{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /fr"}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /frontend-api/task-results-table."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `add` has cognitive complexity 25 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `add` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 25."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `export` (dict)", "shortDescription": {"text": "Mutable default argument in `export` (dict)"}, "fullDescription": {"text": "`def export(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 15.8% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 15.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 15.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `s3mock` image uses the latest tag", "shortDescription": {"text": "Compose service `s3mock` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC012", "name": "Compose service performs heavy setup work on every startup", "shortDescription": {"text": "Compose service performs heavy setup work on every startup"}, "fullDescription": {"text": "Running migrations, static asset collection, or equivalent setup inside the long-running service command can make containers slow to start and harder to roll back."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `karton-lfi_detector` image is selected through a build variable", "shortDescription": {"text": "Compose service `karton-lfi_detector` image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/delete/{id}."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/delete/{id}."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC088", "name": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM r", "shortDescription": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "fullDescription": {"text": "Remove the option. If self-signed certs are required, pin via RootCAs."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC082", "name": "[SEC082] Python: paramiko AutoAddPolicy or no host-key verification: AutoAddPolicy / WarningPolicy disables SSH host-key", "shortDescription": {"text": "[SEC082] Python: paramiko AutoAddPolicy or no host-key verification: AutoAddPolicy / WarningPolicy disables SSH host-key verification \u2014 vulnerable to MITM. Ported from bandit B507 / dlint DUO133 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `paramiko.RejectPolicy()` and pre-populate known_hosts via `client.load_system_host_keys()`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `python:3.13-alpine3.20` unpinned", "shortDescription": {"text": "Workflow container/services image `python:3.13-alpine3.20` unpinned"}, "fullDescription": {"text": "`container/services image: python:3.13-alpine3.20` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `alpine:3.20` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `alpine:3.20` not pinned by digest"}, "fullDescription": {"text": "`FROM alpine:3.20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED121", "name": "requirements.txt installs from `libmailgoose @ git+https://github.com/CERT-Polska/...` (git/URL)", "shortDescription": {"text": "requirements.txt installs from `libmailgoose @ git+https://github.com/CERT-Polska/...` (git/URL)"}, "fullDescription": {"text": "Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.3.0`", "shortDescription": {"text": "pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.3.0`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/PyCQA/flake8` at `rev: 7.3.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /build-html-message has no auth", "shortDescription": {"text": "FastAPI POST /build-html-message has no auth"}, "fullDescription": {"text": "Handler `post_build_html_message` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_malformed_jsonl_lines_are_skipped_not_raised", "shortDescription": {"text": "Phantom test coverage: test_malformed_jsonl_lines_are_skipped_not_raised"}, "fullDescription": {"text": "Test function `test_malformed_jsonl_lines_are_skipped_not_raised` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.check_response` used but never assigned in __init__", "shortDescription": {"text": "`self.check_response` used but never assigned in __init__"}, "fullDescription": {"text": "Method `is_placeholder` of class `PlaceholderPageDetector` reads `self.check_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `ssl` used but not imported", "shortDescription": {"text": "Missing import: `ssl` used but not imported"}, "fullDescription": {"text": "The file uses `ssl.something(...)` but never imports `ssl`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/209"}, "properties": {"repository": "CERT-Polska/Artemis", "repoUrl": "https://github.com/CERT-Polska/Artemis", "branch": "main"}, "results": [{"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /frontend-api/task-results-table."}, "properties": {"repobilityId": 49454, "scanner": "repobility-access-control", "fingerprint": "0c45f882b66634c2a5b2dae6e5f760ff3da4b3bbc589366451dca3cb2b279f79", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/frontend-api/task-results-table", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|645|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 645}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /remove-finished-analyses."}, "properties": {"repobilityId": 49453, "scanner": "repobility-access-control", "fingerprint": "7e9dc7ecead4d2e2c45dbc0c27dc05363e17c38f1492a50dd85f97dfbc606e48", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/remove-finished-analyses", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|383|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 383}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /export."}, "properties": {"repobilityId": 49452, "scanner": "repobility-access-control", "fingerprint": "f6562cd3acbf7576cd8132318f2735b06d597be82f81798900bb728cacba395c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|363|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 49451, "scanner": "repobility-access-control", "fingerprint": "12d8022e9df3a2aa05301beb02349e5c8742bf1e87747c0c5b86ade8069cf3c7", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|358|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /export/confirm-delete/{id}."}, "properties": {"repobilityId": 49450, "scanner": "repobility-access-control", "fingerprint": "e718c15b047778b1b1c157afc2ed711ec582fa9368151ae9c7188db6909b57f1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/confirm-delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|332|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export/view/{id}."}, "properties": {"repobilityId": 49449, "scanner": "repobility-access-control", "fingerprint": "0069aaffd5faece8f88574579ee79a7d9178b4bbd6315283a57c49e77f10bf33", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/view/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|280|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export."}, "properties": {"repobilityId": 49448, "scanner": "repobility-access-control", "fingerprint": "1461d0cd8d3a7fb4302cd4d26eea4364db1e663870c41f0dd23e81e41d318489", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|268|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /exports."}, "properties": {"repobilityId": 49447, "scanner": "repobility-access-control", "fingerprint": "b17500c21962fa67889255ec8f6611b882d57b7cf494174adbac1b869d23366d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/exports", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|256|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /add."}, "properties": {"repobilityId": 49446, "scanner": "repobility-access-control", "fingerprint": "08109190a74fbbeae0b01abbe828dc31d3896a33fd50c204b7608852433143f1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|186|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /add."}, "properties": {"repobilityId": 49445, "scanner": "repobility-access-control", "fingerprint": "42adc91d763fa7521df247fe29528d7281d34967082f1af87e82f33da827d679", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|169|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 49418, "scanner": "repobility-threat-engine", "fingerprint": "58cb88dbd6dc90c9a49db01a65bd92f37b9ab1a76ec6a910fa9d5ecd4938468e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n                data = cached_get(config_url).content_bytes\n                f.write(data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|58cb88dbd6dc90c9a49db01a65bd92f37b9ab1a76ec6a910fa9d5ecd4938468e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/vcs/reporter.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 49417, "scanner": "repobility-threat-engine", "fingerprint": "5a3e1bbe7dfa13704b2afbb70d9763ac1257a56622111d97bd7f6e36258837e0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def ngettext(self, *args: Any) -> Any:\n            raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a3e1bbe7dfa13704b2afbb70d9763ac1257a56622111d97bd7f6e36258837e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/export/translations.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 49416, "scanner": "repobility-threat-engine", "fingerprint": "907bb64b60e45583d0dc1b00b2bcdcc767d941c04d27d91a0c53a585dc107c48", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def run(output_dir: Path, export_data: ExportData, silent: bool) -> None:\n        raise NotImplement", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|907bb64b60e45583d0dc1b00b2bcdcc767d941c04d27d91a0c53a585dc107c48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/export/hook.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 49381, "scanner": "repobility-threat-engine", "fingerprint": "a76fa589bbdcfaa07f79e6da98c6ed0a4d144d9181724cd5416daa8a0093d8b8", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def generate_csrf_secret", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|artemis/csrf.py|18|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/csrf.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 49380, "scanner": "repobility-threat-engine", "fingerprint": "f5aac4b8ab4b760318520581d0ec3aa8172522a79844ee59408477f2f0b4699e", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def generate_session_secret", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|artemis/auth.py|20|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/auth.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `add` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=2, except=1, for=2, if=8, nested_bonus=11."}, "properties": {"repobilityId": 49376, "scanner": "repobility-threat-engine", "fingerprint": "e5533525fc461100a0943d126a8422d05d3caff57e606b6352f012c0b6a3c87a", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 25 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "add", "breakdown": {"if": 8, "for": 2, "elif": 1, "else": 2, "except": 1, "nested_bonus": 11}, "complexity": 25, "correlation_key": "fp|e5533525fc461100a0943d126a8422d05d3caff57e606b6352f012c0b6a3c87a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49331, "scanner": "repobility-ast-engine", "fingerprint": "3dfde62d2d540df334fa4bb275f26e45a24d757480be0e25a5f7199667d7aded", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3dfde62d2d540df334fa4bb275f26e45a24d757480be0e25a5f7199667d7aded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/vcs/reporter.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49330, "scanner": "repobility-ast-engine", "fingerprint": "fb4659c00b07a217f426db50af096436cfa3c3a4bbf433bcbbabb1026d3b9eaf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb4659c00b07a217f426db50af096436cfa3c3a4bbf433bcbbabb1026d3b9eaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/vcs/reporter.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `export` (dict)"}, "properties": {"repobilityId": 49328, "scanner": "repobility-ast-engine", "fingerprint": "28709304d8039afe1b29094ff2d0a1e50bcbd89d7ed4305c9e29a699f9a266e7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28709304d8039afe1b29094ff2d0a1e50bcbd89d7ed4305c9e29a699f9a266e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/export/main.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49326, "scanner": "repobility-ast-engine", "fingerprint": "315f9b937851a0a56105b33adaa77f0f58088542469bca19aa5b44beda1083a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|315f9b937851a0a56105b33adaa77f0f58088542469bca19aa5b44beda1083a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/dangling_dns_detector.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49325, "scanner": "repobility-ast-engine", "fingerprint": "16e942f3f04c1d6d9815e70cce38de58d31acc53e9488b2e40ef87805fff6cbd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16e942f3f04c1d6d9815e70cce38de58d31acc53e9488b2e40ef87805fff6cbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/dangling_dns_detector.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49324, "scanner": "repobility-ast-engine", "fingerprint": "691b3b71f56854e69b083e9b686b7386606696ef4a30d5948dbd2c21f6d56db2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|691b3b71f56854e69b083e9b686b7386606696ef4a30d5948dbd2c21f6d56db2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/dangling_dns_detector.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49323, "scanner": "repobility-ast-engine", "fingerprint": "53e1d64434f86759393f721ac15b5426cccf631793e61abb4db37975830d6ffb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e1d64434f86759393f721ac15b5426cccf631793e61abb4db37975830d6ffb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/bruter.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `_scan` (list)"}, "properties": {"repobilityId": 49322, "scanner": "repobility-ast-engine", "fingerprint": "b83848989b51b0afc851dc0386bc66c63ddc66e1448178ea22c4d01f621aeaca", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b83848989b51b0afc851dc0386bc66c63ddc66e1448178ea22c4d01f621aeaca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/nuclei.py"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49321, "scanner": "repobility-ast-engine", "fingerprint": "1b51c6d41f6e3c4d2bc579bc711b58266285de06816669deb20c77aa8e5e43b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b51c6d41f6e3c4d2bc579bc711b58266285de06816669deb20c77aa8e5e43b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/port_scanner.