{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED029", "name": "[MINED029] Kotlin Null Bang (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED029] Kotlin Null Bang (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 32 more): Same pattern found in 32 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo", "shortDescription": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "fullDescription": {"text": "`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (62,076 bytes) committed to a repo that otherwise has 1159 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` unpinned", "shortDescription": {"text": "Workflow container/services image `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` unpinned"}, "fullDescription": {"text": "`container/services image: adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` not pinned by digest"}, "fullDescription": {"text": "`FROM adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/961"}, "properties": {"repository": "JetBrains/rd", "repoUrl": "https://github.com/JetBrains/rd", "branch": "master"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 90145, "scanner": "repobility-docker", "fingerprint": "bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|bbddb30f89178c7f394f661014c4463818fa0d7143e3346dcf37c2b53e571e10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 90144, "scanner": "repobility-docker", "fingerprint": "86a81582f997c02e3c9d0825b66966f266b627f94e27a5278bf84c6939d746d6", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|86a81582f997c02e3c9d0825b66966f266b627f94e27a5278bf84c6939d746d6", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 90139, "scanner": "repobility-threat-engine", "fingerprint": "465f52c7464425e2ca2cb9cda3404941b011ed31825be0509d26a4e0afaa8f9d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n      catch (Exception)\n      {\n        return true;\n      }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|465f52c7464425e2ca2cb9cda3404941b011ed31825be0509d26a4e0afaa8f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Test.RdFramework/Reflection/ProxyGeneratorCornerCasesTests.cs"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 90138, "scanner": "repobility-threat-engine", "fingerprint": "ff5a2db1fa8ffb9895a74bfc35c06732ce1173e31f99dc820871feadad88f9bd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n      catch (Exception)\n      {\n        return null;\n      }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff5a2db1fa8ffb9895a74bfc35c06732ce1173e31f99dc820871feadad88f9bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Util/ReflectionUtil.cs"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90123, "scanner": "repobility-threat-engine", "fingerprint": "239b10fc05f62f1e1d0bd4892e548837c51a0f0027c0da04f4d2f7a326bd9e39", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|10|sec045", "duplicate_count": 1, "duplicate_rule_ids": ["SEC045"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["239b10fc05f62f1e1d0bd4892e548837c51a0f0027c0da04f4d2f7a326bd9e39", "9da9c0321a599c168043da3a796c314cb66db77c8b14becec25e24d0d4e82f71"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildSrc/src/main/kotlin/com/jetbrains/rd/gradle/tasks/DotnetBuildTask.kt"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90122, "scanner": "repobility-threat-engine", "fingerprint": "d07ec166b068f0b2056d92d39a848b7d913e463240d8ab14a076f1fa009a4b0a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|15|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "buildSrc/src/main/kotlin/com/jetbrains/rd/gradle/tasks/CopySourcesTask.kt"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 90146, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 90125, "scanner": "repobility-threat-engine", "fingerprint": "493be1f35a98f6b3abf02fa08d06fbfb5875c847b093ede75acea3cb6001927d", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'t register \" + type_name + \" with id: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|493be1f35a98f6b3abf02fa08d06fbfb5875c847b093ede75acea3cb6001927d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-cpp/src/rd_framework_cpp/src/main/serialization/Serializers.h"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90096, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ec10ccd6b16ba231499978e0e251cadc2c6f953411cace86981a1a364989eb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|7ec10ccd6b16ba231499978e0e251cadc2c6f953411cace86981a1a364989eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetNotNullConditionalInterpolatedStringHandler.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90095, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c911ab28deb489a43192547490fb28456e3221f4bdb7145a28d231bde354cc1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|8c911ab28deb489a43192547490fb28456e3221f4bdb7145a28d231bde354cc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogWarnInterpolatedStringHandler.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90094, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77ee53b6616c183a0e10ec35a5c53adf9e3f9782531e0ae51cd938ef833b0d44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|77ee53b6616c183a0e10ec35a5c53adf9e3f9782531e0ae51cd938ef833b0d44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogVerboseInterpolatedStringHandler.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90093, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf39879596fabc6a5805721ecf0c3557928631655e1449bc7f7d1073c37b1338", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|bf39879596fabc6a5805721ecf0c3557928631655e1449bc7f7d1073c37b1338"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogTraceInterpolatedStringHandler.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90092, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24c7677838bac9c013ca91007f5ed3df2c2e2f125e5f401f5d128904a88a46b5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|24c7677838bac9c013ca91007f5ed3df2c2e2f125e5f401f5d128904a88a46b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogLevelInterpolatedStringHandler.cs"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90091, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b5b01838b069ae4de754c3b84aaa90c03f68e4843133b0bc5b2c1386aaf7a48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogErrorInterpolatedStringHandler.cs", "duplicate_line": 15, "correlation_key": "fp|1b5b01838b069ae4de754c3b84aaa90c03f68e4843133b0bc5b2c1386aaf7a48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Diagnostics/StringInterpolation/JetLogInfoInterpolatedStringHandler.cs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90090, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdf76d8f4ebc78f7a821d63801aa1472106e93bd3e412741d9bb4536bad0be1a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/RdList.kt", "duplicate_line": 172, "correlation_key": "fp|cdf76d8f4ebc78f7a821d63801aa1472106e93bd3e412741d9bb4536bad0be1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/RdSet.kt"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90089, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a743a45d3049816c51d79697caed2c63749b3a5bd2d3f24595adcd8a2ee9c14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/RdList.kt", "duplicate_line": 54, "correlation_key": "fp|2a743a45d3049816c51d79697caed2c63749b3a5bd2d3f24595adcd8a2ee9c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/RdMap.kt"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90088, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05ad429fe969736f58341b4c9bbcc2f739ad30d111dca7b874cb94579bb04aea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/AsyncRdMap.kt", "duplicate_line": 165, "correlation_key": "fp|05ad429fe969736f58341b4c9bbcc2f739ad30d111dca7b874cb94579bb04aea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/impl/AsyncRdSet.kt"}, "region": {"startLine": 142}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90087, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff0da9b3ef144d79353c3138ad63ec873fd092babe877e997329e52b3c494a34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-kt/rd-cross/src/main/kotlin/com/jetbrains/rd/cross/cases/client/CrossTest_AllEntities_KtClient.kt", "duplicate_line": 10, "correlation_key": "fp|ff0da9b3ef144d79353c3138ad63ec873fd092babe877e997329e52b3c494a34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-cross/src/main/kotlin/com/jetbrains/rd/cross/cases/server/CrossTest_AllEntities_KtServer.kt"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90086, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68af7f4c10a33c8664ba3cbb3cf5436bf3c5aeb06a64547c6fde789d6390ede1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-cpp/thirdparty/ordered-map/include/tsl/ordered_map.h", "duplicate_line": 117, "correlation_key": "fp|68af7f4c10a33c8664ba3cbb3cf5436bf3c5aeb06a64547c6fde789d6390ede1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-cpp/thirdparty/ordered-map/include/tsl/ordered_set.h"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90085, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2f263c1102742f38f9f94a78a2c880955420fd6d1bb24a23e6f6271baa4fed9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-cpp/src/rd_core_cpp/src/main/reactive/ViewableList.h", "duplicate_line": 28, "correlation_key": "fp|d2f263c1102742f38f9f94a78a2c880955420fd6d1bb24a23e6f6271baa4fed9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-cpp/src/rd_core_cpp/src/main/reactive/ViewableSet.h"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90084, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b3d644f46b68e6e2385fae0989b07d5a6a808d9ac292265b0299d1de0c00284", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rd-cpp/src/rd_core_cpp/src/main/reactive/ViewableList.h", "duplicate_line": 38, "correlation_key": "fp|5b3d644f46b68e6e2385fae0989b07d5a6a808d9ac292265b0299d1de0c00284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-cpp/src/rd_core_cpp/src/main/reactive/ViewableMap.h"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 