{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC089", "name": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended ", "shortDescription": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "fullDescription": {"text": "Bind to `127.0.0.1:PORT` and front with a reverse proxy."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 61 more): Same pattern found in 61 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 61 more): Same pattern found in 61 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `codegen/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `codegen/gradle/wrapper/gra", "shortDescription": {"text": "[MINED134] Binary file `codegen/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `codegen/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (59,536 bytes) committed to a repo that otherwise has 28647 source files. Trojan binar"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at work", "shortDescription": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise"}, "fullDescription": {"text": "Replace with: `uses: actions/github-script@<40-char-sha>  # v7` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` \u2014 points to a LOCAL path: `repl", "shortDescription": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/internal/presigned-url => ../../../service/internal/presigned-url/` overrides t"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_req", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltr"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1293"}, "properties": {"repository": "aws/aws-sdk-go-v2", "repoUrl": "https://github.com/aws/aws-sdk-go-v2", "branch": "main"}, "results": [{"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 131207, "scanner": "repobility-agent-runtime", "fingerprint": "3ffd14100f14a7c13eb39e98152092076f636e563ef851f80c375978d7ca82f9", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3ffd14100f14a7c13eb39e98152092076f636e563ef851f80c375978d7ca82f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "codegen/sdk-codegen/aws-models/tnb.json"}, "region": {"startLine": 1101}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 131206, "scanner": "repobility-agent-runtime", "fingerprint": "c652a1f1489a4889d0354d14f291e87cd04596a8a9363eece86d578cb7bb3dd7", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c652a1f1489a4889d0354d14f291e87cd04596a8a9363eece86d578cb7bb3dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "codegen/sdk-codegen/aws-models/mailmanager.json"}, "region": {"startLine": 287}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 131171, "scanner": "repobility-threat-engine", "fingerprint": "473f78b33d2de13e713d4d41f75695d0a434471c0dde2011ce572efa64d8283d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServeTLS(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|473f78b33d2de13e713d4d41f75695d0a434471c0dde2011ce572efa64d8283d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/awstesting/certificate_utils.go"}, "region": {"startLine": 228}}}]}, {"ruleId": "SEC089", "level": "warning", "message": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "properties": {"repobilityId": 131170, "scanner": "repobility-threat-engine", "fingerprint": "8883d0ee4dfbd45ca40da2ba6e3330bb3bb45cd46b3dcb02a39698d9d475a356", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Listen(\"tcp\", ip+\":0\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC089", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8883d0ee4dfbd45ca40da2ba6e3330bb3bb45cd46b3dcb02a39698d9d475a356"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/awstesting/certificate_utils.go"}, "region": {"startLine": 198}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 131208, "scanner": "repobility-web-presence", "fingerprint": "8e7c83ec7d5751f312b0be8d1d18bc4954610f359ca40c4f21ea9197a3136147", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|8e7c83ec7d5751f312b0be8d1d18bc4954610f359ca40c4f21ea9197a3136147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/middleware/user_agent_test.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131205, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a65b8d5f1df48b994de2a2973a0f9bb16d3b185e2c3b4a1915625489cf9e754", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/protocoltest/awsrestjson/api_op_DuplexStream.go", "duplicate_line": 1, "correlation_key": "fp|8a65b8d5f1df48b994de2a2973a0f9bb16d3b185e2c3b4a1915625489cf9e754"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DuplexStreamWithInitialMessages.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131204, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b53fb00a29f69eaaa724c51f17db8bbbea6b0f05a200fcf9a75021ef853e994", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 107, "correlation_key": "fp|3b53fb00a29f69eaaa724c51f17db8bbbea6b0f05a200fcf9a75021ef853e994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DuplexStreamWithDistinctStreams.go"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131203, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f9b3d510cb70ff72acbb672200e7e813c6eb57aee34bd8bed48085ca362d5bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/protocoltest/awsrestjson/api_op_DuplexStream.go", "duplicate_line": 1, "correlation_key": "fp|4f9b3d510cb70ff72acbb672200e7e813c6eb57aee34bd8bed48085ca362d5bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DuplexStreamWithDistinctStreams.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a3c569ec5143de0857aba7242c81c63db411fb3e7a8c7ce6fd3dfb4c76ef878", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 107, "correlation_key": "fp|2a3c569ec5143de0857aba7242c81c63db411fb3e7a8c7ce6fd3dfb4c76ef878"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DuplexStream.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "471d7fcb225630d81583770390cbcfee56c16a9bad40b25eb9f68f66a6f892ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|471d7fcb225630d81583770390cbcfee56c16a9bad40b25eb9f68f66a6f892ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DocumentTypeAsPayload.go"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1f684a916292b4a4565f92fa23f204149dab23e07adcb0b188cc5c60bf0c981", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/protocoltest/awsrestjson/api_op_DocumentType.go", "duplicate_line": 1, "correlation_key": "fp|c1f684a916292b4a4565f92fa23f204149dab23e07adcb0b188cc5c60bf0c981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DocumentTypeAsPayload.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11dcf485310d948c5dc014b99797cb38325feb481f3bea04c05a381fedb29e73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|11dcf485310d948c5dc014b99797cb38325feb481f3bea04c05a381fedb29e73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DocumentTypeAsMapValue.