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49320, "scanner": "repobility-ast-engine", "fingerprint": "a7a9630064fe4b87db06fdf5305cf893f2ce1a5e83d678e1068ed6f68902cb06", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7a9630064fe4b87db06fdf5305cf893f2ce1a5e83d678e1068ed6f68902cb06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/test_resource_lock.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49319, "scanner": "repobility-ast-engine", "fingerprint": "4e5dc6f231b500ffefc6e8c318aae4ca21a63afeb9cd393d7b8fcd54e7468af6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e5dc6f231b500ffefc6e8c318aae4ca21a63afeb9cd393d7b8fcd54e7468af6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/test_resource_lock.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49305, "scanner": "repobility-ast-engine", "fingerprint": "4be575ae96241d698b4bb71d16074b62a14230c333a720d0dccc14a5c7b19999", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4be575ae96241d698b4bb71d16074b62a14230c333a720d0dccc14a5c7b19999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49304, "scanner": "repobility-ast-engine", "fingerprint": "ae7441315294734c521bb4ca6c67eb953a2f285437c0f85f8ae3dfd9e3f50cdb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae7441315294734c521bb4ca6c67eb953a2f285437c0f85f8ae3dfd9e3f50cdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49303, "scanner": "repobility-ast-engine", "fingerprint": "571cce36e97dcc48c6761a4b070c97dccf07753738e5ca7c8313330c7769697b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|571cce36e97dcc48c6761a4b070c97dccf07753738e5ca7c8313330c7769697b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/module_base.py"}, "region": {"startLine": 851}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 49302, "scanner": "repobility-ast-engine", "fingerprint": "7c09c643f86a8883423d05f71f8c28d1dce5f18cd9c0ab9042b8bd1d75350270", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c09c643f86a8883423d05f71f8c28d1dce5f18cd9c0ab9042b8bd1d75350270"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/retrying_resolver.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `create_report_generation_task` (dict)"}, "properties": {"repobilityId": 49300, "scanner": "repobility-ast-engine", "fingerprint": "2c7d4cfee850788161d701ac548eb1a762859b7e73a5644001043049ca2adfd0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c7d4cfee850788161d701ac548eb1a762859b7e73a5644001043049ca2adfd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 588}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `create_tasks` (list)"}, "properties": {"repobilityId": 49275, "scanner": "repobility-ast-engine", "fingerprint": "bb261ad2ab23bb41b0a295ff26f639b772baba66803a4fcedd9027ed21c3388f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb261ad2ab23bb41b0a295ff26f639b772baba66803a4fcedd9027ed21c3388f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/producer.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 6483, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 6482, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 21, "file_path": "artemis/main.py", "docs_url_disabled": false, "redoc_url_disabled": true, "openapi_url_disabled": false}, {"line": 36, "file_path": "artemis/reporting/api.py", "docs_url_disabled": true, "redoc_url_disabled": true, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /add."}, "properties": {"repobilityId": 6481, "scanner": "repobility-access-control", "fingerprint": "a8075f47026a36d6dbe5c3d67e0c1c39c492c8709fca6dddf740d5d6718be5b4", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/api.py|74|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /remove-finished-analyses."}, "properties": {"repobilityId": 6480, "scanner": "repobility-access-control", "fingerprint": "ebae782500428aa4c610e65a702bdc2e92932ff6f8d7b4831336f66dd85a58a4", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/remove-finished-analyses", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|364|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /export."}, "properties": {"repobilityId": 6479, "scanner": "repobility-access-control", "fingerprint": "819df913602c8c3cc6534f07e4a527bc1ffb0e20815d7422126c2c550e5e4266", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|344|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 6478, "scanner": "repobility-access-control", "fingerprint": "8e5d74c2c61bd2557ad3c2d78e62d8ff4f3d0de64050d10fdb15131d9568f026", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|339|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /export/confirm-delete/{id}."}, "properties": {"repobilityId": 6477, "scanner": "repobility-access-control", "fingerprint": "8b96c4e3cef49d78ea336c86648a33ea8ea1290b55541b0b04ba267689b5382a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/confirm-delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|313|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export/view/{id}."}, "properties": {"repobilityId": 6476, "scanner": "repobility-access-control", "fingerprint": "08c7554b622f2922a8919a583df6ab9628946cba0b8cedbb606015241cca354f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/view/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|261|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export."}, "properties": {"repobilityId": 6475, "scanner": "repobility-access-control", "fingerprint": "0f5967d9422d0e33a649f507dd6dbe19278dc2873379f2ce67c00e117d743e26", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|249|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /exports."}, "properties": {"repobilityId": 6474, "scanner": "repobility-access-control", "fingerprint": "cc39f18e5974aa36521ff2d3a9885cf3e0a39d0b47bb8439bd7d0c976c36acdf", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/exports", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|237|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /add."}, "properties": {"repobilityId": 6473, "scanner": "repobility-access-control", "fingerprint": "6ae5eabd28388eeb8e2c48103265843b0a310051cf043a75733a728e6c44401c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|167|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /add."}, "properties": {"repobilityId": 6472, "scanner": "repobility-access-control", "fingerprint": "ffed43c2dc1d47e9e92c9626d0e3ce07d0ce835de6645267233f59384ec8cba8", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/add", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|150|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 15.8% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 6462, "scanner": "repobility-access-control", "fingerprint": "de92f7c8671668695d16ba43b6fa4c6e47c8bb2b00890b07ecb5c639a010bb9c", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 38, "correlation_key": "fp|de92f7c8671668695d16ba43b6fa4c6e47c8bb2b00890b07ecb5c639a010bb9c", "auth_visible_percent": 15.8}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 6461, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "FastAPI", "Flask"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 6413, "scanner": "repobility-docker", "fingerprint": "e00e7684ed52372f09e86e0410afcfae2c46c54f28ee87f360e9f1c322dce8db", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|e00e7684ed52372f09e86e0410afcfae2c46c54f28ee87f360e9f1c322dce8db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `s3mock` image uses the latest tag"}, "properties": {"repobilityId": 6411, "scanner": "repobility-docker", "fingerprint": "4b3caceeb4e1afc3132f463475b4d7edc76cf16238bdd606cead350ce57dbba2", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "adobe/s3mock:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4b3caceeb4e1afc3132f463475b4d7edc76cf16238bdd606cead350ce57dbba2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6409, "scanner": "repobility-docker", "fingerprint": "980850da40417a7d092fc666cd1c2ad9159043f3189346fb2fc5c11eea7a71bc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "php:8.0-apache", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|980850da40417a7d092fc666cd1c2ad9159043f3189346fb2fc5c11eea7a71bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-postgres/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 6408, "scanner": "repobility-docker", "fingerprint": "11b3d5cbad9023d80b3106a9830fd212e75fd826b71bb72f977f1cb57bf44f9b", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|11b3d5cbad9023d80b3106a9830fd212e75fd826b71bb72f977f1cb57bf44f9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-postgres/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6407, "scanner": "repobility-docker", "fingerprint": "a75011b6c2b07dbd644720168af7595bdce1ed1f585991ef3ce3cbe70dfd51d4", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "php:8.0-apache", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a75011b6c2b07dbd644720168af7595bdce1ed1f585991ef3ce3cbe70dfd51d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-mysql/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 6406, "scanner": "repobility-docker", "fingerprint": "8dfc5224cfdfceda596a2608efe0764436c49ffeb92f51605eb4fccf148ad835", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8dfc5224cfdfceda596a2608efe0764436c49ffeb92f51605eb4fccf148ad835"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-mysql/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6405, "scanner": "repobility-docker", "fingerprint": "176dde504bd0eb28636b6951d4d16ccf5f29ab86f6c3b914319fb99fb5f99ff1", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nginx:1.29.0", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|176dde504bd0eb28636b6951d4d16ccf5f29ab86f6c3b914319fb99fb5f99ff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/nginx-with-sni-tls/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6404, "scanner": "repobility-docker", "fingerprint": "475d09b40fc09343a5b24f2ff548e0617f21cedee682fa5f9dd673f273a0e8e8", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|475d09b40fc09343a5b24f2ff548e0617f21cedee682fa5f9dd673f273a0e8e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/ssh_bad_keys/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6403, "scanner": "repobility-docker", "fingerprint": "038626f1fc6710489b755c3940210e5b001c06c8e9d24307dd4401e90a0a0ad0", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.10-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|038626f1fc6710489b755c3940210e5b001c06c8e9d24307dd4401e90a0a0ad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/flask_vulnerable_api/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6402, "scanner": "repobility-docker", "fingerprint": "48bf50ce4b7423dc3647051bcc95fe21369e6c4ab283d030cfed0cfa4b1be99d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.10-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|48bf50ce4b7423dc3647051bcc95fe21369e6c4ab283d030cfed0cfa4b1be99d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/dast_vuln_app/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6399, "scanner": "repobility-docker", "fingerprint": "b76b57f9658b87b346e57d49d3d56c807ea0b9fb48221ee30d8201fd8a7c1646", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.13.3-alpine3.20", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b76b57f9658b87b346e57d49d3d56c807ea0b9fb48221ee30d8201fd8a7c1646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6398, "scanner": "repobility-threat-engine", "fingerprint": "ab5505bbacaa2a92b0d2d7708d919325cccc66477add1e591a4fc0855dd4a047", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab5505bbacaa2a92b0d2d7708d919325cccc66477add1e591a4fc0855dd4a047"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/mysql_bruter.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6397, "scanner": "repobility-threat-engine", "fingerprint": "badeb3a17b6e114d250aecd5d9c2ef503cd0bb682764bbe712c7704ce0e542fd", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|badeb3a17b6e114d250aecd5d9c2ef503cd0bb682764bbe712c7704ce0e542fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/dangling_dns_detector.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6396, "scanner": "repobility-threat-engine", "fingerprint": "477202b6b6a2f4c57223300ad461835483342d6271d5fab70622eedf0327bc03", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|477202b6b6a2f4c57223300ad461835483342d6271d5fab70622eedf0327bc03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/postgresql_bruter.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 6390, "scanner": "repobility-threat-engine", "fingerprint": "46b75d2763cc6a0aabfade8bdd9cda2e5944724268be3f018c0cd1efd6d8dc39", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|68|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/ftp_bruter.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 6389, "scanner": "repobility-threat-engine", "fingerprint": "9911e0eba0147d5ec9b6536ca3791801515b88716bd55b9bbcc0de6cfc2d728e", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "CERT_NONE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|77|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/port_scanner.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 6388, "scanner": "repobility-threat-engine", "fingerprint": "b88ab0b9c9880e41011366fe3f5b6a194e1ea9166f3d68a57f915b334e9d124f", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|artemis/http_requests.py|113|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/http_requests.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f26ef25d254806d1c47538a08bc3a57f6c43024188004018ed0de8159b00819d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "artemis/modules/joomla_extensions.py", "duplicate_line": 64, "correlation_key": "fp|f26ef25d254806d1c47538a08bc3a57f6c43024188004018ed0de8159b00819d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/wordpress_plugins.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 49455, "scanner": "repobility-web-presence", "fingerprint": "556ce1afacf5e6d89d42dc819f9a33cca41e963552cd533efb25caea64637979", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|556ce1afacf5e6d89d42dc819f9a33cca41e963552cd533efb25caea64637979"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 49265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06f754a5ea1510cc12cbfeaebd45e8eb3563918a8c4070b3414e17f7fe1c1b3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "artemis/modules/joomla_extensions.py", "duplicate_line": 64, "correlation_key": "fp|06f754a5ea1510cc12cbfeaebd45e8eb3563918a8c4070b3414e17f7fe1c1b3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/wordpress_plugins.py"}, "region": {"startLine": 350}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 6484, "scanner": "repobility-web-presence", "fingerprint": "f97f8f96f71d1090c7128ec06fd3b97a121b845986dfa0ecb130c9274c5b3208", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|f97f8f96f71d1090c7128ec06fd3b97a121b845986dfa0ecb130c9274c5b3208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/api_scanner.