, "scanner": "repobility-ast-engine", "fingerprint": "924a8f9aaeae2a671b5354d014bb7b7e9e6def25539afe6839b23ace09802a89", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|924a8f9aaeae2a671b5354d014bb7b7e9e6def25539afe6839b23ace09802a89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/setup/ai_recommend.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39911, "scanner": "repobility-ast-engine", "fingerprint": "a0a0b62c7480c9dfd23ae321481852f3c9bc76e06dd8178354a9210ab0dce4eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0a0b62c7480c9dfd23ae321481852f3c9bc76e06dd8178354a9210ab0dce4eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39910, "scanner": "repobility-ast-engine", "fingerprint": "436f75a45e2c8368587d886143c3ca7283a5ee26b2b1fea923bd2b911baf89f8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|436f75a45e2c8368587d886143c3ca7283a5ee26b2b1fea923bd2b911baf89f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39909, "scanner": "repobility-ast-engine", "fingerprint": "56812a0d7d1a7318173638f525718809a07a4df8ba7b339fb59cca23225bb81a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56812a0d7d1a7318173638f525718809a07a4df8ba7b339fb59cca23225bb81a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/search.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39908, "scanner": "repobility-ast-engine", "fingerprint": "17bb250f89f00c5ca7f2ba0a16957999f109511bed4a313a9d5a7dd3b59ccaf2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|17bb250f89f00c5ca7f2ba0a16957999f109511bed4a313a9d5a7dd3b59ccaf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/search.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39907, "scanner": "repobility-ast-engine", "fingerprint": "96130d4ee11d1671de38ad26c0fddb6e40ff766afcd1d6fe68d03b6e8ad3f24c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96130d4ee11d1671de38ad26c0fddb6e40ff766afcd1d6fe68d03b6e8ad3f24c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 502}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39906, "scanner": "repobility-ast-engine", "fingerprint": "ac6feab18441c396762b8d05a0eafcac70853e5216ce591932fb956db2a13a1f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac6feab18441c396762b8d05a0eafcac70853e5216ce591932fb956db2a13a1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 39905, "scanner": "repobility-ast-engine", "fingerprint": "abf207dd0c2eadc5c2e568ce7e57919ef18a09289138b211720b99f52ac286d8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abf207dd0c2eadc5c2e568ce7e57919ef18a09289138b211720b99f52ac286d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 432}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 5309, "scanner": "repobility-docker", "fingerprint": "33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 5303, "scanner": "repobility-agent-runtime", "fingerprint": "9cad32425b63ce462aa95f150c5da7c8f244bdf52014a07d69f4b3a02e8e5d8d", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|9cad32425b63ce462aa95f150c5da7c8f244bdf52014a07d69f4b3a02e8e5d8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/assets/js/horizon.js"}, "region": {"startLine": 109}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 39993, "scanner": "repobility-docker", "fingerprint": "7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "horizon", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 39992, "scanner": "repobility-docker", "fingerprint": "2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "horizon", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `generate_webhook_overview` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=3, nested_bonus=1, or=2."}, "properties": {"repobilityId": 39973, "scanner": "repobility-threat-engine", "fingerprint": "8d908ba098a0160bef21a5e244c666edf5d2ec7814c0faed6f6069fda9577104", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "generate_webhook_overview", "breakdown": {"if": 3, "or": 2, "for": 1, "else": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|8d908ba098a0160bef21a5e244c666edf5d2ec7814c0faed6f6069fda9577104"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/summarizer.