90143, "scanner": "repobility-threat-engine", "fingerprint": "3d1c16d084728b625d16c41069bad046851b6b40a0d79db90d2a9b4b633587ea", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3d1c16d084728b625d16c41069bad046851b6b40a0d79db90d2a9b4b633587ea", "aggregated_count": 2}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 90142, "scanner": "repobility-threat-engine", "fingerprint": "d3e022450144cd28cc5ba5f849fadad3f69cd99580080536568cc7df2c97609a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d3e022450144cd28cc5ba5f849fadad3f69cd99580080536568cc7df2c97609a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Test.Lifetimes/Threading/ByteBufferAsyncProcessorTest.cs"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 90141, "scanner": "repobility-threat-engine", "fingerprint": "3559e2ed4a5abd498e5cad2683d2c67f0137ac01f6613133f12d16a4c534958e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3559e2ed4a5abd498e5cad2683d2c67f0137ac01f6613133f12d16a4c534958e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Test.Lifetimes/Diagnostics/ProcessWatchdogTest.cs"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 90140, "scanner": "repobility-threat-engine", "fingerprint": "e2a8265ee6e38a7642e43e4bb2d2e66a9d141965195804099ea9356f1679b0be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2a8265ee6e38a7642e43e4bb2d2e66a9d141965195804099ea9356f1679b0be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Lifetimes/Util/RuntimeInfo.cs"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 90135, "scanner": "repobility-threat-engine", "fingerprint": "99f2088ed904b66a33d3f20f8abd4f84d6500a38ce46348fbfcc35ebf0b1e335", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99f2088ed904b66a33d3f20f8abd4f84d6500a38ce46348fbfcc35ebf0b1e335"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/base/IRdBindable.kt"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 90134, "scanner": "repobility-threat-engine", "fingerprint": "b9f6258ca6bed601ac54f9b27dca072c14db49718c87c86dd5d0dcaed9f7ae95", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9f6258ca6bed601ac54f9b27dca072c14db49718c87c86dd5d0dcaed9f7ae95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/FrameworkMarshallers.kt"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED029", "level": "none", "message": {"text": "[MINED029] Kotlin Null Bang (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 90133, "scanner": "repobility-threat-engine", "fingerprint": "a1139df92c26317a81189695e3cf45f3399f0afccb1e896c15e11dcda4f4d069", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a1139df92c26317a81189695e3cf45f3399f0afccb1e896c15e11dcda4f4d069", "aggregated_count": 2}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 90129, "scanner": "repobility-threat-engine", "fingerprint": "80b3d9191d1eded84eb84433968b3093885a0e637420aa03ac7ce8cab275dfa5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|80b3d9191d1eded84eb84433968b3093885a0e637420aa03ac7ce8cab275dfa5"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 90124, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 90137, "scanner": "repobility-threat-engine", "fingerprint": "cd61bc32136d06768916edf92ef93235affd2ed1588e110f7790e61749dbac18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "generator.DynamicAssembly.Save(generator.DynamicAssembly.FullName);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd61bc32136d06768916edf92ef93235affd2ed1588e110f7790e61749dbac18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-net/Test.RdFramework/Reflection/RdReflectionTestBase.cs"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 90136, "scanner": "repobility-threat-engine", "fingerprint": "1bb2cd56601b6b8cf6c181c88a31409b9b1e147581f79bf9692e19e9a5ae0bc9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "project.extensions.create(\"rdgen\", RdGenExtension::class.java, project)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1bb2cd56601b6b8cf6c181c88a31409b9b1e147581f79bf9692e19e9a5ae0bc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-gen/src/gradlePlugin/kotlin/com/jetbrains/rd/generator/gradle/RdGenPlugin.kt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 90132, "scanner": "repobility-threat-engine", "fingerprint": "13c10817501d6a822b36aadc7da3e88342d235e8d3d4ae89bbf90f6a7b5d57ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13c10817501d6a822b36aadc7da3e88342d235e8d3d4ae89bbf90f6a7b5d57ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-framework/src/main/kotlin/com/jetbrains/rd/framework/ReflectionMarshallers.kt"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 90131, "scanner": "repobility-threat-engine", "fingerprint": "0a7a93020492c0536fc5f4267f964032804113ea64c2b2f852b8d887dffa589b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a7a93020492c0536fc5f4267f964032804113ea64c2b2f852b8d887dffa589b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-cross/src/main/kotlin/com/jetbrains/rd/cross/base/CrossTest_KtClient_Base.kt"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 90130, "scanner": "repobility-threat-engine", "fingerprint": "8d09b828051ba28d2ea1a691eddfa0d094d37dc26ad637ad5eeea48f9aa7ae16", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d09b828051ba28d2ea1a691eddfa0d094d37dc26ad637ad5eeea48f9aa7ae16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-core/src/main/kotlin/com/jetbrains/rd/util/reactive/ViewableCollections.kt"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "properties": {"repobilityId": 90121, "scanner": "repobility-supply-chain", "fingerprint": "e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` unpinned"}, "properties": {"repobilityId": 90120, "scanner": "repobility-supply-chain", "fingerprint": "6d1eaa26677ce1c41df2c4433f24d392efc3224d3d86931f3fb8c725f3ebb157", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d1eaa26677ce1c41df2c4433f24d392efc3224d3d86931f3fb8c725f3ebb157"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt-container.