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 6423, "scanner": "repobility-docker", "fingerprint": "3dfeb854af415af028d8f38a4804b9c01283364cfd0de8a37e54321e525ed6ec", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3dfeb854af415af028d8f38a4804b9c01283364cfd0de8a37e54321e525ed6ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 91}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 6422, "scanner": "repobility-docker", "fingerprint": "106baf83cf4f93e8f7b195bfb603f1f154b7b62ca2765d5a85a134d108e87ede", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "web", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|106baf83cf4f93e8f7b195bfb603f1f154b7b62ca2765d5a85a134d108e87ede"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 91}}}]}, {"ruleId": "DKC012", "level": "note", "message": {"text": "Compose service performs heavy setup work on every startup"}, "properties": {"repobilityId": 6420, "scanner": "repobility-docker", "fingerprint": "3656a20c58181e7127ff32274688474242448c50b3c3c8900b30482b483eaae1", "category": "docker", "severity": "low", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Service command or entrypoint contains migration/static setup work.", "evidence": {"rule_id": "DKC012", "scanner": "repobility-docker", "service": "autoarchiver", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/compose/how-tos/environment-variables/best-practices/"], "correlation_key": "fp|3656a20c58181e7127ff32274688474242448c50b3c3c8900b30482b483eaae1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DKC012", "level": "note", "message": {"text": "Compose service performs heavy setup work on every startup"}, "properties": {"repobilityId": 6417, "scanner": "repobility-docker", "fingerprint": "1b45f3da5da25f62b98af6a0289bdceed7a1ea4567ecf16337ad6e15aaeb0a31", "category": "docker", "severity": "low", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Service command or entrypoint contains migration/static setup work.", "evidence": {"rule_id": "DKC012", "scanner": "repobility-docker", "service": "cleanup", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/compose/how-tos/environment-variables/best-practices/"], "correlation_key": "fp|1b45f3da5da25f62b98af6a0289bdceed7a1ea4567ecf16337ad6e15aaeb0a31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 70}}}]}, {"ruleId": "DKC012", "level": "note", "message": {"text": "Compose service performs heavy setup work on every startup"}, "properties": {"repobilityId": 6415, "scanner": "repobility-docker", "fingerprint": "c4cd70567506a035628fe3d26d265a9185ad6907d7c0d9027d57e8587fd29e3b", "category": "docker", "severity": "low", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Service command or entrypoint contains migration/static setup work.", "evidence": {"rule_id": "DKC012", "scanner": "repobility-docker", "service": "autoreporter", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/compose/how-tos/environment-variables/best-practices/"], "correlation_key": "fp|c4cd70567506a035628fe3d26d265a9185ad6907d7c0d9027d57e8587fd29e3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 61}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 6410, "scanner": "repobility-docker", "fingerprint": "5205a4dd3e47f7e58f5c82d35e74d49849996f9cdf218102616d6e8dc37495a9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "redis", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|5205a4dd3e47f7e58f5c82d35e74d49849996f9cdf218102616d6e8dc37495a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 6401, "scanner": "repobility-docker", "fingerprint": "eda852adcfd3db05ecc20de02464d2554fc21055f91dc3649470da5aa361ee9e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|eda852adcfd3db05ecc20de02464d2554fc21055f91dc3649470da5aa361ee9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/dast_vuln_app/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 6400, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7e390a6448686354f2dda8fa98055ced05b78f4feeab47c8c82cc10d3431552", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/data/php_easy_admin_password/index.php", "duplicate_line": 11, "correlation_key": "fp|a7e390a6448686354f2dda8fa98055ced05b78f4feeab47c8c82cc10d3431552"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/php_redirect_login/index.php"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2be7889b6ab0ab662e9fbf4465cd0e8cd9979e503aef2e301ed23c5b59e0cec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "artemis/modules/data/parameters.py", "duplicate_line": 3, "correlation_key": "fp|b2be7889b6ab0ab662e9fbf4465cd0e8cd9979e503aef2e301ed23c5b59e0cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/sql_injection_data.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69a82d214176d54b9bf58a4ccb46486b45796d4e40a25a189df7f2c9143fcedf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "artemis/reporting/modules/joomla_scanner/reporter.py", "duplicate_line": 43, "correlation_key": "fp|69a82d214176d54b9bf58a4ccb46486b45796d4e40a25a189df7f2c9143fcedf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/wp_scanner/reporter.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "294db93ba3969d4fc4bc0b87686e5100672725d2a20d4cd8b2acf099a43773d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "artemis/reporting/modules/ftp_bruter/reporter.py", "duplicate_line": 15, "correlation_key": "fp|294db93ba3969d4fc4bc0b87686e5100672725d2a20d4cd8b2acf099a43773d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/mysql_or_postgres_bruter/reporter.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-lfi_detector` image is selected through a build variable"}, "properties": {"repobilityId": 49435, "scanner": "repobility-docker", "fingerprint": "36d1ebd2785af4b504dd8d6690ca27ae28b6dddcad5f023800cad1470c2cf721", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|36d1ebd2785af4b504dd8d6690ca27ae28b6dddcad5f023800cad1470c2cf721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 402}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wp_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 49434, "scanner": "repobility-docker", "fingerprint": "bf71dc470510c380f9e734566df4bc041dff8a2c1161df863678a8d9b27ee989", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bf71dc470510c380f9e734566df4bc041dff8a2c1161df863678a8d9b27ee989"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 395}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wordpress_plugins` image is selected through a build variable"}, "properties": {"repobilityId": 49433, "scanner": "repobility-docker", "fingerprint": "70700cc065190020762ba59bedd91ea3679385ba50c827a9df30da4b13cfa4ef", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|70700cc065190020762ba59bedd91ea3679385ba50c827a9df30da4b13cfa4ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 388}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wordpress_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 49432, "scanner": "repobility-docker", "fingerprint": "ab9fa0bec0b76ee51476583407d502c9b406eaa10735715ed0cb26d3c5476ada", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ab9fa0bec0b76ee51476583407d502c9b406eaa10735715ed0cb26d3c5476ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 381}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-vcs` image is selected through a build variable"}, "properties": {"repobilityId": 49431, "scanner": "repobility-docker", "fingerprint": "8978ff6d7a1d08c65c68c5fd27606b0f910d2de5626b44d7452964ac0d314b55", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|8978ff6d7a1d08c65c68c5fd27606b0f910d2de5626b44d7452964ac0d314b55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 374}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-subdomain_enumeration` image is selected through a build variable"}, "properties": {"repobilityId": 49430, "scanner": "repobility-docker", "fingerprint": "ae0c852e5684f5214c9beee1621e603aca6c1e7c235c37b2e7987cbd857151e3", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ae0c852e5684f5214c9beee1621e603aca6c1e7c235c37b2e7987cbd857151e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 348}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ssh_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 49429, "scanner": "repobility-docker", "fingerprint": "05e7f189395aed3364a26e57d80bbd713367799d19342fe7abf611e7765654c7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|05e7f189395aed3364a26e57d80bbd713367799d19342fe7abf611e7765654c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 341}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ssh_bad_keys` image is selected through a build variable"}, "properties": {"repobilityId": 49428, "scanner": "repobility-docker", "fingerprint": "30d2dd1d2bd898ebac9465ba029807b96061fe34184ba4b34f6eaaa750b891ad", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|30d2dd1d2bd898ebac9465ba029807b96061fe34184ba4b34f6eaaa750b891ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 334}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-sql_injection_detector` image is selected through a build variable"}, "properties": {"repobilityId": 49427, "scanner": "repobility-docker", "fingerprint": "3583cbefe0ad6c522f6ec98b6da9418b39f009dcc1d3bde8db0ca38b9fafae44", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|3583cbefe0ad6c522f6ec98b6da9418b39f009dcc1d3bde8db0ca38b9fafae44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 327}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-shodan_vulns` image is selected through a build variable"}, "properties": {"repobilityId": 49426, "scanner": "repobility-docker", "fingerprint": "d93ede8c866f48738a2e457b0d7d0d17083f932b7cd8a0234e9cb59c84c4fd2e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d93ede8c866f48738a2e457b0d7d0d17083f932b7cd8a0234e9cb59c84c4fd2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 320}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-scripts_unregistered_domains` image is selected through a build variable"}, "properties": {"repobilityId": 49425, "scanner": "repobility-docker", "fingerprint": "5a212a744c71234f67a17b8b116389e625fd31a011df2472187634c51d8eaa1a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|5a212a744c71234f67a17b8b116389e625fd31a011df2472187634c51d8eaa1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 313}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-robots` image is selected through a build variable"}, "properties": {"repobilityId": 49424, "scanner": "repobility-docker", "fingerprint": "821f3c376617ede828ff51ecae4577d8941e7d647c77c445c8f06629874db1b2", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|821f3c376617ede828ff51ecae4577d8941e7d647c77c445c8f06629874db1b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 306}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-reverse_dns` image is selected through a build variable"}, "properties": {"repobilityId": 49423, "scanner": "repobility-docker", "fingerprint": "02de95754d48e43a9ba0a57f8ffd6bcf184165b568511e7a5b93cf52a69aadab", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|02de95754d48e43a9ba0a57f8ffd6bcf184165b568511e7a5b93cf52a69aadab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 299}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-removed_domain_existing_vhost` image is selected through a build variable"}, "properties": {"repobilityId": 49422, "scanner": "repobility-docker", "fingerprint": "bd0405601c9f00877794f38c6ea4c60e286726fc510176115d0bf2cf71362c63", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bd0405601c9f00877794f38c6ea4c60e286726fc510176115d0bf2cf71362c63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-port_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 49421, "scanner": "repobility-docker", "fingerprint": "b7802b9b5a6233b9266b8738d2207ef1830e64d076d27eafa763050b39286a4e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b7802b9b5a6233b9266b8738d2207ef1830e64d076d27eafa763050b39286a4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 278}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-nuclei-router` image is selected through a build variable"}, "properties": {"repobilityId": 49420, "scanner": "repobility-docker", "fingerprint": "25c4dc641019d2774a744bff5a7cbc49ba15a943710144cb1a14515af312ea47", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|25c4dc641019d2774a744bff5a7cbc49ba15a943710144cb1a14515af312ea47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 49419, "scanner": "repobility-threat-engine", "fingerprint": "6cc9dbdf5bf5dc4e9281bc7816b6ec39846fb4a286af7e49da2263097e087d98", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cc9dbdf5bf5dc4e9281bc7816b6ec39846fb4a286af7e49da2263097e087d98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "utils/slow_pusher/slow_pusher.sh"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 49406, "scanner": "repobility-threat-engine", "fingerprint": "047a7267406086e2108203abd032c46948ec5a03fe93e2694e9004057206035b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|047a7267406086e2108203abd032c46948ec5a03fe93e2694e9004057206035b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/wordfence.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 49405, "scanner": "repobility-threat-engine", "fingerprint": "ea215cbaa41bce551c7d389b1e995627aa041f0483d721b2a3f39d3b8510f912", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea215cbaa41bce551c7d389b1e995627aa041f0483d721b2a3f39d3b8510f912"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/reverse_dns_lookup.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 49404, "scanner": "repobility-threat-engine", "fingerprint": "8713af9c06c93bf252afe83cabe56d70a3e9615b20298b6286ed5f3900359664", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8713af9c06c93bf252afe83cabe56d70a3e9615b20298b6286ed5f3900359664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 49402, "scanner": "repobility-threat-engine", "fingerprint": "a04a21e1e338b7d170ec0aac22bfe1d9cbba12c2e76308f2e2b78eeefeac538f", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|a04a21e1e338b7d170ec0aac22bfe1d9cbba12c2e76308f2e2b78eeefeac538f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/reverse_dns_lookup.