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 5312, "scanner": "repobility-docker", "fingerprint": "49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "horizon", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 5311, "scanner": "repobility-docker", "fingerprint": "8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "horizon", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 5310, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC017", "level": "note", "message": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely long inputs to burn through your API credits (a single 128K-token request to GPT-4 costs ~$4, and automated attacks can drain budgets in minutes). (2) Context stuffing \u2014 oversized inputs can push your system prompt out of the context window, effectively disab"}, "properties": {"repobilityId": 5308, "scanner": "repobility-threat-engine", "fingerprint": "3abf61378a396284a1fb6b42aec87a48a29ffb3cbe5a98be11491e0d0f74ae00", "category": "llm_injection", "severity": "low", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "A length or size check exists nearby, but no rate limiting was detected. Length limits prevent context stuffing, but rate limiting is also recommended to prevent automated cost abuse.", "evidence": {"match": "client.chat.completions.create(**request", "reason": "A length or size check exists nearby, but no rate limiting was detected. Length limits prevent context stuffing, but rate limiting is also recommended to prevent automated cost abuse.", "rule_id": "SEC017", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "fp|3abf61378a396284a1fb6b42aec87a48a29ffb3cbe5a98be11491e0d0f74ae00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/client.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 5304, "scanner": "repobility-threat-engine", "fingerprint": "ed985986bdfb2f62c1738008d9793f297b68dd58f9bc6ee3eaae2ea93c25e5ed", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = e", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|docs/assets/js/horizon.js|17|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/assets/js/horizon.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 39990, "scanner": "repobility-threat-engine", "fingerprint": "d502ddb0be0e5e5a4c156f0330e4555753543c775965ab55314b42cfa3ceb6d4", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"  [cyan]Webhook enabled:[/cyan] {effective_config.enabled}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|src/services/webhook_cli.py|10|print f cyan webhook enabled: /cyan effective_config.enabled"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook_cli.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 39989, "scanner": "repobility-threat-engine", "fingerprint": "d44414b2faa139a9916d95aea747a525d231d3aeaa8d27828dfa9448b63fa7a5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d44414b2faa139a9916d95aea747a525d231d3aeaa8d27828dfa9448b63fa7a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/email.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 39984, "scanner": "repobility-threat-engine", "fingerprint": "391aa46a530bbad896a22a1f739d82dff9fffbf0e729fe0968cb5f29db6d1c8f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|391aa46a530bbad896a22a1f739d82dff9fffbf0e729fe0968cb5f29db6d1c8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/run_store.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 39983, "scanner": "repobility-threat-engine", "fingerprint": "a5ec3e62875512955e731a8555a8f287d458dd583fff4ac8c3c2ed7ae72ee160", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5ec3e62875512955e731a8555a8f287d458dd583fff4ac8c3c2ed7ae72ee160"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/horizon_adapter.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 39982, "scanner": "repobility-threat-engine", "fingerprint": "29547ad134c039a40a87e8f5b02830782a1b1ac1b82d957688ef4be7afa3585c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|29547ad134c039a40a87e8f5b02830782a1b1ac1b82d957688ef4be7afa3585c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/errors.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 39978, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 39977, "scanner": "repobility-threat-engine", "fingerprint": "de5367e3bced233fead5cba30ea9d46c323ec127c273c433a8c74a61cb2e01fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de5367e3bced233fead5cba30ea9d46c323ec127c273c433a8c74a61cb2e01fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scrapers/base.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 39976, "scanner": "repobility-threat-engine", "fingerprint": "9118af8dcbfd95fdb2cd9749c696115185410df55334513e0ab8a90744675bfa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9118af8dcbfd95fdb2cd9749c696115185410df55334513e0ab8a90744675bfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/utils.