{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: shivammathur/setup-php@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1336"}, "properties": {"repository": "amieiro/disposable-email-domains", "repoUrl": "https://github.com/amieiro/disposable-email-domains", "branch": "master"}, "results": [{"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 136514, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 136520, "scanner": "repobility-supply-chain", "fingerprint": "cf706a69395d46796b5ff4759e2e50dc0c7dad1a9f20ebe7de61d5b3016eb7e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf706a69395d46796b5ff4759e2e50dc0c7dad1a9f20ebe7de61d5b3016eb7e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136519, "scanner": "repobility-supply-chain", "fingerprint": "763061dc5be47867bd3b43b60ac82d423fc05a55720498775b8bef143f73e1f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|763061dc5be47867bd3b43b60ac82d423fc05a55720498775b8bef143f73e1f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 136518, "scanner": "repobility-supply-chain", "fingerprint": "5f18d4f2e7d703b6bf2ce2c2db2c7c1fa2e320b8cf61c8026c2c7f17327d121b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f18d4f2e7d703b6bf2ce2c2db2c7c1fa2e320b8cf61c8026c2c7f17327d121b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136517, "scanner": "repobility-supply-chain", "fingerprint": "457d53087bff52376c3b0296e3fbf4dfc7c9d9d2c625f80f2902c563381ccc82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|457d53087bff52376c3b0296e3fbf4dfc7c9d9d2c625f80f2902c563381ccc82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-tests.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 136516, "scanner": "repobility-supply-chain", "fingerprint": "17879caa10ee0cd82a8d76bd6fe7488c5d34bb9e06f5bf20cf1a5e8b42e689c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17879caa10ee0cd82a8d76bd6fe7488c5d34bb9e06f5bf20cf1a5e8b42e689c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-every-quarter-hour.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136515, "scanner": "repobility-supply-chain", "fingerprint": "a982594fef69f7f62bd93a08438d0eecba8a04bb32737d00fd4941d9c463e87f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a982594fef69f7f62bd93a08438d0eecba8a04bb32737d00fd4941d9c463e87f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-every-quarter-hour.yml"}, "region": {"startLine": 14}}}]}]}]}