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 49399, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 49395, "scanner": "repobility-threat-engine", "fingerprint": "bb0f0645c53dd53a2881272ebddc5b10f2f8c07d678fc34cb2964aafdaa17d8a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bb0f0645c53dd53a2881272ebddc5b10f2f8c07d678fc34cb2964aafdaa17d8a", "aggregated_count": 2}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 49394, "scanner": "repobility-threat-engine", "fingerprint": "cc3972044da2b94bb9636e7286759b983796722eb1be0093aa034d47c6c1e716", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc3972044da2b94bb9636e7286759b983796722eb1be0093aa034d47c6c1e716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/classifier.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 49393, "scanner": "repobility-threat-engine", "fingerprint": "9e2af3f5ac449d70d077914cf8170570ff7263d6a83fc29624598d93eca747ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e2af3f5ac449d70d077914cf8170570ff7263d6a83fc29624598d93eca747ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/fallback_api_cache.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 49392, "scanner": "repobility-threat-engine", "fingerprint": "8e3efc6f47b567afec9ef9b3e40514490787ac8ea1e228daacb49d940a278723", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8e3efc6f47b567afec9ef9b3e40514490787ac8ea1e228daacb49d940a278723"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/blocklist.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 49391, "scanner": "repobility-threat-engine", "fingerprint": "1bbbd70fa5d60f2416cb36a49f8da847ba4197195993de23f811a09759133264", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1bbbd70fa5d60f2416cb36a49f8da847ba4197195993de23f811a09759133264", "aggregated_count": 23}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49390, "scanner": "repobility-threat-engine", "fingerprint": "7eca7190ea0841de65f933855ad1eb6a0560587b8655471ddb42df3b60010bdb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7eca7190ea0841de65f933855ad1eb6a0560587b8655471ddb42df3b60010bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/fallback_api_cache.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49389, "scanner": "repobility-threat-engine", "fingerprint": "d5bfd25db7d3705d13c35f5b019e9e4dc0845c838b6f37d2656a22e04e1c4a6d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5bfd25db7d3705d13c35f5b019e9e4dc0845c838b6f37d2656a22e04e1c4a6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/cleanup.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 49388, "scanner": "repobility-threat-engine", "fingerprint": "d7f50d6f9032735956eb3a5eb0302bf1e8aaf04a7c23a2b05fbc629e750c27eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d7f50d6f9032735956eb3a5eb0302bf1e8aaf04a7c23a2b05fbc629e750c27eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/blocklist.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 49387, "scanner": "repobility-threat-engine", "fingerprint": "a9cd3dfdb88c4ab2e663fdce8c44e30de99d61cc5311baf8505f74a40d4e7706", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a9cd3dfdb88c4ab2e663fdce8c44e30de99d61cc5311baf8505f74a40d4e7706", "aggregated_count": 11}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 49383, "scanner": "repobility-threat-engine", "fingerprint": "780a0501c66ee1f93c7ad6a1880fe4a0714b229ea369f95234876291f91abd3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|780a0501c66ee1f93c7ad6a1880fe4a0714b229ea369f95234876291f91abd3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/csrf.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 49382, "scanner": "repobility-threat-engine", "fingerprint": "5651268eacc2f33919012feb386f33db8db4823e3d06051f3b6780c4bfcccabf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5651268eacc2f33919012feb386f33db8db4823e3d06051f3b6780c4bfcccabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/auth.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "properties": {"repobilityId": 49379, "scanner": "repobility-threat-engine", "fingerprint": "7b1079a9027a59b20567376066c674a8298c082363d5274ad79fe72ab4d751b4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "add", "breakdown": {"if": 8, "for": 2, "elif": 1, "else": 2, "except": 1, "nested_bonus": 11}, "aggregated": true, "complexity": 25, "correlation_key": "fp|7b1079a9027a59b20567376066c674a8298c082363d5274ad79fe72ab4d751b4", "aggregated_count": 79}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 49375, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49374, "scanner": "repobility-threat-engine", "fingerprint": "5b33280660e32d68840ef78bf0161b6c9681b1e703de40b88e4a8b684c1c011e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b33280660e32d68840ef78bf0161b6c9681b1e703de40b88e4a8b684c1c011e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/base/normal_form.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49373, "scanner": "repobility-threat-engine", "fingerprint": "c54a506fc51a736beb934118712463e89a860ea70e2a5928e39c5c5ba3ff6ff4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c54a506fc51a736beb934118712463e89a860ea70e2a5928e39c5c5ba3ff6ff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/placeholder_page_detector.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 49372, "scanner": "repobility-threat-engine", "fingerprint": "0ba79ba37e12968870944c7a1d2512e1673ac252b45907a8c93b0e18e6226d22", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ba79ba37e12968870944c7a1d2512e1673ac252b45907a8c93b0e18e6226d22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 49371, "scanner": "repobility-threat-engine", "fingerprint": "648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d"}}}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-lfi_detector` image is selected through a build variable"}, "properties": {"repobilityId": 6460, "scanner": "repobility-docker", "fingerprint": "94390043a815bddd46a857119eff41f07a4868aa5aa8079baceeefd14e4b129f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|94390043a815bddd46a857119eff41f07a4868aa5aa8079baceeefd14e4b129f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 395}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wp_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6459, "scanner": "repobility-docker", "fingerprint": "dcfa961c9da3adeb571f7b92dd5d529c5129990fb6606d44431f7b9e53405d15", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|dcfa961c9da3adeb571f7b92dd5d529c5129990fb6606d44431f7b9e53405d15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 388}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wordpress_plugins` image is selected through a build variable"}, "properties": {"repobilityId": 6458, "scanner": "repobility-docker", "fingerprint": "6b1f8ae5a11be5e0f182a2fe741a68ad99aa5ed959261ed8948a40d16946e83c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|6b1f8ae5a11be5e0f182a2fe741a68ad99aa5ed959261ed8948a40d16946e83c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 381}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-wordpress_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6457, "scanner": "repobility-docker", "fingerprint": "3e365f00b38d91fc22a60f0bd65d93ba36764a547716640e06a2a6acac9cb11c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|3e365f00b38d91fc22a60f0bd65d93ba36764a547716640e06a2a6acac9cb11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 374}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-vcs` image is selected through a build variable"}, "properties": {"repobilityId": 6456, "scanner": "repobility-docker", "fingerprint": "2dad6bb28d56951697efa2b43adea6fd7b0b193b464332d681823d0017961c90", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|2dad6bb28d56951697efa2b43adea6fd7b0b193b464332d681823d0017961c90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 367}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-subdomain_enumeration` image is selected through a build variable"}, "properties": {"repobilityId": 6455, "scanner": "repobility-docker", "fingerprint": "578a8df2444950b6439c60e341bc4b813b4b7bfab7417cf50a3b3c70a048787b", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|578a8df2444950b6439c60e341bc4b813b4b7bfab7417cf50a3b3c70a048787b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 341}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ssh_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6454, "scanner": "repobility-docker", "fingerprint": "a060b983b7e4c0e53ace601f435e49c95b483f9f87c7dbf80a1260a6806ccd60", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a060b983b7e4c0e53ace601f435e49c95b483f9f87c7dbf80a1260a6806ccd60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 334}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ssh_bad_keys` image is selected through a build variable"}, "properties": {"repobilityId": 6453, "scanner": "repobility-docker", "fingerprint": "1b27ee01d4c673cea2fc990245e006ab4765a20dfc3e0fe9ac41ade88044f336", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1b27ee01d4c673cea2fc990245e006ab4765a20dfc3e0fe9ac41ade88044f336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 327}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-sql_injection_detector` image is selected through a build variable"}, "properties": {"repobilityId": 6452, "scanner": "repobility-docker", "fingerprint": "983bc659ae8a1ba827c517c3a1934b5c01ec30952f6ecafd6888b67268e19096", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|983bc659ae8a1ba827c517c3a1934b5c01ec30952f6ecafd6888b67268e19096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 320}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-shodan_vulns` image is selected through a build variable"}, "properties": {"repobilityId": 6451, "scanner": "repobility-docker", "fingerprint": "ea656230ef9e9158994989f9e5590856953fc150ea1af6dd1e4b3658cc729ec5", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ea656230ef9e9158994989f9e5590856953fc150ea1af6dd1e4b3658cc729ec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 313}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-scripts_unregistered_domains` image is selected through a build variable"}, "properties": {"repobilityId": 6450, "scanner": "repobility-docker", "fingerprint": "a2c0a5c8e48bc1b9d5a270661c858463558435eee6af5415053c442bef28ca6f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a2c0a5c8e48bc1b9d5a270661c858463558435eee6af5415053c442bef28ca6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 306}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-robots` image is selected through a build variable"}, "properties": {"repobilityId": 6449, "scanner": "repobility-docker", "fingerprint": "a466089ed73f3003752e4045731bea68082b7841029a2227dd4f139c9a1ca7e0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a466089ed73f3003752e4045731bea68082b7841029a2227dd4f139c9a1ca7e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 299}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-reverse_dns` image is selected through a build variable"}, "properties": {"repobilityId": 6448, "scanner": "repobility-docker", "fingerprint": "d30006c7acdae2627b290cf6f5710ad681374f198cb9ef1f30f900f65435b2a9", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d30006c7acdae2627b290cf6f5710ad681374f198cb9ef1f30f900f65435b2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-postgresql_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6447, "scanner": "repobility-docker", "fingerprint": "a8f9cdf8a4aef734847fd67032ee1bdee6df48ff0fb28bcd612a6cf6ee97d9df", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a8f9cdf8a4aef734847fd67032ee1bdee6df48ff0fb28bcd612a6cf6ee97d9df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 285}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-postgresql_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6446, "scanner": "repobility-docker", "fingerprint": "7b7c4fffc0863db2b51337ffc8be91aeeb89d9553da19c3ab2c012763e843f8e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7b7c4fffc0863db2b51337ffc8be91aeeb89d9553da19c3ab2c012763e843f8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 278}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-port_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6445, "scanner": "repobility-docker", "fingerprint": "89c21979e45f8621b86d79c9083d35eaa3478c55c43b812529067700e192afa4", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|89c21979e45f8621b86d79c9083d35eaa3478c55c43b812529067700e192afa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 271}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-nuclei` image is selected through a build variable"}, "properties": {"repobilityId": 6444, "scanner": "repobility-docker", "fingerprint": "90ca862fdf90ac3cd0d677e29b4dd3833acd156644144630b38088a3e0e28aaa", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|90ca862fdf90ac3cd0d677e29b4dd3833acd156644144630b38088a3e0e28aaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 259}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-mysql_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6443, "scanner": "repobility-docker", "fingerprint": "4bdf82daf1f1d3e6e012a5c72cfbc269acaa147b1ee442dafba4ddb3552e92e7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4bdf82daf1f1d3e6e012a5c72cfbc269acaa147b1ee442dafba4ddb3552e92e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 252}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-mail_dns_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6442, "scanner": "repobility-docker", "fingerprint": "3ed3c0d7581d10a9040cad1fad007560494b9aca02793f4f34debe8e3dc17ad2", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|3ed3c0d7581d10a9040cad1fad007560494b9aca02793f4f34debe8e3dc17ad2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 245}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-logger` image is selected through a build variable"}, "properties": {"repobilityId": 6441, "scanner": "repobility-docker", "fingerprint": "07f02dca871550a619528796c303604893042c34373a616dc7f08bfe73694eb3", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|07f02dca871550a619528796c303604893042c34373a616dc7f08bfe73694eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 238}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-joomla_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6440, "scanner": "repobility-docker", "fingerprint": "cc8a88dcf424432f5a6a54648aec978f31f444eca022cf3a8e7f93e8110bf7df", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|cc8a88dcf424432f5a6a54648aec978f31f444eca022cf3a8e7f93e8110bf7df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 231}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-joomla_extensions` image is selected through a build variable"}, "properties": {"repobilityId": 