{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 659 lines (recommend <300)", "shortDescription": {"text": "Average file size is 659 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `", "shortDescription": {"text": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `@master`: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@master` resolves at workfl"}, "fullDescription": {"text": "Replace with: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@<40-char-sha>  # master` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED032", "name": "[MINED032] Ts Nocheck Comment: // @ts-nocheck silences all type checking for entire file.", "shortDescription": {"text": "[MINED032] Ts Nocheck Comment: // @ts-nocheck silences all type checking for entire file."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/754"}, "properties": {"repository": "microsoft/TypeScript", "repoUrl": "https://github.com/microsoft/TypeScript", "branch": "main"}, "results": [{"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 62847, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d76b64696d77bb798fdd974cf92c80ad204d05283f9db4f5900689421b04c9b", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "refactor", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "src/services/_namespaces/ts.ts", "correlation_key": "fp|3d76b64696d77bb798fdd974cf92c80ad204d05283f9db4f5900689421b04c9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/_namespaces/ts.refactor.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 62846, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 62836, "scanner": "repobility-threat-engine", "fingerprint": "208822ffaae6b39de15451fd54e4919675a566fff69f8051d6f47f700cecc5df", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/harness/util.ts|43|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/util.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 62835, "scanner": "repobility-threat-engine", "fingerprint": "a9cc35041c0c6323c73579d367790e31c5e602ecf382c28b11e699841014a542", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|102|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/documentsUtil.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 659 lines (recommend <300)"}, "properties": {"repobilityId": 62822, "scanner": "repobility-core", "fingerprint": "eefe8cd04fee6bf1bcc0c17fa56845a63ba0234ab49ee7bbad8b9b77e4a0d58a", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|eefe8cd04fee6bf1bcc0c17fa56845a63ba0234ab49ee7bbad8b9b77e4a0d58a"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62849, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fec94b91ad0954b35af0a33e4ca134dd3fce86f18d93bfe9176fb3740bef8f84", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/compiler/transformers/classThis.ts", "duplicate_line": 73, "correlation_key": "fp|fec94b91ad0954b35af0a33e4ca134dd3fce86f18d93bfe9176fb3740bef8f84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/transformers/namedEvaluation.ts"}, "region": {"startLine": 147}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62848, "scanner": "repobility-ai-code-hygiene", "fingerprint": "329d0be186f8843dba85587bcc09a3cb9dc3f674e2418bb64d6ffa666fadac5b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/compiler/transformers/es2016.ts", "duplicate_line": 20, "correlation_key": "fp|329d0be186f8843dba85587bcc09a3cb9dc3f674e2418bb64d6ffa666fadac5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/transformers/es2020.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 62845, "scanner": "repobility-threat-engine", "fingerprint": "7bca2d45d09171658b0cf0c438adca4c400491b854dabce89686ce687d8b07f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bca2d45d09171658b0cf0c438adca4c400491b854dabce89686ce687d8b07f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/codefixes/fixClassIncorrectlyImplementsInterface.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 62843, "scanner": "repobility-threat-engine", "fingerprint": "4aac29dde5d5b4e0ead919067007740b004ea542845439926cab7e4a09d80997", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4aac29dde5d5b4e0ead919067007740b004ea542845439926cab7e4a09d80997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/tsserverLogger.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 62842, "scanner": "repobility-threat-engine", "fingerprint": "8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "aggregated_count": 10}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 62841, "scanner": "repobility-threat-engine", "fingerprint": "8a526da802ccb2d649a27edba7fc3b0005812ad2f0135ec6be38d8393e9b96eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a526da802ccb2d649a27edba7fc3b0005812ad2f0135ec6be38d8393e9b96eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/vpathUtil.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 62840, "scanner": "repobility-threat-engine", "fingerprint": "74a6981a9044e1baa1a18bd97396c713b6776498f38eaa7e827d03ffb39a5db3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74a6981a9044e1baa1a18bd97396c713b6776498f38eaa7e827d03ffb39a5db3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/tsserverLogger.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 62839, "scanner": "repobility-threat-engine", "fingerprint": "66a22b183cf4a5abb380a934ae2d1e06d36f6315c9fdd9bdc8ab3437e3097ef5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66a22b183cf4a5abb380a934ae2d1e06d36f6315c9fdd9bdc8ab3437e3097ef5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/documentsUtil.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 62833, "scanner": "repobility-threat-engine", "fingerprint": "769066d8495bfe2f7864729e0841514ab9cc65f352d94490c05891e2836119b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|769066d8495bfe2f7864729e0841514ab9cc65f352d94490c05891e2836119b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/codefixes/addOptionalPropertyUndefined.ts"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 62832, "scanner": "repobility-threat-engine", "fingerprint": "3da496349613cde16901a27bd0afc94d36022cb1295ee26d785f8d843d83ddb8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3da496349613cde16901a27bd0afc94d36022cb1295ee26d785f8d843d83ddb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/utilitiesPublic.ts"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 62831, "scanner": "repobility-threat-engine", "fingerprint": "bfa3b5f695ae85e16b49b28672c2360a5f8878fe22e5ddc21e25ea27fa905ffc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bfa3b5f695ae85e16b49b28672c2360a5f8878fe22e5ddc21e25ea27fa905ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/symbolWalker.ts"}, "region": {"startLine": 207}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 62830, "scanner": "repobility-threat-engine", "fingerprint": "dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dfda4170aff520d17dd79e2ba83251ca47508d2ca8ba93d0fcc46ccc46e07c8c"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 62826, "scanner": "repobility-threat-engine", "fingerprint": "dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "aggregated_count": 4}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62825, "scanner": "repobility-threat-engine", "fingerprint": "72fa842273a0c92f7b945c90c3d938b134b45617624ddddfd3269c7fa42b4f00", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72fa842273a0c92f7b945c90c3d938b134b45617624ddddfd3269c7fa42b4f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/harnessGlobals.