{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-q34m-jh98-gwm2", "name": "werkzeug: GHSA-q34m-jh98-gwm2", "shortDescription": {"text": "werkzeug: GHSA-q34m-jh98-gwm2"}, "fullDescription": {"text": "Werkzeug possible resource exhaustion when parsing file data in forms"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hgf8-39gv-g3f2", "name": "werkzeug: GHSA-hgf8-39gv-g3f2", "shortDescription": {"text": "werkzeug: GHSA-hgf8-39gv-g3f2"}, "fullDescription": {"text": "Werkzeug safe_join() allows Windows special device names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-f9vj-2wh5-fj8j", "name": "werkzeug: GHSA-f9vj-2wh5-fj8j", "shortDescription": {"text": "werkzeug: GHSA-f9vj-2wh5-fj8j"}, "fullDescription": {"text": "Werkzeug safe_join not safe on Windows"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-87hc-h4r5-73f7", "name": "werkzeug: GHSA-87hc-h4r5-73f7", "shortDescription": {"text": "werkzeug: GHSA-87hc-h4r5-73f7"}, "fullDescription": {"text": " Werkzeug safe_join() allows Windows special device names with compound extensions"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-29vq-49wr-vm6x", "name": "werkzeug: GHSA-29vq-49wr-vm6x", "shortDescription": {"text": "werkzeug: GHSA-29vq-49wr-vm6x"}, "fullDescription": {"text": " Werkzeug safe_join() allows Windows special device names"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q2x7-8rv6-6q7h", "name": "jinja2: GHSA-q2x7-8rv6-6q7h", "shortDescription": {"text": "jinja2: GHSA-q2x7-8rv6-6q7h"}, "fullDescription": {"text": "Jinja has a sandbox breakout through indirect reference to format method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h75v-3vvj-5mfj", "name": "jinja2: GHSA-h75v-3vvj-5mfj", "shortDescription": {"text": "jinja2: GHSA-h75v-3vvj-5mfj"}, "fullDescription": {"text": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-h5c8-rqwp-cp95", "name": "jinja2: GHSA-h5c8-rqwp-cp95", "shortDescription": {"text": "jinja2: GHSA-h5c8-rqwp-cp95"}, "fullDescription": {"text": "Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-gmj6-6f8f-6699", "name": "jinja2: GHSA-gmj6-6f8f-6699", "shortDescription": {"text": "jinja2: GHSA-gmj6-6f8f-6699"}, "fullDescription": {"text": "Jinja has a sandbox breakout through malicious filenames"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-cpwx-vrp4-4pq7", "name": "jinja2: GHSA-cpwx-vrp4-4pq7", "shortDescription": {"text": "jinja2: GHSA-cpwx-vrp4-4pq7"}, "fullDescription": {"text": "Jinja2 vulnerable to sandbox breakout through attr filter selecting format method"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `explain_template_loading_attempts` has cognitive complexity 16 (SonarSour", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `explain_template_loading_attempts` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean c"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `werkzeug` is 1 major version(s) behind (2.3.3 -> 3.1.8)", "shortDescription": {"text": "Python package `werkzeug` is 1 major version(s) behind (2.3.3 -> 3.1.8)"}, "fullDescription": {"text": "`werkzeug==2.3.3` is 1 major version(s) behind the latest stable release on PyPI (3.1.8). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-68rp-wp8r-4726", "name": "flask: GHSA-68rp-wp8r-4726", "shortDescription": {"text": "flask: GHSA-68rp-wp8r-4726"}, "fullDescription": {"text": "Flask session does not add `Vary: Cookie` header when accessed in some ways"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-161", "name": "starlette: PYSEC-2026-161", "shortDescription": {"text": "starlette: PYSEC-2026-161"}, "fullDescription": {"text": "BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2g68-c3qc-8985", "name": "werkzeug: GHSA-2g68-c3qc-8985", "shortDescription": {"text": "werkzeug: GHSA-2g68-c3qc-8985"}, "fullDescription": {"text": "Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-221", "name": "werkzeug: PYSEC-2023-221", "shortDescription": {"text": "werkzeug: PYSEC-2023-221"}, "fullDescription": {"text": "Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /process has no auth", "shortDescription": {"text": "FastAPI POST /process has no auth"}, "fullDescription": {"text": "Handler `process` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.from_pyfile` used but never assigned in __init__", "shortDescription": {"text": "`self.from_pyfile` used but never assigned in __init__"}, "fullDescription": {"text": "Method `from_envvar` of class `Config` reads `self.from_pyfile`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_locate_app_raises", "shortDescription": {"text": "Phantom test coverage: test_locate_app_raises"}, "fullDescription": {"text": "Test function `test_locate_app_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/694"}, "properties": {"repository": "pallets/flask", "repoUrl": "https://github.com/pallets/flask", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 54538, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 20.