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03ff6c879d24649b5572d0392d0de4500234629750d0274a0e84a564a16da8d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|03ff6c879d24649b5572d0392d0de4500234629750d0274a0e84a564a16da8d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DocumentType.go"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e853b93f35d8cf15c877e5946f33718a184c651296e8e9eb09ad890be97a36e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|7e853b93f35d8cf15c877e5946f33718a184c651296e8e9eb09ad890be97a36e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_DatetimeOffsets.go"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131196, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44ce7f37ab7b2fec31da323c56a671961de56807406cbcf7ad69241b86790a41", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|44ce7f37ab7b2fec31da323c56a671961de56807406cbcf7ad69241b86790a41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_ContentTypeParameters.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131195, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b99c309091da2a9329ce8aad19809c628cb9ed6768d0c5c44e26bf705478d00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|2b99c309091da2a9329ce8aad19809c628cb9ed6768d0c5c44e26bf705478d00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_ConstantQueryString.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131194, "scanner": "repobility-ai-code-hygiene", "fingerprint": "205be5c8f388eb143128fcf2491a74f707183842b6bc1e627a2b9cc53cf354cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|205be5c8f388eb143128fcf2491a74f707183842b6bc1e627a2b9cc53cf354cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_ConstantAndVariableQueryString.go"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131193, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99dbf1e77b633a564618e8208bddb1a0715fdaae1676a91abdc246555d29b383", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kitchensinktest/api_op_GetItem.go", "duplicate_line": 89, "correlation_key": "fp|99dbf1e77b633a564618e8208bddb1a0715fdaae1676a91abdc246555d29b383"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/api_op_AllQueryStringTypes.go"}, "region": {"startLine": 196}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131192, "scanner": "repobility-ai-code-hygiene", "fingerprint": "742a979305a97deb04d85fe1784cbf63ae2ff14e48e51a00c5ff4029c841b45c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/endpoints/endpoints.go", "duplicate_line": 95, "correlation_key": "fp|742a979305a97deb04d85fe1784cbf63ae2ff14e48e51a00c5ff4029c841b45c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/endpoints/v2/endpoints.go"}, "region": {"startLine": 171}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131191, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd403b26112bf3695aac0657095acd16cfaa68bfc21943db64fc30f1531ed714", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "config/provider.go", "duplicate_line": 86, "correlation_key": "fp|cd403b26112bf3695aac0657095acd16cfaa68bfc21943db64fc30f1531ed714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/configsources/endpoints.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131190, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57645b595ca98d7ba2808cb35030ee8ccbc7f5b4d21050783079829cc1c6022e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/manager/types.go", "duplicate_line": 13, "correlation_key": "fp|57645b595ca98d7ba2808cb35030ee8ccbc7f5b4d21050783079829cc1c6022e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/types/types.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131189, "scanner": "repobility-ai-code-hygiene", "fingerprint": "599be780f308b98da26c68dfba07842ffb2dad90c87f5ae7b0b28a83efb8fe8d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/transfermanager/api_op_DownloadObject.go", "duplicate_line": 358, "correlation_key": "fp|599be780f308b98da26c68dfba07842ffb2dad90c87f5ae7b0b28a83efb8fe8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/concurrent_reader.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131188, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16936a4e860d8fa6d2caba48e0988f919c435ce99e15e8979ec2bc517a698da4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/manager/upload.go", "duplicate_line": 553, "correlation_key": "fp|16936a4e860d8fa6d2caba48e0988f919c435ce99e15e8979ec2bc517a698da4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/api_op_UploadObject.go"}, "region": {"startLine": 626}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131187, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7179bf458929c94fdcca5ede073f914770949d2a073668483e2f3814cf1ebc6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/transfermanager/api_op_DownloadObject.go", "duplicate_line": 25, "correlation_key": "fp|a7179bf458929c94fdcca5ede073f914770949d2a073668483e2f3814cf1ebc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/api_op_GetObject.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131186, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1538096268c730df08d4a68c62ecfeee2dbd4dcaf812bdf094bfc937d6fe3aa6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/manager/internal/integration/downloader/config.go", "duplicate_line": 43, "correlation_key": "fp|1538096268c730df08d4a68c62ecfeee2dbd4dcaf812bdf094bfc937d6fe3aa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/manager/internal/integration/uploader/config.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131185, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecbc66e10ebbfbadd3997634ff268d61b7dd7b8c5b05d20ed6f9ec77eede08df", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/s3/manager/internal/integration/downloader/client.go", "duplicate_line": 11, "correlation_key": "fp|ecbc66e10ebbfbadd3997634ff268d61b7dd7b8c5b05d20ed6f9ec77eede08df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/manager/internal/integration/uploader/client.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131184, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7811a14fad0d380c41b3135b34c4239dff81b4157e9dd1697b06201fc1164f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "credentials/endpointcreds/internal/client/endpoints.go", "duplicate_line": 2, "correlation_key": "fp|a7811a14fad0d380c41b3135b34c4239dff81b4157e9dd1697b06201fc1164f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/ec2/imds/endpoints.