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 39975, "scanner": "repobility-threat-engine", "fingerprint": "277d44e7475a31688acef325e0cb2d55b55a5af6aeb91745f07caca0e8ddcec4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|277d44e7475a31688acef325e0cb2d55b55a5af6aeb91745f07caca0e8ddcec4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/summarizer.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 39974, "scanner": "repobility-threat-engine", "fingerprint": "092cdd33b76850098954fe20da57aa3bb40a664e57be08030f171bd42e534eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_enrich_item", "breakdown": {"if": 11, "or": 7, "for": 3, "else": 1, "ternary": 6, "nested_bonus": 16}, "aggregated": true, "complexity": 44, "correlation_key": "fp|092cdd33b76850098954fe20da57aa3bb40a664e57be08030f171bd42e534eec", "aggregated_count": 26}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5307, "scanner": "repobility-threat-engine", "fingerprint": "48d5d2678017377e5e53fd5ecb6b02fff80442b25933696997520c174033a30e", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(f\"[yellow]Warning: Environment variable {self.config.password_env} not set. Email features may", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|src/services/email.py|4|print f yellow warning: environment variable self.config.password_env not set. email features may"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/email.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5306, "scanner": "repobility-threat-engine", "fingerprint": "9812e1596730a5b65ebc9718911307ca85b9c94170e612b4dabd57780b6af1ba", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"  [cyan]Webhook enabled:[/cyan] {effective_config.enabled}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|src/services/webhook_cli.py|9|print f cyan webhook enabled: /cyan effective_config.enabled"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook_cli.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 39988, "scanner": "repobility-threat-engine", "fingerprint": "a8a7da0604c32b953fc79628e4334358ccfba763d2530b25f2dc339a1a424e99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8a7da0604c32b953fc79628e4334358ccfba763d2530b25f2dc339a1a424e99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/email.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 39986, "scanner": "repobility-threat-engine", "fingerprint": "f11a33c16b88d731e2b1f2b412ee9c2689188403b0393d84612827aa6a054315", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f11a33c16b88d731e2b1f2b412ee9c2689188403b0393d84612827aa6a054315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/scrapers/openbb.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 39985, "scanner": "repobility-threat-engine", "fingerprint": "f7818d50e9a8fad3680e2cd3de5e7cf2577d0d88e56aadc7eac87463baa81157", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "meta.update(updates)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f7818d50e9a8fad3680e2cd3de5e7cf2577d0d88e56aadc7eac87463baa81157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/run_store.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 39981, "scanner": "repobility-threat-engine", "fingerprint": "2649dd7941420d31dab3319da4163a444fac9ab94f35d0f90f7354a5e4f2fb9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2649dd7941420d31dab3319da4163a444fac9ab94f35d0f90f7354a5e4f2fb9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook_cli.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 39980, "scanner": "repobility-threat-engine", "fingerprint": "30c5d14600bfae3989fb1b6797688abd2a01173dd28904cb9b5f88365f2581f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|30c5d14600bfae3989fb1b6797688abd2a01173dd28904cb9b5f88365f2581f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 39979, "scanner": "repobility-threat-engine", "fingerprint": "6095c8d60315e4ec57f299582528b456728da8a6763433cc17e00cce1f8175b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6095c8d60315e4ec57f299582528b456728da8a6763433cc17e00cce1f8175b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/utils.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `_enrich_item` has cognitive complexity 44 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=3, if=11, nested_bonus=16, or=7, ternary=6."}, "properties": {"repobilityId": 39971, "scanner": "repobility-threat-engine", "fingerprint": "aa261a0faac569a6fa80ecdb3e8aa5226e24a600010dae9ae83a5b5d72d98e88", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 44 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_enrich_item", "breakdown": {"if": 11, "or": 7, "for": 3, "else": 1, "ternary": 6, "nested_bonus": 16}, "complexity": 44, "correlation_key": "fp|aa261a0faac569a6fa80ecdb3e8aa5226e24a600010dae9ae83a5b5d72d98e88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai/enricher.