6439, "scanner": "repobility-docker", "fingerprint": "a7cac306ef06f27d445f57c07f57e5fef736098274098d22c5cbe89e39530243", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a7cac306ef06f27d445f57c07f57e5fef736098274098d22c5cbe89e39530243"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 224}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ip_lookup` image is selected through a build variable"}, "properties": {"repobilityId": 6438, "scanner": "repobility-docker", "fingerprint": "facdeee626b0934411a2e24835023216852af2e495dd454bdcb49539caaf023a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|facdeee626b0934411a2e24835023216852af2e495dd454bdcb49539caaf023a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 217}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-identifier` image is selected through a build variable"}, "properties": {"repobilityId": 6437, "scanner": "repobility-docker", "fingerprint": "7809e0329addc8fbe6685dc5b1a86efae5c9f2b6c12a51c42a2067b3d5cf3186", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7809e0329addc8fbe6685dc5b1a86efae5c9f2b6c12a51c42a2067b3d5cf3186"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 210}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-humble` image is selected through a build variable"}, "properties": {"repobilityId": 6436, "scanner": "repobility-docker", "fingerprint": "5a5bc9de4d06462b462574556d6f4c10dbead0b9528d8fcde7399fa8eb778f5e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|5a5bc9de4d06462b462574556d6f4c10dbead0b9528d8fcde7399fa8eb778f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 203}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-ftp_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6435, "scanner": "repobility-docker", "fingerprint": "ff8793196f8b2f611c5923ee51961d7a2cfaad65ca6b96bb4280829fccd088d9", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ff8793196f8b2f611c5923ee51961d7a2cfaad65ca6b96bb4280829fccd088d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 196}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-example` image is selected through a build variable"}, "properties": {"repobilityId": 6434, "scanner": "repobility-docker", "fingerprint": "9fa120e1ee0696029d5edf2a876dbf2a2c0b580eeac7613d607ccd7082fa03e0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9fa120e1ee0696029d5edf2a876dbf2a2c0b580eeac7613d607ccd7082fa03e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 189}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-drupal_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6433, "scanner": "repobility-docker", "fingerprint": "ce9a3733ec014ae2eb360eb9974c28098ad4ca75b503e167b3f5855ffb4a7094", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|ce9a3733ec014ae2eb360eb9974c28098ad4ca75b503e167b3f5855ffb4a7094"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 182}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-domain_expiration_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6432, "scanner": "repobility-docker", "fingerprint": "19307f9e63b23dc9eddceac6a87d11063f4e9206ce43ef17d0a3d9a5427f0235", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|19307f9e63b23dc9eddceac6a87d11063f4e9206ce43ef17d0a3d9a5427f0235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 175}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-dns_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6431, "scanner": "repobility-docker", "fingerprint": "4fb6cfd50f26d02126dbd807d9c010581e0419fb131a2dd5952627ec2919c479", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4fb6cfd50f26d02126dbd807d9c010581e0419fb131a2dd5952627ec2919c479"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 168}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-directory_index` image is selected through a build variable"}, "properties": {"repobilityId": 6430, "scanner": "repobility-docker", "fingerprint": "9ae663a197e5258b3873bdbc0d470582eed36119592b343fcf31727fd093180d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9ae663a197e5258b3873bdbc0d470582eed36119592b343fcf31727fd093180d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 161}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-device_identifier` image is selected through a build variable"}, "properties": {"repobilityId": 6429, "scanner": "repobility-docker", "fingerprint": "d26e14f54379eb2cacc0540404e2ab9b775b0d605fe4d47fc66e2101ffbc0b21", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d26e14f54379eb2cacc0540404e2ab9b775b0d605fe4d47fc66e2101ffbc0b21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 154}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-dangling-dns-detector` image is selected through a build variable"}, "properties": {"repobilityId": 6428, "scanner": "repobility-docker", "fingerprint": "962638e13cc39dded53a517f8772a1be228a5e258bded0938fc7cfddb44887b4", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|962638e13cc39dded53a517f8772a1be228a5e258bded0938fc7cfddb44887b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 129}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-classifier` image is selected through a build variable"}, "properties": {"repobilityId": 6427, "scanner": "repobility-docker", "fingerprint": "82d4e6270504fbd6311ec936f464e6af2ea7d4ddad7a1d396a671c41560d0c4f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|82d4e6270504fbd6311ec936f464e6af2ea7d4ddad7a1d396a671c41560d0c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 122}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6426, "scanner": "repobility-docker", "fingerprint": "fbc839bf3edfb4a3b19ef47c908c04200e0e269264725385c34989091c112b76", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fbc839bf3edfb4a3b19ef47c908c04200e0e269264725385c34989091c112b76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 115}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-admin_panel_login_bruter` image is selected through a build variable"}, "properties": {"repobilityId": 6425, "scanner": "repobility-docker", "fingerprint": "f30f87f51f56a71febdbeaac2808a4eee31b806837f61b242b74331d4a7a6dda", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|f30f87f51f56a71febdbeaac2808a4eee31b806837f61b242b74331d4a7a6dda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 108}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `karton-api_scanner` image is selected through a build variable"}, "properties": {"repobilityId": 6424, "scanner": "repobility-docker", "fingerprint": "c01aa0f979a8a784fdead7becd7d709c8de0ce35ee92e1a00001ede37e829982", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|c01aa0f979a8a784fdead7becd7d709c8de0ce35ee92e1a00001ede37e829982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 101}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `web` image is selected through a build variable"}, "properties": {"repobilityId": 6421, "scanner": "repobility-docker", "fingerprint": "789fe87de8f869d2f14c3fb3a8ce0dfd8a0a4621820b5e2b1f33e34443de4057", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|789fe87de8f869d2f14c3fb3a8ce0dfd8a0a4621820b5e2b1f33e34443de4057"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 91}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `autoarchiver` image is selected through a build variable"}, "properties": {"repobilityId": 6419, "scanner": "repobility-docker", "fingerprint": "7e5a2c41f7cff961648fa183edce6670af9ebb5d3aeb045b2d77b65d6cb99a2d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|7e5a2c41f7cff961648fa183edce6670af9ebb5d3aeb045b2d77b65d6cb99a2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `metrics` image is selected through a build variable"}, "properties": {"repobilityId": 6418, "scanner": "repobility-docker", "fingerprint": "99470fae11cad7f12657f5eebb032724aa009228360f9250382fccf453ac2267", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|99470fae11cad7f12657f5eebb032724aa009228360f9250382fccf453ac2267"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 76}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `cleanup` image is selected through a build variable"}, "properties": {"repobilityId": 6416, "scanner": "repobility-docker", "fingerprint": "1e31724497d1bd0a5680317b7033387f63c639ac449dda85546b391dea686cd4", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1e31724497d1bd0a5680317b7033387f63c639ac449dda85546b391dea686cd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 70}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `autoreporter` image is selected through a build variable"}, "properties": {"repobilityId": 6414, "scanner": "repobility-docker", "fingerprint": "4fac5d430f0b7f4e443d1baac9c39ac67fa5242a8dd5f44418ac2eaec79d2cad", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${ARTEMIS_BUILD_IMAGE:-certpl/artemis:latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4fac5d430f0b7f4e443d1baac9c39ac67fa5242a8dd5f44418ac2eaec79d2cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC014", "level": "none", "message": {"text": "[SEC014] SSL Verification Disabled (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 6391, "scanner": "repobility-threat-engine", "fingerprint": "670606c6c3e5e89cd3de3c0836f9f4adf744ad887db5c8a30366ab7cb074807b", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|670606c6c3e5e89cd3de3c0836f9f4adf744ad887db5c8a30366ab7cb074807b"}}}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/delete/{id}."}, "properties": {"repobilityId": 49444, "scanner": "repobility-access-control", "fingerprint": "e86d242cf676a6c40a7366a3e946837139cbb4dabe0478fc0e94fead9b3edc98", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/api.py|254|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 49443, "scanner": "repobility-access-control", "fingerprint": "890281c13a65eccacab67d3426bff42c3a2a269d5d7a0187bf26af26f8cefc3a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/api.py|248|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /task/{task_id}."}, "properties": {"repobilityId": 49442, "scanner": "repobility-access-control", "fingerprint": "db2e8715cecc91a16cf7116ecda0516548cbfade81b10352d10ce4a9cddcbd39", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/task/{task_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|543|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 543}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /analysis/{root_id}."}, "properties": {"repobilityId": 49441, "scanner": "repobility-access-control", "fingerprint": "48e4bbf234da608f29f13722458b45c55a4df75bcf4edebfdcd5268f2d014842", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/{root_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|500|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 500}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /analysis/get-pending-tasks/{analysis_id}."}, "properties": {"repobilityId": 49440, "scanner": "repobility-access-control", "fingerprint": "4e32bd9577ab257e7abc89c35a44f37622b0f04d2ac44b56c82f54f095eaef7f", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/get-pending-tasks/{analysis_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|415|cwe-639", "identity_targets": ["unknown", "owner", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 415}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /analysis/remove-pending-tasks/{analysis_id}."}, "properties": {"repobilityId": 49439, "scanner": "repobility-access-control", "fingerprint": "d38741ce7f2b90e110bd96ac61467cd1e678f9c6692d5a4624d2d8ea3dfd7ee3", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/remove-pending-tasks/{analysis_id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|399|cwe-639", "identity_targets": ["unknown", "owner", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 399}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 49438, "scanner": "repobility-access-control", "fingerprint": "9247e62090b58b6a16c72792e937946d3c68099d93317d649ddf5049fe194a3d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|358|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/confirm-delete/{id}."}, "properties": {"repobilityId": 49437, "scanner": "repobility-access-control", "fingerprint": "2424a2b8d7b9239b8e23cbac9d60ae18950ecef3cc6458642a943ab17e3ae82e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/confirm-delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|332|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/view/{id}."}, "properties": {"repobilityId": 49436, "scanner": "repobility-access-control", "fingerprint": "6d427ed56899b47fc0d10ab1e4b0afccc8910c1a7bfe30ccff52e00e2cf7ca7a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/view/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|280|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 49415, "scanner": "repobility-threat-engine", "fingerprint": "9e35830ab33bb714c7f95298664e50464f61af6ffb5d12bb9423456b07ee1be1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/build-html-message\")\nasync def post_build_html_message(language: str = Body()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9e35830ab33bb714c7f95298664e50464f61af6ffb5d12bb9423456b07ee1be1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/api.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC088", "level": "error", "message": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "properties": {"repobilityId": 49414, "scanner": "repobility-threat-engine", "fingerprint": "616bbc5a446962c67840ad5f7f9024b07be25dd1879b506c27f665ac3e1bf4d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "InsecureSkipVerify: true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC088", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|616bbc5a446962c67840ad5f7f9024b07be25dd1879b506c27f665ac3e1bf4d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/utils/wappalyzer/main.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 49413, "scanner": "repobility-threat-engine", "fingerprint": "d70960a8340278428ed6240199a5b183b741251293b2c29788d1f8aaa056e2a3", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|192|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/vcs/reporter.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 49412, "scanner": "repobility-threat-engine", "fingerprint": "074a7d78a7a14a73a35367936ec1ca0a419eb7f4442a508ab8dec7d7af393656", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".set_missing_host_key_policy(paramiko.AutoAddPolicy", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|64|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/ssh_bruter.