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90119, "scanner": "repobility-supply-chain", "fingerprint": "98935ae6db61c184ceef05e86d000db62bb72a8a8db2d90641376e86304cca10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98935ae6db61c184ceef05e86d000db62bb72a8a8db2d90641376e86304cca10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt-container.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90118, "scanner": "repobility-supply-chain", "fingerprint": "b6646ef0d81697b5a1a7b3021f60b5ecb0a0401cde46ae9440ec529689db6f45", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6646ef0d81697b5a1a7b3021f60b5ecb0a0401cde46ae9440ec529689db6f45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt-container.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90117, "scanner": "repobility-supply-chain", "fingerprint": "519321407632314552fe861c0e9296ad3e557db06321696234080919a79e96c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|519321407632314552fe861c0e9296ad3e557db06321696234080919a79e96c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt-container.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90116, "scanner": "repobility-supply-chain", "fingerprint": "49d9507d76e357c86b37d27b985faca4fa55d5001a8b48e49de25fda06fa3493", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49d9507d76e357c86b37d27b985faca4fa55d5001a8b48e49de25fda06fa3493"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90115, "scanner": "repobility-supply-chain", "fingerprint": "ec0fa9bfed1d16bd18ba749879cfbf6a7f22167b6b88db2c5fa57044c851cfd7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec0fa9bfed1d16bd18ba749879cfbf6a7f22167b6b88db2c5fa57044c851cfd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90114, "scanner": "repobility-supply-chain", "fingerprint": "501215031e94d2b6dab44876852cd006eb77121f6d2f39e58b398dbe35de5b64", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|501215031e94d2b6dab44876852cd006eb77121f6d2f39e58b398dbe35de5b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90113, "scanner": "repobility-supply-chain", "fingerprint": "6cd59e09fc73a2e29da9d75bd4a9ffaf5f97e2a83ecb588f08c9960bfa03a0ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cd59e09fc73a2e29da9d75bd4a9ffaf5f97e2a83ecb588f08c9960bfa03a0ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90112, "scanner": "repobility-supply-chain", "fingerprint": "049723a2bb5705f0e77988626a7d9f511d075a601af0b47a8e902dbfafa2fb9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|049723a2bb5705f0e77988626a7d9f511d075a601af0b47a8e902dbfafa2fb9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90111, "scanner": "repobility-supply-chain", "fingerprint": "11be604276524f48609c70da0ee785f7b2807ad6b071ae81d04380fa40faae42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11be604276524f48609c70da0ee785f7b2807ad6b071ae81d04380fa40faae42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `nuget/setup-nuget` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 90110, "scanner": "repobility-supply-chain", "fingerprint": "c6b8b08a5d81df8b44cf01b14ca289e0efe0ec45c4a706eedba32c437f1c1e90", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c6b8b08a5d81df8b44cf01b14ca289e0efe0ec45c4a706eedba32c437f1c1e90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90109, "scanner": "repobility-supply-chain", "fingerprint": "34da0554587beeba9c253b5679920659fb1495a925fca61497e46a2594ec590a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34da0554587beeba9c253b5679920659fb1495a925fca61497e46a2594ec590a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-cpp.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90108, "scanner": "repobility-supply-chain", "fingerprint": "28b5787a53573747e32a351359fca8f5028b98ea732089b218a6f152956cbd93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28b5787a53573747e32a351359fca8f5028b98ea732089b218a6f152956cbd93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-net.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90107, "scanner": "repobility-supply-chain", "fingerprint": "95d0e37a9b22f0bf980046018c1642e3d212a325d911b3cf6bb036b2e6cf6ecd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|95d0e37a9b22f0bf980046018c1642e3d212a325d911b3cf6bb036b2e6cf6ecd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-net.