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 39967, "scanner": "repobility-supply-chain", "fingerprint": "c6534624f6dc8715abe26c5bbbfdacc02ba1ca12863cee33c7c49b396ad905cd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c6534624f6dc8715abe26c5bbbfdacc02ba1ca12863cee33c7c49b396ad905cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 39966, "scanner": "repobility-supply-chain", "fingerprint": "b861ab7b850493c83384663f6434ce051ed24f26ffbbde22cbf5d9baae27fe48", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b861ab7b850493c83384663f6434ce051ed24f26ffbbde22cbf5d9baae27fe48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 39965, "scanner": "repobility-supply-chain", "fingerprint": "465e1a33536e7d23a678bd1771409930edae801986f18255e40a0956c5a55def", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|465e1a33536e7d23a678bd1771409930edae801986f18255e40a0956c5a55def"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily-summary.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 39964, "scanner": "repobility-supply-chain", "fingerprint": "3d5d8e5767ffa76bcda576893cd07c94a3a05ad8019f6927e52fc049ee9df9a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d5d8e5767ffa76bcda576893cd07c94a3a05ad8019f6927e52fc049ee9df9a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily-summary.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 39963, "scanner": "repobility-supply-chain", "fingerprint": "0100df2d4ca58557eb85731ba1eedaff632061d230f6e1353435c6dbe98f2ea7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0100df2d4ca58557eb85731ba1eedaff632061d230f6e1353435c6dbe98f2ea7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily-summary.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 39962, "scanner": "repobility-supply-chain", "fingerprint": "c5b76aa4314534134ec1d8fca52d2f3ea76f7cc28c1e74b12b683cb29cd9813c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c5b76aa4314534134ec1d8fca52d2f3ea76f7cc28c1e74b12b683cb29cd9813c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/daily-summary.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.11-slim` not pinned by digest"}, "properties": {"repobilityId": 39961, "scanner": "repobility-supply-chain", "fingerprint": "314f029c89fa500a2d320bafd20281e55fb884f69db96fdc3ea74dc6d4630e0d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|314f029c89fa500a2d320bafd20281e55fb884f69db96fdc3ea74dc6d4630e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_when_endpoint_missing"}, "properties": {"repobilityId": 39941, "scanner": "repobility-ast-engine", "fingerprint": "3472677be339bf354081e9f363c4b2bd95e85797b5ab3e154c0bb186c9677583", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3472677be339bf354081e9f363c4b2bd95e85797b5ab3e154c0bb186c9677583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_azure_client.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_when_api_key_missing"}, "properties": {"repobilityId": 39940, "scanner": "repobility-ast-engine", "fingerprint": "ce01ca8114b24f92721b6fe35661a6106d3242f6d1f1a881c47550e62b771760", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce01ca8114b24f92721b6fe35661a6106d3242f6d1f1a881c47550e62b771760"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_azure_client.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_artifact_raises"}, "properties": {"repobilityId": 39939, "scanner": "repobility-ast-engine", "fingerprint": "2f0b8d5398909c5d579db8f8e8f637d4fe7a389c035af7892a6b84b17fec6124", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f0b8d5398909c5d579db8f8e8f637d4fe7a389c035af7892a6b84b17fec6124"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_mcp_run_store.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_unsafe_summary_language"}, "properties": {"repobilityId": 39938, "scanner": "repobility-ast-engine", "fingerprint": "08bb16ab07ec20632bf6e8dfd61124030c0b8822582b11bc137cca0223be76e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08bb16ab07ec20632bf6e8dfd61124030c0b8822582b11bc137cca0223be76e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_mcp_run_store.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_run_raises"}, "properties": {"repobilityId": 39937, "scanner": "repobility-ast-engine", "fingerprint": "87376b1799647c7d33c64431114f1b12c6d6524708dba2ff2dbc94090c6ba96f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87376b1799647c7d33c64431114f1b12c6d6524708dba2ff2dbc94090c6ba96f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_mcp_run_store.