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC082", "level": "error", "message": {"text": "[SEC082] Python: paramiko AutoAddPolicy or no host-key verification: AutoAddPolicy / WarningPolicy disables SSH host-key verification \u2014 vulnerable to MITM. Ported from bandit B507 / dlint DUO133 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 49411, "scanner": "repobility-threat-engine", "fingerprint": "a2d286e75be8682e9df8bc35dc2e981457ea44ec75a905dc73bd3d2ed137381f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "paramiko.AutoAddPolicy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC082", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a2d286e75be8682e9df8bc35dc2e981457ea44ec75a905dc73bd3d2ed137381f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/ssh_bruter.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 49410, "scanner": "repobility-threat-engine", "fingerprint": "3b540a0d170fd4c7d2a6861b9a18fbd2d3485ee3d0122b319c84c42d407b4f3d", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search('<meta name=\"generator\" content=\"WordPress ([0-9]+\\\\.[0-9]+\\\\.[0-9]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|76|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/wp_scanner.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 49409, "scanner": "repobility-threat-engine", "fingerprint": "4b603792ab30edc063739fe764f448b1f9af16d72829e2cdfa8cb416668fd863", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\"<version>([0-9]+\\\\.[0-9]+\\\\.[0-9]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|51|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/joomla_scanner.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 49408, "scanner": "repobility-threat-engine", "fingerprint": "8acea56aeee5a7e96b715c189ccd54ac03524bfb939c5e606fba159cae99c2d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8acea56aeee5a7e96b715c189ccd54ac03524bfb939c5e606fba159cae99c2d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/utils/wappalyzer/main.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 49407, "scanner": "repobility-threat-engine", "fingerprint": "10df2e2136bb0184915fadf4591a5de02170a4c50d340a16ad4c470d45adbe8f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10df2e2136bb0184915fadf4591a5de02170a4c50d340a16ad4c470d45adbe8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/http_requests.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 49403, "scanner": "repobility-threat-engine", "fingerprint": "84c31a12a2c8410b578f26b622b0411e90041c66d1bf98293e2bd1ba3418aadb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|84c31a12a2c8410b578f26b622b0411e90041c66d1bf98293e2bd1ba3418aadb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/wordfence.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 49401, "scanner": "repobility-threat-engine", "fingerprint": "aaf0a56b5d497b411f5f49d9e2d343f6e95bf64d2490c59a9d9405312bec1573", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aaf0a56b5d497b411f5f49d9e2d343f6e95bf64d2490c59a9d9405312bec1573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 49400, "scanner": "repobility-threat-engine", "fingerprint": "ab5a777a3a0f8f49428258412d6d441d17dfc5f905995764b35dbc8c084bd8cb", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|artemis/crawling.py|99|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49398, "scanner": "repobility-threat-engine", "fingerprint": "c284977c3a5e2be00fe629d1946807a44f7d54b6bce24cfda6a9b5979dcb6e53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "result.update({\"report_warnings\": self.report_warnings})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c284977c3a5e2be00fe629d1946807a44f7d54b6bce24cfda6a9b5979dcb6e53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/runtime_configuration/mail_dns_scanner_configuration.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49397, "scanner": "repobility-threat-engine", "fingerprint": "192610ce279edd821f33dfac63550f5aa55d1072d8c41afa1ece059e367e938b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tags_to_exclude.update(TECHNOLOGY_DETECTION_TAGS_TO_EXCLUDE[tech_name])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|192610ce279edd821f33dfac63550f5aa55d1072d8c41afa1ece059e367e938b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/nuclei_router.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 49396, "scanner": "repobility-threat-engine", "fingerprint": "88ef4cb0b446fb53f40046e80b9e6aba77d06a5a86fa981f1e3a2ef0ee302ca8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "backend.redis.delete(key)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|88ef4cb0b446fb53f40046e80b9e6aba77d06a5a86fa981f1e3a2ef0ee302ca8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/cleanup.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 49386, "scanner": "repobility-threat-engine", "fingerprint": "3c083f18046f274d87a08febbae3ef748c3e09d5928ed8362bba8d23aafaaa5e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c083f18046f274d87a08febbae3ef748c3e09d5928ed8362bba8d23aafaaa5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/karton_logger.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 49385, "scanner": "repobility-threat-engine", "fingerprint": "02f1764cfb6e212ba8adc107552ad3d556781557476229b4a608cbc48c171196", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|02f1764cfb6e212ba8adc107552ad3d556781557476229b4a608cbc48c171196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/fallback_api_cache.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 49384, "scanner": "repobility-threat-engine", "fingerprint": "3d5e52e48e6647339a1c5ab397cd7c07e98408244c0245598da1b3c8747d0b76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d5e52e48e6647339a1c5ab397cd7c07e98408244c0245598da1b3c8747d0b76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/blocklist.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `should_block_scanning` has cognitive complexity 69 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=13, for=1, if=22, nested_bonus=33."}, "properties": {"repobilityId": 49378, "scanner": "repobility-threat-engine", "fingerprint": "f76fe34a26751ecc0af65a8110acb23c20c2d9731f9abaa29d9356c2b94a00a2", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 69 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "should_block_scanning", "breakdown": {"if": 22, "for": 1, "continue": 13, "nested_bonus": 33}, "complexity": 69, "correlation_key": "fp|f76fe34a26751ecc0af65a8110acb23c20c2d9731f9abaa29d9356c2b94a00a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/blocklist.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `blocklist_reports` has cognitive complexity 114 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=17, for=2, if=26, nested_bonus=68, ternary=1."}, "properties": {"repobilityId": 49377, "scanner": "repobility-threat-engine", "fingerprint": "bfcb73d186b654ed1e0df91951c0e494d5247dede1920abfedccf6906be36d3b", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 114 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "blocklist_reports", "breakdown": {"if": 26, "for": 2, "ternary": 1, "continue": 17, "nested_bonus": 68}, "complexity": 114, "correlation_key": "fp|bfcb73d186b654ed1e0df91951c0e494d5247dede1920abfedccf6906be36d3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/blocklist.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49370, "scanner": "repobility-threat-engine", "fingerprint": "9a7b57a3cb7c4d03549c7bfd5037cd99ff28196df40a1af289521ab8b187a176", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(try_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a7b57a3cb7c4d03549c7bfd5037cd99ff28196df40a1af289521ab8b187a176"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/api_scanner.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49369, "scanner": "repobility-threat-engine", "fingerprint": "69a4850ee8afd2ceb8e1cc02974eb2f40566ef6859d161e82cf809db1c9e263e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(\n        WAYBACK_CDX_URL", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69a4850ee8afd2ceb8e1cc02974eb2f40566ef6859d161e82cf809db1c9e263e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 49368, "scanner": "repobility-threat-engine", "fingerprint": "9a1c0785cbe00443d6ebddac07c24dc378a7fbd1c9cc612124dcf49a3260330a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(C", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9a1c0785cbe00443d6ebddac07c24dc378a7fbd1c9cc612124dcf49a3260330a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49367, "scanner": "repobility-supply-chain", "fingerprint": "2661aa92e5bec8e83e326f80aacc994e3ab062aedb46b7cbdf27265c83b435a6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2661aa92e5bec8e83e326f80aacc994e3ab062aedb46b7cbdf27265c83b435a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-unit.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49366, "scanner": "repobility-supply-chain", "fingerprint": "d15fef896db3ea49bc1098dd505769622ea70d067665dac8940ad650121b2404", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d15fef896db3ea49bc1098dd505769622ea70d067665dac8940ad650121b2404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_no_translations_to_update.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49365, "scanner": "repobility-supply-chain", "fingerprint": "1499e8a1188c6566ad2b9aabab8400479eb332cfc678656baeaf52f811fb2998", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1499e8a1188c6566ad2b9aabab8400479eb332cfc678656baeaf52f811fb2998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_no_translations_to_update.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `python:3.13-alpine3.20` unpinned"}, "properties": {"repobilityId": 49364, "scanner": "repobility-supply-chain", "fingerprint": "f3c8e6ca676c79ba7b6ecaf7ac877109320e79c77d7c3575b91e90cb36f7cc54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f3c8e6ca676c79ba7b6ecaf7ac877109320e79c77d7c3575b91e90cb36f7cc54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fix_dependabot_pull_requests.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49363, "scanner": "repobility-supply-chain", "fingerprint": "829f0bb47015fd28426e8b81ce0498b1cf96a7581d8688ea2e2b29918400845c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|829f0bb47015fd28426e8b81ce0498b1cf96a7581d8688ea2e2b29918400845c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fix_dependabot_pull_requests.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49362, "scanner": "repobility-supply-chain", "fingerprint": "80c0427d6a0ecd0c648221887bef9f2e6113c6c5c926537b6e0ea8dff14a79e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80c0427d6a0ecd0c648221887bef9f2e6113c6c5c926537b6e0ea8dff14a79e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test_long_running.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49361, "scanner": "repobility-supply-chain", "fingerprint": "442fd408c49d7d62057b8a5384cc8c3152ec1b6d677c63f829fc98ae9d7e77fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|442fd408c49d7d62057b8a5384cc8c3152ec1b6d677c63f829fc98ae9d7e77fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker_release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49360, "scanner": "repobility-supply-chain", "fingerprint": "310a52137d95d4d9de6c0178605021e7d695684d2b0ad48e9d76951075f84f44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|310a52137d95d4d9de6c0178605021e7d695684d2b0ad48e9d76951075f84f44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/liccheck.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49359, "scanner": "repobility-supply-chain", "fingerprint": "92d62539889e6eee4b0f09520b18158e6c6d71083f7a9219d3956c2128e4d398", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92d62539889e6eee4b0f09520b18158e6c6d71083f7a9219d3956c2128e4d398"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/liccheck.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49358, "scanner": "repobility-supply-chain", "fingerprint": "fed96f9b88efc6aa8a26fdc82cc205fa12dbee4e8c71848b847ad8848c5c0f8a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fed96f9b88efc6aa8a26fdc82cc205fa12dbee4e8c71848b847ad8848c5c0f8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-e2e.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49357, "scanner": "repobility-supply-chain", "fingerprint": "25b49d6a9ec591ce8623a9ff2ed9a328039301b7db491cd69fec622c855abd6a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25b49d6a9ec591ce8623a9ff2ed9a328039301b7db491cd69fec622c855abd6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49356, "scanner": "repobility-supply-chain", "fingerprint": "ec871615cdf48230a998ab4780bee4dcae78b170e5e2d6bf9665f538acf0e87a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec871615cdf48230a998ab4780bee4dcae78b170e5e2d6bf9665f538acf0e87a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 49355, "scanner": "repobility-supply-chain", "fingerprint": "1cbb8da0eccedb5f014a4469ce4d67027a419b17deac062cba57e79e748711d0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1cbb8da0eccedb5f014a4469ce4d67027a419b17deac062cba57e79e748711d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker_nightly.