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62824, "scanner": "repobility-threat-engine", "fingerprint": "24a31e5f423b31409d62a21ffcc7f9340e7d494f8f1e6686e4735747337d0c67", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24a31e5f423b31409d62a21ffcc7f9340e7d494f8f1e6686e4735747337d0c67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/collectionsImpl.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62823, "scanner": "repobility-threat-engine", "fingerprint": "bd13bb4b8b2b29e059739baf2f5cf05bd1d32e5f3137f1c6ad7b986d0469bb44", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd13bb4b8b2b29e059739baf2f5cf05bd1d32e5f3137f1c6ad7b986d0469bb44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/corePublic.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `@master`: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62854, "scanner": "repobility-supply-chain", "fingerprint": "fc8637b8d1c5769e04d79df4d5a3f7934c70f0a81bc710a283d5706270d9e573", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fc8637b8d1c5769e04d79df4d5a3f7934c70f0a81bc710a283d5706270d9e573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/set-version.yaml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/TypeScript-Twoslash-Repro-Action` pinned to mutable ref `@master`: `uses: microsoft/TypeScript-Twoslash-Repro-Action@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62853, "scanner": "repobility-supply-chain", "fingerprint": "175ff601f563c362105a245af5a52e9d01df56d48366e643d3c6abc0bd116a71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|175ff601f563c362105a245af5a52e9d01df56d48366e643d3c6abc0bd116a71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/twoslash-repros.yaml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `@master`: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62852, "scanner": "repobility-supply-chain", "fingerprint": "14be151f78a1cb695834f814b6a106d4d31b74c256a090c0a649183939d929fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14be151f78a1cb695834f814b6a106d4d31b74c256a090c0a649183939d929fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/create-cherry-pick-pr.yml"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `@master`: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62851, "scanner": "repobility-supply-chain", "fingerprint": "73dac3a5e13d2b1e5d175f7ac9038c509577b0f0b9b45f7f85f17ef12fc4a6cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|73dac3a5e13d2b1e5d175f7ac9038c509577b0f0b9b45f7f85f17ef12fc4a6cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sync-branch.yaml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result` pinned to mutable ref `@master`: `uses: microsoft/typescript-bot-test-triggerer/.github/actions/post-workflow-result@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62850, "scanner": "repobility-supply-chain", "fingerprint": "37d5f680938d76b721999adb45727d193d25dce33cfcaf833571a3e18b82ed09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37d5f680938d76b721999adb45727d193d25dce33cfcaf833571a3e18b82ed09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/new-release-branch.yaml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED032", "level": "error", "message": {"text": "[MINED032] Ts Nocheck Comment: // @ts-nocheck silences all type checking for entire file."}, "properties": {"repobilityId": 62844, "scanner": "repobility-threat-engine", "fingerprint": "535c98e24fd18297a712fa133760110de7693b7dc9059f4af8a44d6ba06df352", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-nocheck-comment", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347973+00:00", "triaged_in_corpus": 15, "observations_count": 6120, "ai_coder_pattern_id": 100}, "scanner": "repobility-threat-engine", "correlation_key": "fp|535c98e24fd18297a712fa133760110de7693b7dc9059f4af8a44d6ba06df352"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/services/codefixes/disableJsDiagnostics.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 62838, "scanner": "repobility-threat-engine", "fingerprint": "aa44caf572d3a64a32c851a5c2edc46f40bc79ca0bef41640b36ff8998bdbff9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(text", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aa44caf572d3a64a32c851a5c2edc46f40bc79ca0bef41640b36ff8998bdbff9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/util.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 62837, "scanner": "repobility-threat-engine", "fingerprint": "dcccdea7a49a323418f7e7319d1a3231ff7310772e34093847609b07f40f850a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(this", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcccdea7a49a323418f7e7319d1a3231ff7310772e34093847609b07f40f850a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/documentsUtil.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 62834, "scanner": "repobility-threat-engine", "fingerprint": "6b9ed14ec55f4d1943152e6a7acdb06c7d5e1245a4ab9d3c661668c2a7109109", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6b9ed14ec55f4d1943152e6a7acdb06c7d5e1245a4ab9d3c661668c2a7109109"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/harness/documentsUtil.ts"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62829, "scanner": "repobility-threat-engine", "fingerprint": "555be6e4abd5589b9634e8b7c41673f3f9d6f6847fbb5cbbb7d868a0c88fd0bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "packageJsons.delete(fileName);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|555be6e4abd5589b9634e8b7c41673f3f9d6f6847fbb5cbbb7d868a0c88fd0bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/packageJsonCache.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62828, "scanner": "repobility-threat-engine", "fingerprint": "efea5fe2bb265ae976938771b3c435216ab1cc5066e9e68c05602d1c0630315a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "counts.delete(name);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|efea5fe2bb265ae976938771b3c435216ab1cc5066e9e68c05602d1c0630315a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/performance.ts"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62827, "scanner": "repobility-threat-engine", "fingerprint": "aeaa344e6d1e99f2377ab369c5a45659704c41588431ee53664301eadc3e9169", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sourceFileToNodeChildren.delete(sourceFile);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aeaa344e6d1e99f2377ab369c5a45659704c41588431ee53664301eadc3e9169"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/compiler/factory/nodeChildren.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 62821, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}