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unsupported_stage_raises"}, "properties": {"repobilityId": 39936, "scanner": "repobility-ast-engine", "fingerprint": "a5591fce5d39d5462cedb9b632bc5718e7bdfe026c3c3877bc6487136ebb6142", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5591fce5d39d5462cedb9b632bc5718e7bdfe026c3c3877bc6487136ebb6142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_mcp_run_store.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_when_api_key_missing"}, "properties": {"repobilityId": 39935, "scanner": "repobility-ast-engine", "fingerprint": "3fedfaa2ff7fc87679d56381112a2e8166ce3680d579309f0f8b93b53ec74440", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3fedfaa2ff7fc87679d56381112a2e8166ce3680d579309f0f8b93b53ec74440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_minimax_client.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cleanup` used but never assigned in __init__"}, "properties": {"repobilityId": 39934, "scanner": "repobility-ast-engine", "fingerprint": "3be00292892ddce6c50c1eaeb2ebf8aa52961c838dab19c6bbf2bb8bd5252887", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3be00292892ddce6c50c1eaeb2ebf8aa52961c838dab19c6bbf2bb8bd5252887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1364}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_notifier` used but never assigned in __init__"}, "properties": {"repobilityId": 39933, "scanner": "repobility-ast-engine", "fingerprint": "af25b51586d5f007207eda2212b5f49cf2465aabaaee92482bcff11a35dedfb7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af25b51586d5f007207eda2212b5f49cf2465aabaaee92482bcff11a35dedfb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1344}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cleanup` used but never assigned in __init__"}, "properties": {"repobilityId": 39932, "scanner": "repobility-ast-engine", "fingerprint": "98977ec6d0cb03d293c23ea5151b6f3e383bebb67b0b8362fccf22b25cbe9cc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98977ec6d0cb03d293c23ea5151b6f3e383bebb67b0b8362fccf22b25cbe9cc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1340}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_notifier` used but never assigned in __init__"}, "properties": {"repobilityId": 39931, "scanner": "repobility-ast-engine", "fingerprint": "1ecd5098645e51b1350da8eb09c20743edbbd89d9417383757107208aa21bacd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ecd5098645e51b1350da8eb09c20743edbbd89d9417383757107208aa21bacd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1319}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cleanup` used but never assigned in __init__"}, "properties": {"repobilityId": 39930, "scanner": "repobility-ast-engine", "fingerprint": "32e00f4f3b957451d8b4fbda1a4497499ac258009c7b456b98ffbf8e0e844cb4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32e00f4f3b957451d8b4fbda1a4497499ac258009c7b456b98ffbf8e0e844cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1315}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_notifier` used but never assigned in __init__"}, "properties": {"repobilityId": 39929, "scanner": "repobility-ast-engine", "fingerprint": "3da27cf5ed8150ae82f13cd4b2ecef6f0d79bad42508f61461506a1b8e138301", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3da27cf5ed8150ae82f13cd4b2ecef6f0d79bad42508f61461506a1b8e138301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1294}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cleanup` used but never assigned in __init__"}, "properties": {"repobilityId": 39928, "scanner": "repobility-ast-engine", "fingerprint": "c8207cbfa8383a5eed52995df6beb6ab0d6cf87def2cb5203f0982c292b862d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8207cbfa8383a5eed52995df6beb6ab0d6cf87def2cb5203f0982c292b862d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1290}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._make_notifier` used but never assigned in __init__"}, "properties": {"repobilityId": 39927, "scanner": "repobility-ast-engine", "fingerprint": "5f9625d54f979d5541d6e3df77a67e4f92a903422020071408ffdfcfe464f060", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f9625d54f979d5541d6e3df77a67e4f92a903422020071408ffdfcfe464f060"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1268}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_overview_position_raises_validation_error"}, "properties": {"repobilityId": 