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131183, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa9d7c6ff07b28d39203f9905ad96156831830b677e85ce00641b567778f10ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "credentials/endpointcreds/internal/client/auth.go", "duplicate_line": 2, "correlation_key": "fp|aa9d7c6ff07b28d39203f9905ad96156831830b677e85ce00641b567778f10ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/ec2/imds/auth.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131182, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef3aee07cd20833172cc2e9c6349193e26ab2882dd3cfcff5884f55788dc034d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/tag.go", "duplicate_line": 1, "correlation_key": "fp|ef3aee07cd20833172cc2e9c6349193e26ab2882dd3cfcff5884f55788dc034d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/tag.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131181, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e062ab4ce1f34ec4e0b79edca6a286c65a5f0ed0ca9f9f8f073b9fb16bf125fc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/serde_json.go", "duplicate_line": 7, "correlation_key": "fp|e062ab4ce1f34ec4e0b79edca6a286c65a5f0ed0ca9f9f8f073b9fb16bf125fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/serde_json.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131180, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7824dd1d53c8f895d019b59495a9fe9a490d8a0d3e1dca89bc3d8562b4a060d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/field_cache.go", "duplicate_line": 1, "correlation_key": "fp|a7824dd1d53c8f895d019b59495a9fe9a490d8a0d3e1dca89bc3d8562b4a060d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/field_cache.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131179, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6736182c2e77fec1cbbe8cdf038a4b2e75eab3a105f788f355d2ed5120e985c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/field.go", "duplicate_line": 1, "correlation_key": "fp|6736182c2e77fec1cbbe8cdf038a4b2e75eab3a105f788f355d2ed5120e985c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/field.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131178, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80e61c6db012e799c251261f89f1c7a3490b9861336be270d19dcdd4cb1f68a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/encode.go", "duplicate_line": 17, "correlation_key": "fp|80e61c6db012e799c251261f89f1c7a3490b9861336be270d19dcdd4cb1f68a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/encode.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131177, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb6f1c7ab7cd1402ab6f96b627ebeb590fa88a86123a5155bc3c3dfd469611ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "feature/dynamodb/attributevalue/decode.go", "duplicate_line": 12, "correlation_key": "fp|fb6f1c7ab7cd1402ab6f96b627ebeb590fa88a86123a5155bc3c3dfd469611ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dynamodbstreams/attributevalue/decode.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 131176, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1762ffb183b5d1efed19535b56ddbabb36b9153e41f82dd7150944dd162dceb6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aws/protocol/eventstream/decode.go", "duplicate_line": 1, "correlation_key": "fp|1762ffb183b5d1efed19535b56ddbabb36b9153e41f82dd7150944dd162dceb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/protocol/eventstream/encode.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 131172, "scanner": "repobility-threat-engine", "fingerprint": "f4b32fb98f151841c6cbb565c2ba564ab3b77975c6c8500be1a01187a6f0149c", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/' + service + '#Client.'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f4b32fb98f151841c6cbb565c2ba564ab3b77975c6c8500be1a01187a6f0149c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/repotools/cmd/gencrosslink/main.go"}, "region": {"startLine": 190}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 131141, "scanner": "repobility-threat-engine", "fingerprint": "5927cd96112afcc8c80ed31e9ff2ae741933814fc549efa0b1eeb13f472fbc47", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strings.Cut(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5927cd96112afcc8c80ed31e9ff2ae741933814fc549efa0b1eeb13f472fbc47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/internal/ini/strings.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 131140, "scanner": "repobility-threat-engine", "fingerprint": "bd43e4564930c185b61de2e99eca910ad0d65b9614b63ed93856ee305718e903", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = inputReader.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd43e4564930c185b61de2e99eca910ad0d65b9614b63ed93856ee305718e903"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/protocol/eventstream/eventstreamapi/middleware.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 131139, "scanner": "repobility-threat-engine", "fingerprint": "e5fea77cc0bef5e0e7cf90585e18497f839d67680e481e7ce7c84aeefacb6aa0", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = middleware.GetStackValue(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e5fea77cc0bef5e0e7cf90585e18497f839d67680e481e7ce7c84aeefacb6aa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/middleware/metadata.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED033", "level": "none", "message": {"text": "[MINED033] Go Recover Without Log (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 131169, "scanner": "repobility-threat-engine", "fingerprint": "f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f943231638a4b599d4998c0378bf64ab7b993424c24de8aad1fb711c825d941a", "aggregated_count": 2}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 131165, "scanner": "repobility-threat-engine", "fingerprint": "651eeaeb3f30cb2788eb7d34578bb476787cc2d5f03c41e1c54c1af75fcf1e00", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|651eeaeb3f30cb2788eb7d34578bb476787cc2d5f03c41e1c54c1af75fcf1e00", "aggregated_count": 16}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 131164, "scanner": "repobility-threat-engine", "fingerprint": "f22c2bd5fc5385b58ffb65fb239ca4d1d950aca15b6b22b6ef102a3d6c1b6bfc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f22c2bd5fc5385b58ffb65fb239ca4d1d950aca15b6b22b6ef102a3d6c1b6bfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/api_op_UploadDirectory.go"}, "region": {"startLine": 401}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 131163, "scanner": "repobility-threat-engine", "fingerprint": "3192936466928c7342208e343c9c35c1cd7d20049e943a7888f9503eea24dd2d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3192936466928c7342208e343c9c35c1cd7d20049e943a7888f9503eea24dd2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/transfermanager/api_op_DownloadDirectory.go"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 