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `alpine:3.20` not pinned by digest"}, "properties": {"repobilityId": 49354, "scanner": "repobility-supply-chain", "fingerprint": "6423b0ecdd398ee301f086156956630ab0f1fd756f24ec9b81a9158ad8fd1a76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6423b0ecdd398ee301f086156956630ab0f1fd756f24ec9b81a9158ad8fd1a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/ssh_bad_keys/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.10-slim` not pinned by digest"}, "properties": {"repobilityId": 49353, "scanner": "repobility-supply-chain", "fingerprint": "e7f0b8878d76b93ab227691e9fe2a2e2950b3b38d699c9ea16943109bdf36bcf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e7f0b8878d76b93ab227691e9fe2a2e2950b3b38d699c9ea16943109bdf36bcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/flask_vulnerable_api/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.10-slim` not pinned by digest"}, "properties": {"repobilityId": 49352, "scanner": "repobility-supply-chain", "fingerprint": "733c2ef16c242eb92e355ef236090d8c297815517b370c2ce50a5e8efffe2b55", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|733c2ef16c242eb92e355ef236090d8c297815517b370c2ce50a5e8efffe2b55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/data/dast_vuln_app/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `php:8.0-apache` not pinned by digest"}, "properties": {"repobilityId": 49351, "scanner": "repobility-supply-chain", "fingerprint": "44acba024ee51a5f66b6c5c3bfae6b14af75b8b5cdcdf19ff95e2775ad9c15de", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44acba024ee51a5f66b6c5c3bfae6b14af75b8b5cdcdf19ff95e2775ad9c15de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-postgres/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `nginx:1.29.0` not pinned by digest"}, "properties": {"repobilityId": 49350, "scanner": "repobility-supply-chain", "fingerprint": "78d22dfd3d5d8c103132eefe96143191d70f415c7ac86c2a604db5f703b8fdd3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|78d22dfd3d5d8c103132eefe96143191d70f415c7ac86c2a604db5f703b8fdd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/nginx-with-sni-tls/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `php:8.0-apache` not pinned by digest"}, "properties": {"repobilityId": 49349, "scanner": "repobility-supply-chain", "fingerprint": "133cc626757d0e34516e875b8371a27d147a74f64ce5a89462430748a262a85f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|133cc626757d0e34516e875b8371a27d147a74f64ce5a89462430748a262a85f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/images/php-mysql/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.13.3-alpine3.20` not pinned by digest"}, "properties": {"repobilityId": 49348, "scanner": "repobility-supply-chain", "fingerprint": "f25de9d1792edb673eff75f5c37018270b32a71fc7a97f48742c47959b37c998", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f25de9d1792edb673eff75f5c37018270b32a71fc7a97f48742c47959b37c998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `libmailgoose @ git+https://github.com/CERT-Polska/...` (git/URL)"}, "properties": {"repobilityId": 49347, "scanner": "repobility-supply-chain", "fingerprint": "390cb34d30c9606af092bee3f0e8d09afce9de678adee0f00178664b38ce3c4a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|390cb34d30c9606af092bee3f0e8d09afce9de678adee0f00178664b38ce3c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/requirements.txt"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "requirements.txt installs from `libmailgoose @ git+https://github.com/CERT-Polska/...` (git/URL)"}, "properties": {"repobilityId": 49346, "scanner": "repobility-supply-chain", "fingerprint": "4ed9deeea5678393fe554b69c02d10bdbe378965da68c52520bc310e2669409c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ed9deeea5678393fe554b69c02d10bdbe378965da68c52520bc310e2669409c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.3.0`"}, "properties": {"repobilityId": 49345, "scanner": "repobility-supply-chain", "fingerprint": "61d7d0dcc32726222a7406f84d26f95daf8e19ebd55e0dae85a1f652a22745f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61d7d0dcc32726222a7406f84d26f95daf8e19ebd55e0dae85a1f652a22745f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.19.1`"}, "properties": {"repobilityId": 49344, "scanner": "repobility-supply-chain", "fingerprint": "d4a5d0d5dc7a8601a258c754a17b755f23deb173b5746354327822f8caec373a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4a5d0d5dc7a8601a258c754a17b755f23deb173b5746354327822f8caec373a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pycqa/isort` pinned to mutable rev `8.0.0`"}, "properties": {"repobilityId": 49343, "scanner": "repobility-supply-chain", "fingerprint": "99fb91ef2dbbf2fbc130cb8c615b4fc75afd8f6819889fd99e76af2ff266a82a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|99fb91ef2dbbf2fbc130cb8c615b4fc75afd8f6819889fd99e76af2ff266a82a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/psf/black` pinned to mutable rev `26.1.0`"}, "properties": {"repobilityId": 49342, "scanner": "repobility-supply-chain", "fingerprint": "992b4e926b317cdf9f008a8db9068c88f78e6389e67cd6411866622163554e74", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|992b4e926b317cdf9f008a8db9068c88f78e6389e67cd6411866622163554e74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`"}, "properties": {"repobilityId": 49341, "scanner": "repobility-supply-chain", "fingerprint": "7d6eb8afb666cf3c56fa0abc46036bcc52e657a57a1a639516377b0302928728", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d6eb8afb666cf3c56fa0abc46036bcc52e657a57a1a639516377b0302928728"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /build-html-message has no auth"}, "properties": {"repobilityId": 49340, "scanner": "repobility-route-auth", "fingerprint": "b6f851ab0fb58e3485f8b5fc8352d2fd754e587d77bc95137b20f346660a9525", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b6f851ab0fb58e3485f8b5fc8352d2fd754e587d77bc95137b20f346660a9525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/api.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /export has no auth"}, "properties": {"repobilityId": 49339, "scanner": "repobility-route-auth", "fingerprint": "e948fc9277f0ff5555b9923b46392f9e08ba367ab1dbbbcc65057f1aad4d52db", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e948fc9277f0ff5555b9923b46392f9e08ba367ab1dbbbcc65057f1aad4d52db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 279}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /build-html-message has no auth"}, "properties": {"repobilityId": 49338, "scanner": "repobility-route-auth", "fingerprint": "66d6cc2c28b8f24520d2917f7ea6eaf6d4bd4515eb1c5132f3efc647534b9dd9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|66d6cc2c28b8f24520d2917f7ea6eaf6d4bd4515eb1c5132f3efc647534b9dd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /export/delete/{id} has no auth"}, "properties": {"repobilityId": 49337, "scanner": "repobility-route-auth", "fingerprint": "bfbd062f5178b9020ec7924694d2a6528a3fe6da24055ccea5fc41a74c3d0877", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|bfbd062f5178b9020ec7924694d2a6528a3fe6da24055ccea5fc41a74c3d0877"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /archive-tag has no auth"}, "properties": {"repobilityId": 49336, "scanner": "repobility-route-auth", "fingerprint": "40aab2c594b15fd24bc60286154d85a884dc3e5e308a573f965a1105a8b97a10", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|40aab2c594b15fd24bc60286154d85a884dc3e5e308a573f965a1105a8b97a10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /stop-and-delete-analysis has no auth"}, "properties": {"repobilityId": 49335, "scanner": "repobility-route-auth", "fingerprint": "99608eb6c227b46333e43684bd544df0a99bb9c469a6d862c8c80e16b9ffe7ab", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|99608eb6c227b46333e43684bd544df0a99bb9c469a6d862c8c80e16b9ffe7ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /add has no auth"}, "properties": {"repobilityId": 49334, "scanner": "repobility-route-auth", "fingerprint": "9d4c95a6c499f4436644005b4023149c8832390f0582a46e8be945c00765b5ac", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|9d4c95a6c499f4436644005b4023149c8832390f0582a46e8be945c00765b5ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /logout has no auth"}, "properties": {"repobilityId": 49333, "scanner": "repobility-route-auth", "fingerprint": "1930a5fc2017da3dd0b43c44107b14e5ec590b0fc933a1a2605edf44cecbc54a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1930a5fc2017da3dd0b43c44107b14e5ec590b0fc933a1a2605edf44cecbc54a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /login has no auth"}, "properties": {"repobilityId": 49332, "scanner": "repobility-route-auth", "fingerprint": "c634959c15ceee0c83e3c9bbcdc011ecee0d5d88a33ae855fad094656043f1fc", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c634959c15ceee0c83e3c9bbcdc011ecee0d5d88a33ae855fad094656043f1fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_malformed_jsonl_lines_are_skipped_not_raised"}, "properties": {"repobilityId": 49318, "scanner": "repobility-ast-engine", "fingerprint": "8c817a99590fd263cb9d7a699aa62b1bfecf514bb6b5de4748a78f041e5e4ee2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c817a99590fd263cb9d7a699aa62b1bfecf514bb6b5de4748a78f041e5e4ee2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/test_crawling_pipeline.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_deserialize"}, "properties": {"repobilityId": 49317, "scanner": "repobility-ast-engine", "fingerprint": "87061b5df8ec732e892965d69ab81cec18966e3c3021533369a7c1c00841f6f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87061b5df8ec732e892965d69ab81cec18966e3c3021533369a7c1c00841f6f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/test_module_runtime_configuration.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_results_cached_per_domain"}, "properties": {"repobilityId": 49316, "scanner": "repobility-ast-engine", "fingerprint": "c62fcba960b69dadb7f85c0773965b0b14c1195dccca25b1827b899045095fd4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c62fcba960b69dadb7f85c0773965b0b14c1195dccca25b1827b899045095fd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/test_wayback_parameters.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_simple"}, "properties": {"repobilityId": 49315, "scanner": "repobility-ast-engine", "fingerprint": "c70ebef7901d6df64da64ecc86e3f52f18b06dc35db434fb98e65583efdd3c7e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c70ebef7901d6df64da64ecc86e3f52f18b06dc35db434fb98e65583efdd3c7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/modules/test_ip_lookup.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parsing"}, "properties": {"repobilityId": 49314, "scanner": "repobility-ast-engine", "fingerprint": "8a95b8c5fd7fe5e3a36f743eb4b6bd1924282e4ebe4dd2ca45f43ec5cad15d6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a95b8c5fd7fe5e3a36f743eb4b6bd1924282e4ebe4dd2ca45f43ec5cad15d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/modules/test_classifier.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_skipping_public_suffixes"}, "properties": {"repobilityId": 49313, "scanner": "repobility-ast-engine", "fingerprint": "9864ed01ac427051805d6942c8b9b1aa22615039b786d0df90d3d96c38ce2840", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9864ed01ac427051805d6942c8b9b1aa22615039b786d0df90d3d96c38ce2840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/modules/test_classifier.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_simple"}, "properties": {"repobilityId": 49312, "scanner": "repobility-ast-engine", "fingerprint": "534af8f8fffa4d39a203fea73830838880895ff9fd905885cc3a3da72d503e46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|534af8f8fffa4d39a203fea73830838880895ff9fd905885cc3a3da72d503e46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/modules/test_reverse_dns_lookup.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ftp"}, "properties": {"repobilityId": 49311, "scanner": "repobility-ast-engine", "fingerprint": "1ed20679620324a5a662ab81b3441eac633b499ab325c000f612e713d7615cde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ed20679620324a5a662ab81b3441eac633b499ab325c000f612e713d7615cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/test_ftp.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ftp_ip_range"}, "properties": {"repobilityId": 49310, "scanner": "repobility-ast-engine", "fingerprint": "34890447ee1724de8e72ac1c385ae8413962d44859f704ee89ea26854809d0b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34890447ee1724de8e72ac1c385ae8413962d44859f704ee89ea26854809d0b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/test_ftp.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ftp_only_port"}, "properties": {"repobilityId": 49309, "scanner": "repobility-ast-engine", "fingerprint": "5240c829a358d13ad362f91aa698fac7f14f77435b3b0bb8ef2ed5e9ac482768", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5240c829a358d13ad362f91aa698fac7f14f77435b3b0bb8ef2ed5e9ac482768"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/test_ftp.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_modules_enabling"}, "properties": {"repobilityId": 49308, "scanner": "repobility-ast-engine", "fingerprint": "fd267d3447228bf100cc0de0dc89867323fb2b5b07ccc307a7556553bce72d9d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd267d3447228bf100cc0de0dc89867323fb2b5b07ccc307a7556553bce72d9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/e2e/test_modules_enabling.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_no_request_when_index_cached"}, "properties": {"repobilityId": 49307, "scanner": "repobility-ast-engine", "fingerprint": "05c080f738b745c95d80477c6d5e42b2df7405c0bb16a417c1a6075259acbc1a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05c080f738b745c95d80477c6d5e42b2df7405c0bb16a417c1a6075259acbc1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/test_wordfence.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.check_response` used but never assigned in __init__"}, "properties": {"repobilityId": 49301, "scanner": "repobility-ast-engine", "fingerprint": "e408b2c7a4d56db9e8d05b3f27920726d93a92a14ce61a9284d9d7d754e206cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e408b2c7a4d56db9e8d05b3f27920726d93a92a14ce61a9284d9d7d754e206cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/placeholder_page_detector.