39926, "scanner": "repobility-ast-engine", "fingerprint": "7cd4a01331eb6e422caaec11d3d06be941aaaebc18ead3131f432d20c0ab2e9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7cd4a01331eb6e422caaec11d3d06be941aaaebc18ead3131f432d20c0ab2e9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1565}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_fallback_layout_raises_validation_error"}, "properties": {"repobilityId": 39925, "scanner": "repobility-ast-engine", "fingerprint": "f7ed56f460278febe1eb965b29167fd0c2507b6396109a880d3f25efe0be0dd7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7ed56f460278febe1eb965b29167fd0c2507b6396109a880d3f25efe0be0dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1561}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_layout_raises_validation_error"}, "properties": {"repobilityId": 39924, "scanner": "repobility-ast-engine", "fingerprint": "d66a9a648cab5c611fc817582f17ffa4b155ebb29b253d96a80f7aa4226d5b1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d66a9a648cab5c611fc817582f17ffa4b155ebb29b253d96a80f7aa4226d5b1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1557}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_platform_raises_validation_error"}, "properties": {"repobilityId": 39923, "scanner": "repobility-ast-engine", "fingerprint": "6425b858bc36bacba5116abdd373cedc97b40b897c55db7c829948db91ba965a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6425b858bc36bacba5116abdd373cedc97b40b897c55db7c829948db91ba965a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1553}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_delivery_raises_validation_error"}, "properties": {"repobilityId": 39922, "scanner": "repobility-ast-engine", "fingerprint": "162865309a426bdbd1a759625411229c53b0291256ea6e49805db3786e4d0e32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|162865309a426bdbd1a759625411229c53b0291256ea6e49805db3786e4d0e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1549}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_env_var_value_raises_value_error"}, "properties": {"repobilityId": 39921, "scanner": "repobility-ast-engine", "fingerprint": "3b314d150ffe099ecc291cb73677ea71314b883970774443cab909a231e8374c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b314d150ffe099ecc291cb73677ea71314b883970774443cab909a231e8374c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1216}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_port_raises_value_error"}, "properties": {"repobilityId": 39920, "scanner": "repobility-ast-engine", "fingerprint": "81d9f0e161244443a678d1f91a82564459b794701162cbee369fc246180988e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81d9f0e161244443a678d1f91a82564459b794701162cbee369fc246180988e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1208}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_wrong_scheme_raises_value_error"}, "properties": {"repobilityId": 39919, "scanner": "repobility-ast-engine", "fingerprint": "d45a15d3fc5ce6b93a4009941496641635bf204f1df70bb7cbde33ce92de3271", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d45a15d3fc5ce6b93a4009941496641635bf204f1df70bb7cbde33ce92de3271"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1197}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_hostname_raises_value_error"}, "properties": {"repobilityId": 39918, "scanner": "repobility-ast-engine", "fingerprint": "20ce72e850170ec9f27f2a0d2a4dca417f811b1543ac03a2f68009a0b82fad4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20ce72e850170ec9f27f2a0d2a4dca417f811b1543ac03a2f68009a0b82fad4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1189}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_language_filter_sends_all"}, "properties": {"repobilityId": 39917, "scanner": "repobility-ast-engine", "fingerprint": "106f7413a7dbc60716a6d760d79cf47aca0d8c2f38e8d2d17880c903ee89a21f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|106f7413a7dbc60716a6d760d79cf47aca0d8c2f38e8d2d17880c903ee89a21f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1031}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_language_filter_passes_matching_lang"}, "properties": {"repobilityId": 39916, "scanner": "repobility-ast-engine", "fingerprint": "2606295953f0441a1acd4fb85e1a398307cb48414b1c27dcca5ab48e12a13156", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2606295953f0441a1acd4fb85e1a398307cb48414b1c27dcca5ab48e12a13156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 1004}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_language_filter_skips_non_matching_lang"}, "properties": {"repobilityId": 