131162, "scanner": "repobility-threat-engine", "fingerprint": "b933d6a6b0fa43af648f38085ce33b5895237827775bc93a3e31c919f20b6459", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b933d6a6b0fa43af648f38085ce33b5895237827775bc93a3e31c919f20b6459"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/manager/internal/integration/integration.go"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 131161, "scanner": "repobility-threat-engine", "fingerprint": "b6d5cbf6c9cc9104c9109a87c5458ab74b7b4a69d65a773dbe31ddd28138b660", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6d5cbf6c9cc9104c9109a87c5458ab74b7b4a69d65a773dbe31ddd28138b660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/rds/auth/connect.go"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 131160, "scanner": "repobility-threat-engine", "fingerprint": "2a7d4a5dc1fd1b97be8b3121bf6d0d04aec0faeca8adc7f83a1dcc85ccdff976", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a7d4a5dc1fd1b97be8b3121bf6d0d04aec0faeca8adc7f83a1dcc85ccdff976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/ec2/imds/api_client.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 131159, "scanner": "repobility-threat-engine", "fingerprint": "76bad61531051af013d5338dc71261f4b915128452650239ad028ff1f1d70aa6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76bad61531051af013d5338dc71261f4b915128452650239ad028ff1f1d70aa6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dsql/auth/auth_token_generator.go"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 131156, "scanner": "repobility-threat-engine", "fingerprint": "0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0747e01c1e4cc7c685680a10247bdf051902fb12aad5f5f04c7dff411ebc5b13"}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 131152, "scanner": "repobility-threat-engine", "fingerprint": "a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a51fc5b757daa107ff993d54388f809af87b26cac35292629b20c635c24267fc", "aggregated_count": 1}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 61 more): Same pattern found in 61 additional files. Review if needed."}, "properties": {"repobilityId": 131146, "scanner": "repobility-threat-engine", "fingerprint": "b7ea1fb98624d5f58912cbaef0456510d13d01328d643ae03fa3ac1ac928f246", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 61 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b7ea1fb98624d5f58912cbaef0456510d13d01328d643ae03fa3ac1ac928f246", "aggregated_count": 61}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 131142, "scanner": "repobility-threat-engine", "fingerprint": "961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2"}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 131138, "scanner": "repobility-threat-engine", "fingerprint": "99b90fbb76eeeb7739d6af5179136dc40c6e14ead47a253dcc15f55e0c3f63e8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|99b90fbb76eeeb7739d6af5179136dc40c6e14ead47a253dcc15f55e0c3f63e8", "aggregated_count": 6}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 131137, "scanner": "repobility-threat-engine", "fingerprint": "e0ace329a81f06c0b96dd14b15ee6d88356d46fe33f75c144ba3c3234b4fd8a6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e0ace329a81f06c0b96dd14b15ee6d88356d46fe33f75c144ba3c3234b4fd8a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/awstesting/certificate_utils.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 131136, "scanner": "repobility-threat-engine", "fingerprint": "68e75e97f994318643607fbe96bb88b3d90fd0611c8e96a9d82e1ebfda47934a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|68e75e97f994318643607fbe96bb88b3d90fd0611c8e96a9d82e1ebfda47934a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/s3/manager/internal/integration/integration.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 131135, "scanner": "repobility-threat-engine", "fingerprint": "a45a66fbabc8a9a4eba72f98e1d4de2c52daae5ef17e58397a4916e3999aef0a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a45a66fbabc8a9a4eba72f98e1d4de2c52daae5ef17e58397a4916e3999aef0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/logging_generate.go"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `codegen/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `codegen/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (59,536 bytes) committed to a repo that otherwise has 28647 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 131259, "scanner": "repobility-supply-chain", "fingerprint": "3b03e2b0aed33c263b51929e14aea8d383a9bea10a04433d755f8e16f2f85f32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b03e2b0aed33c263b51929e14aea8d383a9bea10a04433d755f8e16f2f85f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "codegen/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131258, "scanner": "repobility-supply-chain", "fingerprint": "30da34301e3f721911228e2d2e95c68eca0cd62b2157c67d5408d6bbe61d0286", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30da34301e3f721911228e2d2e95c68eca0cd62b2157c67d5408d6bbe61d0286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issue-regression-labeler.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v2`: `uses: actions/setup-go@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131253, "scanner": "repobility-supply-chain", "fingerprint": "ed1c8a906f4172e73e25b9b6a80000e5e2e5a966e599eb1ff935e37e2426b525", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed1c8a906f4172e73e25b9b6a80000e5e2e5a966e599eb1ff935e37e2426b525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codegen.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v2`: `uses: actions/setup-java@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131252, "scanner": "repobility-supply-chain", "fingerprint": "2ab4bee21686a705c92a6881deedadcc74ab59e1ab9740f411e2aa61d136efed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ab4bee21686a705c92a6881deedadcc74ab59e1ab9740f411e2aa61d136efed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codegen.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131251, "scanner": "repobility-supply-chain", "fingerprint": "39575ee58058621802c7ee025fb4c8855bb774e235336db15b904c73fac8e4b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39575ee58058621802c7ee025fb4c8855bb774e235336db15b904c73fac8e4b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codegen.