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49299, "scanner": "repobility-ast-engine", "fingerprint": "8e2a0b0143b4729fdbce05e5321c6e02427a27a3db3bc952b6914aa5955c7f3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e2a0b0143b4729fdbce05e5321c6e02427a27a3db3bc952b6914aa5955c7f3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 710}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.dict_to_str` used but never assigned in __init__"}, "properties": {"repobilityId": 49298, "scanner": "repobility-ast-engine", "fingerprint": "d5cf4ecbf7010ba053c6d6562d8bdbfd8d14bf158248c6f01c7200c7d3e0ef16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5cf4ecbf7010ba053c6d6562d8bdbfd8d14bf158248c6f01c7200c7d3e0ef16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 668}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.task_to_dict` used but never assigned in __init__"}, "properties": {"repobilityId": 49297, "scanner": "repobility-ast-engine", "fingerprint": "c970fac10f4e86983fed2fa7cd4fda0487b10e60e350a38b993509ed3a83e073", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c970fac10f4e86983fed2fa7cd4fda0487b10e60e350a38b993509ed3a83e073"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 655}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49296, "scanner": "repobility-ast-engine", "fingerprint": "05a79921e89eacf8e72aaeeb4a361ee30ab72344152961b75040b46bcc4ef2f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05a79921e89eacf8e72aaeeb4a361ee30ab72344152961b75040b46bcc4ef2f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 543}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._iter_results` used but never assigned in __init__"}, "properties": {"repobilityId": 49295, "scanner": "repobility-ast-engine", "fingerprint": "aa506b5ac286343abbe7984c25564497e7a521a67011ea2646905f0ef9c65289", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa506b5ac286343abbe7984c25564497e7a521a67011ea2646905f0ef9c65289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 540}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49294, "scanner": "repobility-ast-engine", "fingerprint": "31a1484a692c4b6dd4b335ae7e25caef8b357fecd5802312eba488412902026e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31a1484a692c4b6dd4b335ae7e25caef8b357fecd5802312eba488412902026e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._iter_results` used but never assigned in __init__"}, "properties": {"repobilityId": 49293, "scanner": "repobility-ast-engine", "fingerprint": "6525ee3541ce837a2d943b3ed53bbde4f1f40f2600dda1a40df5bcfb326f03a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6525ee3541ce837a2d943b3ed53bbde4f1f40f2600dda1a40df5bcfb326f03a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 523}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._iter_results` used but never assigned in __init__"}, "properties": {"repobilityId": 49292, "scanner": "repobility-ast-engine", "fingerprint": "b174013ccb093027d297c5047b64e48b5ec8f3b762c827ed53eea9c43a725484", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b174013ccb093027d297c5047b64e48b5ec8f3b762c827ed53eea9c43a725484"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_task_deduplication_data` used but never assigned in __init__"}, "properties": {"repobilityId": 49291, "scanner": "repobility-ast-engine", "fingerprint": "dd0f243fb5dd94504a193bb33d21f73943292b9f05a6faa95d48c0bc93280b46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd0f243fb5dd94504a193bb33d21f73943292b9f05a6faa95d48c0bc93280b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 485}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49290, "scanner": "repobility-ast-engine", "fingerprint": "4e157a1882208c5e12dc3cd9af4ae0c4c7200a04b479be0a615386d28664e38d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e157a1882208c5e12dc3cd9af4ae0c4c7200a04b479be0a615386d28664e38d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 452}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._to_postgresql_query` used but never assigned in __init__"}, "properties": {"repobilityId": 49289, "scanner": "repobility-ast-engine", "fingerprint": "bc3a9a00aa65527c23443f9dbf9358dec680ad7183dbc5dba9ac27c8c9ed37b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc3a9a00aa65527c23443f9dbf9358dec680ad7183dbc5dba9ac27c8c9ed37b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 423}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49288, "scanner": "repobility-ast-engine", "fingerprint": "ded106fff4dfe5888fc5f5b2cc5810b989c93a9414bbb036bcf5ad172742396b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ded106fff4dfe5888fc5f5b2cc5810b989c93a9414bbb036bcf5ad172742396b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 437}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._to_postgresql_query` used but never assigned in __init__"}, "properties": {"repobilityId": 49287, "scanner": "repobility-ast-engine", "fingerprint": "2ece36c05b330d27b9e7db17391ff6f32312ae0aca42db37bacacd02ad1408a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ece36c05b330d27b9e7db17391ff6f32312ae0aca42db37bacacd02ad1408a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 384}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49286, "scanner": "repobility-ast-engine", "fingerprint": "73e9f3255453ae6aa1f742f96d1aed5205ef6157efaad27b578a18cd361743e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73e9f3255453ae6aa1f742f96d1aed5205ef6157efaad27b578a18cd361743e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49285, "scanner": "repobility-ast-engine", "fingerprint": "dfcd897dacc5573aa53c1b0322de3c94c912dbcabab5393168a36e86b00a1364", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dfcd897dacc5573aa53c1b0322de3c94c912dbcabab5393168a36e86b00a1364"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.task_to_dict` used but never assigned in __init__"}, "properties": {"repobilityId": 49284, "scanner": "repobility-ast-engine", "fingerprint": "09b8e5c6fa90a6a742ed85738dc1ba961f4a9840e84425f6f2164166d96f3a46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09b8e5c6fa90a6a742ed85738dc1ba961f4a9840e84425f6f2164166d96f3a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.task_to_dict` used but never assigned in __init__"}, "properties": {"repobilityId": 49283, "scanner": "repobility-ast-engine", "fingerprint": "08b36c3389bfbbc85a34f2ade373f5dc98a1b81160aa5daf167ffc8e0d3f592f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08b36c3389bfbbc85a34f2ade373f5dc98a1b81160aa5daf167ffc8e0d3f592f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._strip_internal_db_info` used but never assigned in __init__"}, "properties": {"repobilityId": 49282, "scanner": "repobility-ast-engine", "fingerprint": "ecd46107f4dfb39f1ac8e7479f8605e3f02cdc83f46f2bded6ee3ffa9a7c8861", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecd46107f4dfb39f1ac8e7479f8605e3f02cdc83f46f2bded6ee3ffa9a7c8861"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 49281, "scanner": "repobility-ast-engine", "fingerprint": "ed8fd4e33c0931d5a34bca30d221e2a5eded2daa0306bab6e03fbb2dc9ae1c1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed8fd4e33c0931d5a34bca30d221e2a5eded2daa0306bab6e03fbb2dc9ae1c1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/db.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._rotate_logs` used but never assigned in __init__"}, "properties": {"repobilityId": 49280, "scanner": "repobility-ast-engine", "fingerprint": "2998096b51c7e459a38596ab3f3be54622abf0d9a8a9f5b6d5cc0f98a87c2fa5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2998096b51c7e459a38596ab3f3be54622abf0d9a8a9f5b6d5cc0f98a87c2fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/karton_logger.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.content` used but never assigned in __init__"}, "properties": {"repobilityId": 49279, "scanner": "repobility-ast-engine", "fingerprint": "4e286748f0c0416eb478838ed77070c456af38cdacb058539375971ecdf3006d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e286748f0c0416eb478838ed77070c456af38cdacb058539375971ecdf3006d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/http_requests.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.content` used but never assigned in __init__"}, "properties": {"repobilityId": 49277, "scanner": "repobility-ast-engine", "fingerprint": "7bc74f3390e183168a2b1cf0ac9cd450783b00079964491fea520b472917a4d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bc74f3390e183168a2b1cf0ac9cd450783b00079964491fea520b472917a4d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/http_requests.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.release` used but never assigned in __init__"}, "properties": {"repobilityId": 49273, "scanner": "repobility-ast-engine", "fingerprint": "c280bc4b1561bfa034535743b84da5417bc099968ac42ee7fb56c428dc0e1e63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c280bc4b1561bfa034535743b84da5417bc099968ac42ee7fb56c428dc0e1e63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/resource_lock.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.acquire` used but never assigned in __init__"}, "properties": {"repobilityId": 49271, "scanner": "repobility-ast-engine", "fingerprint": "d67fda408819547b3ffac0b71b6f50c99822bc59da7fa15c81c39aace833781f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d67fda408819547b3ffac0b71b6f50c99822bc59da7fa15c81c39aace833781f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/resource_lock.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/delete/{id}."}, "properties": {"repobilityId": 6471, "scanner": "repobility-access-control", "fingerprint": "a90bab55e60bb39d379d65995a1a7986892f54fb575ac9d44da1a57fd3d990ea", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/api.py|251|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 6470, "scanner": "repobility-access-control", "fingerprint": "0afb9d4502e482301abc3c224a3d9fbebb25578344426bf90c817a9cb7d91b2c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/api.py|245|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/api.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /task/{task_id}."}, "properties": {"repobilityId": 6469, "scanner": "repobility-access-control", "fingerprint": "6295c01ec0775a690a6ec3c6bb8827687d7b1140229a13ea60639cf732bc848f", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/task/{task_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|524|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 524}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /analysis/{root_id}."}, "properties": {"repobilityId": 6468, "scanner": "repobility-access-control", "fingerprint": "3401e686172ffb6509c6bfea24ce2251acd367cd91da08f6f811adf96f154ef4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/{root_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|481|cwe-639", "identity_targets": ["unknown", "owner", "admin", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /analysis/get-pending-tasks/{analysis_id}."}, "properties": {"repobilityId": 6467, "scanner": "repobility-access-control", "fingerprint": "e320e6fbaf685a4dc4bd56a8059994adf8213f60c5ae7d4855c23844aa576050", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/get-pending-tasks/{analysis_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|396|cwe-639", "identity_targets": ["unknown", "owner", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 396}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /analysis/remove-pending-tasks/{analysis_id}."}, "properties": {"repobilityId": 6466, "scanner": "repobility-access-control", "fingerprint": "edc27f89fcac4dadd1c44e978cd0d3acfaecf9c62748e2ac8f5fb18671c939bc", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/analysis/remove-pending-tasks/{analysis_id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|380|cwe-639", "identity_targets": ["unknown", "owner", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 380}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/download-zip/{id}."}, "properties": {"repobilityId": 6465, "scanner": "repobility-access-control", "fingerprint": "423a32dd2826f1884224af2817c9cad2f55592f0c4d0970dac658a3c46932d79", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/download-zip/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|339|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 339}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /export/confirm-delete/{id}."}, "properties": {"repobilityId": 6464, "scanner": "repobility-access-control", "fingerprint": "057ea79a07e7b94790ac64da8558e43c1b6ed4f1fa4d52b4a732cef3ac4e6516", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/confirm-delete/{id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|313|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /export/view/{id}."}, "properties": {"repobilityId": 6463, "scanner": "repobility-access-control", "fingerprint": "eab8638bde003984b7938dc7920838db4f92341478c58bb2321af82a0ceb156e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/view/{id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|artemis/frontend.py|261|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/frontend.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 6395, "scanner": "repobility-threat-engine", "fingerprint": "1801c2e7f7d503cdbdd31ba3321f77e178784232811d1aefc57f0301209063e3", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(os.path.dirname(__file__), \"data\", \"dast_params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|artemis/modules/nuclei.py|145|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/modules/nuclei.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 6394, "scanner": "repobility-threat-engine", "fingerprint": "491bdceabdfa586753f5f0164ae43e0f24099cf547b18f9a2c498f7d2eaceb8a", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(self.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|80|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/create_development_docker_compose.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 6393, "scanner": "repobility-threat-engine", "fingerprint": "8d6727fd01268f5af97af9260549b7a3a756677c113cf218d712d05591689327", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(params", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|artemis/crawling.py|114|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/crawling.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `ssl` used but not imported"}, "properties": {"repobilityId": 49329, "scanner": "repobility-ast-engine", "fingerprint": "bd4c1c04dd5660b91ff35ff4f4ace4ef34137e48ce7118d3efe5d5d53d9a981f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd4c1c04dd5660b91ff35ff4f4ace4ef34137e48ce7118d3efe5d5d53d9a981f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/modules/mail_dns_scanner/reporter.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 49327, "scanner": "repobility-ast-engine", "fingerprint": "946160be1ea2d3df33745c8872735d9b80f20d937033a10e6c81d9110bef7984", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|946160be1ea2d3df33745c8872735d9b80f20d937033a10e6c81d9110bef7984"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/reporting/export/main.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 49306, "scanner": "repobility-ast-engine", "fingerprint": "8e9a5b0b9a0e0e08c2da5163fa1036e45e52e43f435852494770843b7e72121a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e9a5b0b9a0e0e08c2da5163fa1036e45e52e43f435852494770843b7e72121a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/karton_utils.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 6412, "scanner": "repobility-docker", "fingerprint": "e4ee2c3f9e3e3a80747dd972714e4c28d4afa8c80e1fb70f181d18423a110b40", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|e4ee2c3f9e3e3a80747dd972714e4c28d4afa8c80e1fb70f181d18423a110b40", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 6392, "scanner": "repobility-threat-engine", "fingerprint": "bef982e2278a9ef9063816485bf1b63af85b9ddafd7937e8887000b05763adf3", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|artemis/config.py|2|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "artemis/config.py"}, "region": {"startLine": 24}}}]}]}]}