39915, "scanner": "repobility-ast-engine", "fingerprint": "c5e5f03d83644ff2627c3cd2d281c265bb7d9c457e6ec3e2ad1f42705e03de91", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5e5f03d83644ff2627c3cd2d281c265bb7d9c457e6ec3e2ad1f42705e03de91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 977}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_http_error_logged"}, "properties": {"repobilityId": 39914, "scanner": "repobility-ast-engine", "fingerprint": "93c8d581ec2e09fcf6c88911cd0666b42027afa2cae58f0dd5804f0320c5f00a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93c8d581ec2e09fcf6c88911cd0666b42027afa2cae58f0dd5804f0320c5f00a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 691}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_disabled_webhook_skips_notification"}, "properties": {"repobilityId": 39913, "scanner": "repobility-ast-engine", "fingerprint": "b546e1955d0baa392c4e63b573a54cb121a781d4bc6902c69bc7522d3ecfa119", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b546e1955d0baa392c4e63b573a54cb121a781d4bc6902c69bc7522d3ecfa119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_webhook.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_load_config_missing_file"}, "properties": {"repobilityId": 39912, "scanner": "repobility-ast-engine", "fingerprint": "ebd1fbd95b2846908572e58e6a5ae70586f9933a17753886d3473ffd4568b2f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebd1fbd95b2846908572e58e6a5ae70586f9933a17753886d3473ffd4568b2f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_storage.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._sub_source_label` used but never assigned in __init__"}, "properties": {"repobilityId": 39904, "scanner": "repobility-ast-engine", "fingerprint": "8a5aeda0c2565bd5025012449a493c32567327fc908b891fa5d27087c96cf715", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a5aeda0c2565bd5025012449a493c32567327fc908b891fa5d27087c96cf715"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39903, "scanner": "repobility-ast-engine", "fingerprint": "f6b3f08e69130294e6cea2ace5b5ff0cae18b5d266c0ad43d904f40babf316fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6b3f08e69130294e6cea2ace5b5ff0cae18b5d266c0ad43d904f40babf316fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39902, "scanner": "repobility-ast-engine", "fingerprint": "ce3b4d77e2bb9f69c5912275706dc7bfd3b50f9044c401a81d888fd5e2230819", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce3b4d77e2bb9f69c5912275706dc7bfd3b50f9044c401a81d888fd5e2230819"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39901, "scanner": "repobility-ast-engine", "fingerprint": "769ab0c1211c36d3bc7da2a9273b163d8b938de1e7fceab2cf305e78da389b74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|769ab0c1211c36d3bc7da2a9273b163d8b938de1e7fceab2cf305e78da389b74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39900, "scanner": "repobility-ast-engine", "fingerprint": "7a0a92f50f97e324e17413b79867c14f6b5c07a04649a21ea886e4abf5e5cc33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a0a92f50f97e324e17413b79867c14f6b5c07a04649a21ea886e4abf5e5cc33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39899, "scanner": "repobility-ast-engine", "fingerprint": "f4e083739e2a3863678a782ce9b580ab1ba0b06922838e738cc1bf0e57e78af5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4e083739e2a3863678a782ce9b580ab1ba0b06922838e738cc1bf0e57e78af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39898, "scanner": "repobility-ast-engine", "fingerprint": "f913d35e26d61c3bbe2abe9f2079fc0b8cd5439157b8bcc5cbcadf67e56dd7fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f913d35e26d61c3bbe2abe9f2079fc0b8cd5439157b8bcc5cbcadf67e56dd7fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39897, "scanner": "repobility-ast-engine", "fingerprint": "4306f2ad192568574dd6df121e66b7710ceeac9ec44b535105dc42b9c8be79ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4306f2ad192568574dd6df121e66b7710ceeac9ec44b535105dc42b9c8be79ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._fetch_with_progress` used but never assigned in __init__"}, "properties": {"repobilityId": 39896, "scanner": "repobility-ast-engine", "fingerprint": "253e0e36d4068d509a9c7ed2c9457ba1e9208888236ab83cc1b21bcdc899a62a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|253e0e36d4068d509a9c7ed2c9457ba1e9208888236ab83cc1b21bcdc899a62a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._sub_source_label` used but never assigned in __init__"}, "properties": {"repobilityId": 