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v2`: `uses: actions/setup-go@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131249, "scanner": "repobility-supply-chain", "fingerprint": "421deea5b90192074de20a7a98460563338da2d1228a90d318573a42fdf2d5c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|421deea5b90192074de20a7a98460563338da2d1228a90d318573a42fdf2d5c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/snapshot.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131248, "scanner": "repobility-supply-chain", "fingerprint": "ef67fb3474d9791a7a843d51e0fa48db6006ff5a37f7fb18edf6d2ce41af148a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef67fb3474d9791a7a843d51e0fa48db6006ff5a37f7fb18edf6d2ce41af148a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/snapshot.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v2`: `uses: actions/setup-python@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131247, "scanner": "repobility-supply-chain", "fingerprint": "ae749c08b865d9d4522b34d6d946599f2e4f93b4b927d999c9ace739926009d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae749c08b865d9d4522b34d6d946599f2e4f93b4b927d999c9ace739926009d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/license-check.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131246, "scanner": "repobility-supply-chain", "fingerprint": "06dbbd11e2c18eeec92427d1bb84dcdac3e5951edbb0601dcf6a9140ae92548a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|06dbbd11e2c18eeec92427d1bb84dcdac3e5951edbb0601dcf6a9140ae92548a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/license-check.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131245, "scanner": "repobility-supply-chain", "fingerprint": "ad7c15682dafe13fa8a112282d2ffd33a8cca73de94ae079f4fbc602894468ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad7c15682dafe13fa8a112282d2ffd33a8cca73de94ae079f4fbc602894468ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/license-check.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131244, "scanner": "repobility-supply-chain", "fingerprint": "555ff5692b53a0ae151d3c4ba570bbcca89c7d78725400ceac713b81296ba5e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|555ff5692b53a0ae151d3c4ba570bbcca89c7d78725400ceac713b81296ba5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/license-check.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v2`: `uses: actions/setup-go@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131242, "scanner": "repobility-supply-chain", "fingerprint": "1eb77a5d6c5ed841f0c01bb2e3b6f8f18bb7055edb76baf9db995076954697c1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1eb77a5d6c5ed841f0c01bb2e3b6f8f18bb7055edb76baf9db995076954697c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131241, "scanner": "repobility-supply-chain", "fingerprint": "854758ac38fe36182f26c5d69fb6def0bd516c6191bb2707ebfff0d7ab21886b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|854758ac38fe36182f26c5d69fb6def0bd516c6191bb2707ebfff0d7ab21886b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v2`: `uses: actions/setup-go@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131240, "scanner": "repobility-supply-chain", "fingerprint": "80384bf9c81e828e47de025de55dfe447b866fca50471463c2fa04f92fa3835f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80384bf9c81e828e47de025de55dfe447b866fca50471463c2fa04f92fa3835f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131239, "scanner": "repobility-supply-chain", "fingerprint": "0a3c1932508396f05060853d2cae25d058a96b5fc96e1f0a69953cdae4c8116c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a3c1932508396f05060853d2cae25d058a96b5fc96e1f0a69953cdae4c8116c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v2`: `uses: actions/setup-go@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131238, "scanner": "repobility-supply-chain", "fingerprint": "aebc5bdd03059b28e594a24741ff4af1e2bcb22d8d6f8fe2676a301eadff7300", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aebc5bdd03059b28e594a24741ff4af1e2bcb22d8d6f8fe2676a301eadff7300"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131237, "scanner": "repobility-supply-chain", "fingerprint": "c54f2cca4a5ec9b0d56d565997ccc53f60db91942cce257f464adf29db8578cf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c54f2cca4a5ec9b0d56d565997ccc53f60db91942cce257f464adf29db8578cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `aws-actions/aws-codebuild-run-build` pinned to mutable ref `@v1`: `uses: aws-actions/aws-codebuild-run-build@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131235, "scanner": "repobility-supply-chain", "fingerprint": "fcb68a7aff85524d9004164e89b5413f91cf1269353cd3d6dbcc26096404ea46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fcb68a7aff85524d9004164e89b5413f91cf1269353cd3d6dbcc26096404ea46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration-tests.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `uses: aws-actions/configure-aws-credentials@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 131234, "scanner": "repobility-supply-chain", "fingerprint": "f90525920b2346744e4e08213b1e995784a71615cefe5ef29a28169c44eb6367", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f90525920b2346744e4e08213b1e995784a71615cefe5ef29a28169c44eb6367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration-tests.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/internal/presigned-url => ../../../service/internal/presigned-url/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131233, "scanner": "repobility-supply-chain", "fingerprint": "96794bce2d5551a1b39ef89f7d985729889aecc6505702a2bb4b3f3ba32913ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96794bce2d5551a1b39ef89f7d985729889aecc6505702a2bb4b3f3ba32913ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/go.mod"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/v4a` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/v4a => ../../../internal/v4a/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131232, "scanner": "repobility-supply-chain", "fingerprint": "d86809f89addb16c3b02c6be9454e0a111ca52efa75bd0d7a2dc03be6442fd41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d86809f89addb16c3b02c6be9454e0a111ca52efa75bd0d7a2dc03be6442fd41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/go.mod"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/configsources` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/configsources => ../../../internal/configsources/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131231, "scanner": "repobility-supply-chain", "fingerprint": "6d95579de753a492c712188538c0cbdc60c2821e1b70580ec68b14f0dbfedb08", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d95579de753a492c712188538c0cbdc60c2821e1b70580ec68b14f0dbfedb08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/go.mod"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/credentials` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/credentials => ../../../credentials/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131230, "scanner": "repobility-supply-chain", "fingerprint": "faed73ab527720e27debccd10ef931b504bbe657b87cd5d0e5fa3c19cb922874", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|faed73ab527720e27debccd10ef931b504bbe657b87cd5d0e5fa3c19cb922874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/go.mod"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131229, "scanner": "repobility-supply-chain", "fingerprint": "d58d97edd93db8af8db4c832ba0f7c90bbeb0588bffc2fc164df4ac91380a2bf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d58d97edd93db8af8db4c832ba0f7c90bbeb0588bffc2fc164df4ac91380a2bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/go.mod"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 => ../../../internal/endpoints/v2/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131228, "scanner": "repobility-supply-chain", "fingerprint": "30655cb37caa2234c5d08a766fe7573a0fde39288ced04988da81d9b7119209b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30655cb37caa2234c5d08a766fe7573a0fde39288ced04988da81d9b7119209b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/restxmlwithnamespace/go.mod"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131227, "scanner": "repobility-supply-chain", "fingerprint": "2ca77010afb9ee72c493d270c3aea8379bf93f8148b565c13d6966e3bc88b7f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2ca77010afb9ee72c493d270c3aea8379bf93f8148b565c13d6966e3bc88b7f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/restxmlwithnamespace/go.mod"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131226, "scanner": "repobility-supply-chain", "fingerprint": "b671fcf8c5721b35117a395e4abab83d07de579952844a70d875543548ede026", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b671fcf8c5721b35117a395e4abab83d07de579952844a70d875543548ede026"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/endpoints/v2/go.mod"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131225, "scanner": "repobility-supply-chain", "fingerprint": "3a4b282f28769871c19484e02053aa608227982e58cf0a0af6600246cf40d02f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a4b282f28769871c19484e02053aa608227982e58cf0a0af6600246cf40d02f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/codegen/go.mod"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 => ../../internal/endpoints/v2/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131224, "scanner": "repobility-supply-chain", "fingerprint": "26d501c8bcfef67ae5d8cb1afe79b649a52189644372efe020d6c0f7a16f3efa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26d501c8bcfef67ae5d8cb1afe79b649a52189644372efe020d6c0f7a16f3efa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/kitchensinktest/go.mod"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131223, "scanner": "repobility-supply-chain", "fingerprint": "47ad93fecc3c0a9bee2852e4a983e4467105dfe09a0a8f69ed2eb68813868372", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47ad93fecc3c0a9bee2852e4a983e4467105dfe09a0a8f69ed2eb68813868372"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/kitchensinktest/go.mod"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131222, "scanner": "repobility-supply-chain", "fingerprint": "b48cf3e3209a7f68de99f5ae7eca213d77846d8d1de68ac0103f2728847b8920", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b48cf3e3209a7f68de99f5ae7eca213d77846d8d1de68ac0103f2728847b8920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/v4a/go.mod"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131221, "scanner": "repobility-supply-chain", "fingerprint": "51824788b3d6e0ac4de9315d6d6d4fc8b3442afd1efc29a04e8aee49cea4549e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51824788b3d6e0ac4de9315d6d6d4fc8b3442afd1efc29a04e8aee49cea4549e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/configsources/go.mod"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/ssooidc` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/ssooidc => ../service/ssooidc/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131220, "scanner": "repobility-supply-chain", "fingerprint": "83bc24dbc5bf2ee4fe8fb7cabd944f75026a47084a5e6dbd01fe1d15c3105690", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|83bc24dbc5bf2ee4fe8fb7cabd944f75026a47084a5e6dbd01fe1d15c3105690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/signin` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/signin => ../service/signin/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131219, "scanner": "repobility-supply-chain", "fingerprint": "4888021e87c3b92379db5430ed0144757fc0f06423f2a62dbfd4d05e537ed564", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4888021e87c3b92379db5430ed0144757fc0f06423f2a62dbfd4d05e537ed564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding => ../service/internal/accept-encoding/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131218, "scanner": "repobility-supply-chain", "fingerprint": "94c4adfb14ced78241114de8a3a63a5330557e6d0d26fcdbc21fc3e5a1d46edb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94c4adfb14ced78241114de8a3a63a5330557e6d0d26fcdbc21fc3e5a1d46edb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/endpoints/v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 => ../internal/endpoints/v2/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131217, "scanner": "repobility-supply-chain", "fingerprint": "4794a37cb0abb428446f51df0cd4e1579d3de618c41bf7cd468b8c4f9b6246cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4794a37cb0abb428446f51df0cd4e1579d3de618c41bf7cd468b8c4f9b6246cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/feature/ec2/imds` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/feature/ec2/imds => ../feature/ec2/imds/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131216, "scanner": "repobility-supply-chain", "fingerprint": "8532d88e1e9cd6c9979bb0136fd292fe52159fe93b33260ad16f83efbf9c08a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8532d88e1e9cd6c9979bb0136fd292fe52159fe93b33260ad16f83efbf9c08a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131215, "scanner": "repobility-supply-chain", "fingerprint": "1eadb02351dd3d0ef41922d1a453bed64c2b84272c5e14ce9dd4c9c61bf9c330", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1eadb02351dd3d0ef41922d1a453bed64c2b84272c5e14ce9dd4c9c61bf9c330"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/go.mod"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/sts` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/sts => ../service/sts/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131214, "scanner": "repobility-supply-chain", "fingerprint": "469978e20d1c90581c08d6277f66eaffd1d91bb27718522ba26afffcf4f9d60c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|469978e20d1c90581c08d6277f66eaffd1d91bb27718522ba26afffcf4f9d60c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/sso` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/sso => ../service/sso/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131213, "scanner": "repobility-supply-chain", "fingerprint": "b6cf076fddafe8b826ac6c09c865faf3d5948deaeaf0b77af51349214301c984", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6cf076fddafe8b826ac6c09c865faf3d5948deaeaf0b77af51349214301c984"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/service/internal/presigned-url` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/service/internal/presigned-url => ../service/internal/presigned-url/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131212, "scanner": "repobility-supply-chain", "fingerprint": "8ce2efdcac11db7a1bab35fd80b5327fcfc06df050f5bf7972bd713ceab54f09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ce2efdcac11db7a1bab35fd80b5327fcfc06df050f5bf7972bd713ceab54f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/v4a` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/v4a => ../internal/v4a/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131211, "scanner": "repobility-supply-chain", "fingerprint": "cf94e1226ff1b8457c9e5fd65d7a80dad0ba0913ef1a69a037cf33c28d323177", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf94e1226ff1b8457c9e5fd65d7a80dad0ba0913ef1a69a037cf33c28d323177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2/internal/configsources` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2/internal/configsources => ../internal/configsources/` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131210, "scanner": "repobility-supply-chain", "fingerprint": "81202be1624d5d930c10bb287bb422ed61f3370334274f004d61cc3503a5f581", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81202be1624d5d930c10bb287bb422ed61f3370334274f004d61cc3503a5f581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/aws/aws-sdk-go-v2` \u2014 points to a LOCAL path: `replace github.com/aws/aws-sdk-go-v2 => ../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 131209, "scanner": "repobility-supply-chain", "fingerprint": "74e010478c5cd0aeeb3ae4fdbfa589efe83833c44baa4e2b80b5a8fe21909daa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74e010478c5cd0aeeb3ae4fdbfa589efe83833c44baa4e2b80b5a8fe21909daa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/go.mod"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 131168, "scanner": "repobility-threat-engine", "fingerprint": "ea5e36c05c0bad728054bc5c2018e0071b0ca771bf39d77d7ce2bd71dd86d9ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea5e36c05c0bad728054bc5c2018e0071b0ca771bf39d77d7ce2bd71dd86d9ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/jsonrpc/internal/document/document.go"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 131167, "scanner": "repobility-threat-engine", "fingerprint": "64f572589465fff1975435c2cbf878ddb9e8ed23253e14f6f020a0358533c940", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64f572589465fff1975435c2cbf878ddb9e8ed23253e14f6f020a0358533c940"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/protocoltest/awsrestjson/internal/document/document.go"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 131166, "scanner": "repobility-threat-engine", "fingerprint": "ebb021601cef79e314627150ea8ac0b4f3426e1205e0ef7ad90d996590c961cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebb021601cef79e314627150ea8ac0b4f3426e1205e0ef7ad90d996590c961cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/awstesting/assert.go"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 131158, "scanner": "repobility-threat-engine", "fingerprint": "5864c0b3b44bf785056881c132aca0d24e2800a59a285cdb752cb96493e6c7d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5864c0b3b44bf785056881c132aca0d24e2800a59a285cdb752cb96493e6c7d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/repotools/cmd/eachmodule/cmd.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 131157, "scanner": "repobility-threat-engine", "fingerprint": "39d70bfc9838498e8632cb38d5e8e781243b592d86cb28681bb9971eb6709cd4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|39d70bfc9838498e8632cb38d5e8e781243b592d86cb28681bb9971eb6709cd4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/processcreds/provider.go"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 131155, "scanner": "repobility-threat-engine", "fingerprint": "3e0ed0d4ba0da5dff95cd4e6f0e9cee379b7bf3532d0fdaba66b9d2c882fdcb1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.NewRequest(\"GET\", e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e0ed0d4ba0da5dff95cd4e6f0e9cee379b7bf3532d0fdaba66b9d2c882fdcb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/dsql/auth/auth_token_generator.go"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 131154, "scanner": "repobility-threat-engine", "fingerprint": "6d5cdfca8c2a52b537635e21b5d8caa14aeeedf2993826b59250f6bb54cce04b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d5cdfca8c2a52b537635e21b5d8caa14aeeedf2993826b59250f6bb54cce04b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/cloudfront/sign/sign_url.go"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 131153, "scanner": "repobility-threat-engine", "fingerprint": "d72fc085357538baea73bf3dbde3c618cc36cae6ee54440aeb7d82be05913f32", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d72fc085357538baea73bf3dbde3c618cc36cae6ee54440aeb7d82be05913f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "config/local.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 131151, "scanner": "repobility-threat-engine", "fingerprint": "7cc03eab53f29b54c3850ef13c469cca2ec83dd1f3d6d104f784da7679742762", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7cc03eab53f29b54c3850ef13c469cca2ec83dd1f3d6d104f784da7679742762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "feature/cloudfront/sign/policy.