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90106, "scanner": "repobility-supply-chain", "fingerprint": "4455ad5d05b059ba9d9b3ec9d512527c0f7eb841e5bd2f6c078b0e60e8552373", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4455ad5d05b059ba9d9b3ec9d512527c0f7eb841e5bd2f6c078b0e60e8552373"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-net.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90105, "scanner": "repobility-supply-chain", "fingerprint": "17d91069b4dd72da6fa60e60d0f7a3f5934c5db82eaf21e174403e87467cbcdd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17d91069b4dd72da6fa60e60d0f7a3f5934c5db82eaf21e174403e87467cbcdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-rd-cpp.yml"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90104, "scanner": "repobility-supply-chain", "fingerprint": "6693d9418347f73bebac2e6007fd7fc34c828d490e47a761fad3a7ae939b6d0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6693d9418347f73bebac2e6007fd7fc34c828d490e47a761fad3a7ae939b6d0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-rd-cpp.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `nuget/setup-nuget` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 90103, "scanner": "repobility-supply-chain", "fingerprint": "930eb4b778ad91ce20d3d61bbcd7a18959d8ada7886d5fa86f85fbab9bd33037", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|930eb4b778ad91ce20d3d61bbcd7a18959d8ada7886d5fa86f85fbab9bd33037"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-rd-cpp.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 90102, "scanner": "repobility-supply-chain", "fingerprint": "b1697f65e48720d33f770789d09c06ea4c92c89ee88cc04998e80adbd5be859c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1697f65e48720d33f770789d09c06ea4c92c89ee88cc04998e80adbd5be859c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-rd-cpp.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90101, "scanner": "repobility-supply-chain", "fingerprint": "ef2429812f4a6638bd9724fdea0f4143dae4df0ab14ae644b6d4fb6093942b04", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef2429812f4a6638bd9724fdea0f4143dae4df0ab14ae644b6d4fb6093942b04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-rd-cpp.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 90100, "scanner": "repobility-supply-chain", "fingerprint": "9ed06b1bfda33c165a71fe41b6173de34def2fd1e54dfdfc4ce911d2218d013e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ed06b1bfda33c165a71fe41b6173de34def2fd1e54dfdfc4ce911d2218d013e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `gradle/actions/setup-gradle` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90099, "scanner": "repobility-supply-chain", "fingerprint": "b6946ccde622a3d6556054f37b9b3c1ec7f1377cbebd8d655a089476298abc39", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6946ccde622a3d6556054f37b9b3c1ec7f1377cbebd8d655a089476298abc39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 90098, "scanner": "repobility-supply-chain", "fingerprint": "e47be65741226aa7338d8546f5babad7597096630423baf8d421462f89d15556", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e47be65741226aa7338d8546f5babad7597096630423baf8d421462f89d15556"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-rd-kt.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `adoptopenjdk/openjdk11:x86_64-ubuntu-jdk-11.0.11_9` not pinned by digest"}, "properties": {"repobilityId": 90097, "scanner": "repobility-supply-chain", "fingerprint": "c9b102e5618f9ed570c2e214c152fc5af10bf2ca288d7955bbd643ba08bf0143", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9b102e5618f9ed570c2e214c152fc5af10bf2ca288d7955bbd643ba08bf0143"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 90128, "scanner": "repobility-threat-engine", "fingerprint": "9c9ad876dd45d06b36152a08eee499235cfc82f9d7ffdf2a5ea1d85a86fa8ed5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require (ordinal", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c9ad876dd45d06b36152a08eee499235cfc82f9d7ffdf2a5ea1d85a86fa8ed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-core/src/main/kotlin/com/jetbrains/rd/util/EnumUtil.kt"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 90127, "scanner": "repobility-threat-engine", "fingerprint": "b0d60d145a226a0a55fa78602eab87c07c283517266236c667c47f460f3ee210", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(lowBit", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b0d60d145a226a0a55fa78602eab87c07c283517266236c667c47f460f3ee210"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-core/src/main/kotlin/com/jetbrains/rd/util/BitSlice.kt"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 90126, "scanner": "repobility-threat-engine", "fingerprint": "43d668ad346824c331c0207611e0d33d1e28f9b3ed1b9af8461efceba2a1671d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(offset", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|43d668ad346824c331c0207611e0d33d1e28f9b3ed1b9af8461efceba2a1671d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rd-kt/rd-core/src/main/kotlin/com/jetbrains/rd/util/BitHacks.kt"}, "region": {"startLine": 6}}}]}]}]}