39895, "scanner": "repobility-ast-engine", "fingerprint": "341d217a4055edf673254ef7acab2b8d5bc6f87af915314bfeb3902b490a7854", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|341d217a4055edf673254ef7acab2b8d5bc6f87af915314bfeb3902b490a7854"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._enrich_important_items` used but never assigned in __init__"}, "properties": {"repobilityId": 39894, "scanner": "repobility-ast-engine", "fingerprint": "182515351916cb94fa4f0a3a8bbe0a0b54db998d7a5a576a128fa8b5ecee7f98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|182515351916cb94fa4f0a3a8bbe0a0b54db998d7a5a576a128fa8b5ecee7f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._expand_twitter_discussion` used but never assigned in __init__"}, "properties": {"repobilityId": 39893, "scanner": "repobility-ast-engine", "fingerprint": "211e507d8725045ee14ae6d36a378001843769d0d1b3211b17a54f5defd79ee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|211e507d8725045ee14ae6d36a378001843769d0d1b3211b17a54f5defd79ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.merge_topic_duplicates` used but never assigned in __init__"}, "properties": {"repobilityId": 39892, "scanner": "repobility-ast-engine", "fingerprint": "c981b94a036a7934651c7faf0144043b7c8238f8f1c510bc64fd3216d4707f86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c981b94a036a7934651c7faf0144043b7c8238f8f1c510bc64fd3216d4707f86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._analyze_content` used but never assigned in __init__"}, "properties": {"repobilityId": 39891, "scanner": "repobility-ast-engine", "fingerprint": "bb61f67c9524c3114177aab3b5546668592f368842aac80432ece35f30896753", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb61f67c9524c3114177aab3b5546668592f368842aac80432ece35f30896753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fetch_all_sources` used but never assigned in __init__"}, "properties": {"repobilityId": 39890, "scanner": "repobility-ast-engine", "fingerprint": "84ae0e256b68f12477bb84baf309c0e438a03305c129528e87596b0ff18568d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84ae0e256b68f12477bb84baf309c0e438a03305c129528e87596b0ff18568d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.merge_cross_source_duplicates` used but never assigned in __init__"}, "properties": {"repobilityId": 39889, "scanner": "repobility-ast-engine", "fingerprint": "eb3ecc015c36a8f789ab4b1351b4c8ae8ea24c248ba6f7d59584ba9934ae319c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb3ecc015c36a8f789ab4b1351b4c8ae8ea24c248ba6f7d59584ba9934ae319c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._determine_time_window` used but never assigned in __init__"}, "properties": {"repobilityId": 39888, "scanner": "repobility-ast-engine", "fingerprint": "6603b7a016bb74aaeaa449695178789cee72d76e08e40e5c760955349b5d239c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6603b7a016bb74aaeaa449695178789cee72d76e08e40e5c760955349b5d239c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/orchestrator.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 5305, "scanner": "repobility-threat-engine", "fingerprint": "2a165cc8dd9a1d72137beb1dc6ac5239cc2d37aebc2f3b2d6107deb9536b2be6", "category": "credential_exposure", "severity": "high", "confidence": 0.92, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Formatted expression outputs a credential-bearing value directly.", "evidence": {"match": "print(f\"   Add it to your .env file later: {api_key_env}=your_key_here\\n\")", "reason": "Formatted expression outputs a credential-bearing value directly.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.92, "correlation_key": "secret|src/setup/wizard.py|8|print f add it to your .env file later: api_key_env your_key_here n"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/setup/wizard.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `warnings` used but not imported"}, "properties": {"repobilityId": 39952, "scanner": "repobility-ast-engine", "fingerprint": "535817668d05f19028e91ab3847be49f1e4e4f5cc0ecba8b0b5d84544a30f5d9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|535817668d05f19028e91ab3847be49f1e4e4f5cc0ecba8b0b5d84544a30f5d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/mcp/service.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `platform` used but not imported"}, "properties": {"repobilityId": 39944, "scanner": "repobility-ast-engine", "fingerprint": "19165957b3ae3bf1b31acf66f6d62925527d449372bc4c093aa17a684eb552c2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19165957b3ae3bf1b31acf66f6d62925527d449372bc4c093aa17a684eb552c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/webhook.py"}, "region": {"startLine": 191}}}]}]}]}