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 131150, "scanner": "repobility-threat-engine", "fingerprint": "9f2cfd965469e6713225c69f75bda66338ccefdfefd0e971325b64125b6f4fb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f2cfd965469e6713225c69f75bda66338ccefdfefd0e971325b64125b6f4fb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/ssocreds/sso_cached_token.go"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 131149, "scanner": "repobility-threat-engine", "fingerprint": "79a4c51959b918e4fa60d077ea3084c7a6b88b0a07a3cc90b6611e0cd02bddbe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79a4c51959b918e4fa60d077ea3084c7a6b88b0a07a3cc90b6611e0cd02bddbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/signer/internal/v4/headers.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 131148, "scanner": "repobility-threat-engine", "fingerprint": "2e8194c7413ce3acf35b3cc70b869360d2ac939772f409d464c87b9c3474d721", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "token.Update(out)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2e8194c7413ce3acf35b3cc70b869360d2ac939772f409d464c87b9c3474d721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "credentials/logincreds/provider.go"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 131147, "scanner": "repobility-threat-engine", "fingerprint": "28bc0d42aa90e8daea5d0aefbb2f32ea09a7aecc835c63786ab25d04e6093c46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "a.rateLimit.Update(throttled)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|28bc0d42aa90e8daea5d0aefbb2f32ea09a7aecc835c63786ab25d04e6093c46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/retry/adaptive.go"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 131145, "scanner": "repobility-threat-engine", "fingerprint": "db0a946d7a02749cd27cfbdc67e71b3cab86605bf27bb4ca2b7ff81697da62a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db0a946d7a02749cd27cfbdc67e71b3cab86605bf27bb4ca2b7ff81697da62a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/protocol/eventstream/header.go"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 131144, "scanner": "repobility-threat-engine", "fingerprint": "d6b1c2779772a8d5e94457796855574c7b022bd883886404bba5dd5e466fba20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d6b1c2779772a8d5e94457796855574c7b022bd883886404bba5dd5e466fba20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/protocol/eventstream/encode.go"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 131143, "scanner": "repobility-threat-engine", "fingerprint": "b91befdef08765baf940e3c33342dd4c4fc60bcc7588ded91d27a66301cbfaed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b91befdef08765baf940e3c33342dd4c4fc60bcc7588ded91d27a66301cbfaed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aws/protocol/eventstream/decode.go"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131257, "scanner": "repobility-supply-chain", "fingerprint": "51ba0e639a0eeec1fd557ba8cc9af84ae7c968d29c68e37afc08a2862f3cfc16", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51ba0e639a0eeec1fd557ba8cc9af84ae7c968d29c68e37afc08a2862f3cfc16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/slack.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131256, "scanner": "repobility-supply-chain", "fingerprint": "33f1b832b8661cbaded38ca874bd231d739afb48e323af12b01362057017c755", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33f1b832b8661cbaded38ca874bd231d739afb48e323af12b01362057017c755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/slack.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131255, "scanner": "repobility-supply-chain", "fingerprint": "2c749938d7398e2660c116f127de18495292397677538ca5defa8248f9869078", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c749938d7398e2660c116f127de18495292397677538ca5defa8248f9869078"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/slack.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131254, "scanner": "repobility-supply-chain", "fingerprint": "56ed0d0645f6f4a601a082e7b305dc5f0b6deb8ca4554a9a5596954e5ceb9592", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|56ed0d0645f6f4a601a082e7b305dc5f0b6deb8ca4554a9a5596954e5ceb9592"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/slack.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_GIT_PAT` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_GIT_PAT }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131250, "scanner": "repobility-supply-chain", "fingerprint": "52f65b0f5e23581058834162aa6dfc98d9255d84782fe367efed5521d0beff94", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|52f65b0f5e23581058834162aa6dfc98d9255d84782fe367efed5521d0beff94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/snapshot.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_GIT_PAT` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_GIT_PAT }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131243, "scanner": "repobility-supply-chain", "fingerprint": "1e57ced2e79eded3bfcb894bd405d6b128d4ca69e3ffafde853b34aa85a60420", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e57ced2e79eded3bfcb894bd405d6b128d4ca69e3ffafde853b34aa85a60420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.CI_AWS_ROLE_ARN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CI_AWS_ROLE_ARN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 131236, "scanner": "repobility-supply-chain", "fingerprint": "b08983f4f1f84d788c0f373e76703a2409760de1558dfb48e1b3b588e60d8a67", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b08983f4f1f84d788c0f373e76703a2409760de1558dfb48e1b3b588e60d8a67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration-tests.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 131175, "scanner": "repobility-threat-engine", "fingerprint": "2c947d0a14adb3adaa7bcc22b1d36fffd6db1608b191611dee0628eb0a70cac6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c947d0a14adb3adaa7bcc22b1d36fffd6db1608b191611dee0628eb0a70cac6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "service/appsync/api_op_EvaluateMappingTemplate.go"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 131174, "scanner": "repobility-threat-engine", "fingerprint": "c3ab9fe710aa39da4f9c3fbc554e18d81d4a910b406a6e4f847c7f9134300f99", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3ab9fe710aa39da4f9c3fbc554e18d81d4a910b406a6e4f847c7f9134300f99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "service/apigatewayv2/api_op_GetModelTemplate.go"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 131173, "scanner": "repobility-threat-engine", "fingerprint": "273999a187aba69112084033c4fddbecd041e7eaccfc7b364a3aafeb6c876653", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|273999a187aba69112084033c4fddbecd041e7eaccfc7b364a3aafeb6c876653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "service/apigateway/api_op_GetModelTemplate.go"}, "region": {"startLine": 15}}}]}]}]}