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 54537, "scanner": "repobility-access-control", "fingerprint": "c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 5, "correlation_key": "fp|c8a6924238b1b35a338ae5f1dc69c8824eac648bf50ec4c4206c85cf56bf5add", "auth_visible_percent": 20.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 54529, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Flask"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-q34m-jh98-gwm2", "level": "warning", "message": {"text": "werkzeug: GHSA-q34m-jh98-gwm2"}, "properties": {"repobilityId": 54526, "scanner": "osv-scanner", "fingerprint": "ba9ebaa9e42522ced426c3dbf1249376d5398c7186df0e3cb924632eb6654765", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-49767"], "package": "werkzeug", "rule_id": "GHSA-q34m-jh98-gwm2", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-49767|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hgf8-39gv-g3f2", "level": "warning", "message": {"text": "werkzeug: GHSA-hgf8-39gv-g3f2"}, "properties": {"repobilityId": 54523, "scanner": "osv-scanner", "fingerprint": "0b6ad50cb93d9ca720ae40952f7fd8cffd207d6a6262c19ef4a717035df0b879", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-66221"], "package": "werkzeug", "rule_id": "GHSA-hgf8-39gv-g3f2", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2025-66221|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-f9vj-2wh5-fj8j", "level": "warning", "message": {"text": "werkzeug: GHSA-f9vj-2wh5-fj8j"}, "properties": {"repobilityId": 54521, "scanner": "osv-scanner", "fingerprint": "54fcc34f9e4e38601fa852d4106631ed444edaebd5516c88ada367bb3018f138", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-49766"], "package": "werkzeug", "rule_id": "GHSA-f9vj-2wh5-fj8j", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-49766|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-87hc-h4r5-73f7", "level": "warning", "message": {"text": "werkzeug: GHSA-87hc-h4r5-73f7"}, "properties": {"repobilityId": 54519, "scanner": "osv-scanner", "fingerprint": "15e5ec4ceb6131941e391d6eb3bf5eb71ca472c85d173230a5fa6bdf9032d310", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-21860"], "package": "werkzeug", "rule_id": "GHSA-87hc-h4r5-73f7", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2026-21860|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-29vq-49wr-vm6x", "level": "warning", "message": {"text": "werkzeug: GHSA-29vq-49wr-vm6x"}, "properties": {"repobilityId": 54514, "scanner": "osv-scanner", "fingerprint": "47133d734682a4a6b834f0645efd2f66326e2106e6fc1deda9958d77fffd868b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27199"], "package": "werkzeug", "rule_id": "GHSA-29vq-49wr-vm6x", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2026-27199|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q2x7-8rv6-6q7h", "level": "warning", "message": {"text": "jinja2: GHSA-q2x7-8rv6-6q7h"}, "properties": {"repobilityId": 54509, "scanner": "osv-scanner", "fingerprint": "44562c0875da203e4c6134a37cfbc8943b3177e5a3a266348584e7c09eb823cb", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-56326"], "package": "jinja2", "rule_id": "GHSA-q2x7-8rv6-6q7h", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-56326|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h75v-3vvj-5mfj", "level": "warning", "message": {"text": "jinja2: GHSA-h75v-3vvj-5mfj"}, "properties": {"repobilityId": 54506, "scanner": "osv-scanner", "fingerprint": "1ef1b69267feeb537a40499ce96bec431da2df4243ad684d527785d442d68563", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-34064"], "package": "jinja2", "rule_id": "GHSA-h75v-3vvj-5mfj", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-34064|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-h5c8-rqwp-cp95", "level": "warning", "message": {"text": "jinja2: GHSA-h5c8-rqwp-cp95"}, "properties": {"repobilityId": 54505, "scanner": "osv-scanner", "fingerprint": "d0ec87988d39425aa99d5dc78b4ded28897e2d1cfc32d0a77893b21c8db1e0b1", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-22195"], "package": "jinja2", "rule_id": "GHSA-h5c8-rqwp-cp95", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-22195|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-gmj6-6f8f-6699", "level": "warning", "message": {"text": "jinja2: GHSA-gmj6-6f8f-6699"}, "properties": {"repobilityId": 54504, "scanner": "osv-scanner", "fingerprint": "5d1e474ecc3c2e02c5ee3469ca44829735e12801d0852c5ed2261fca6e4820e5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-56201"], "package": "jinja2", "rule_id": "GHSA-gmj6-6f8f-6699", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2024-56201|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-cpwx-vrp4-4pq7", "level": "warning", "message": {"text": "jinja2: GHSA-cpwx-vrp4-4pq7"}, "properties": {"repobilityId": 54501, "scanner": "osv-scanner", "fingerprint": "b3cbac06d68be4f98addbafda4fd5102333948ef4c35c212e95ea1ba93faff00", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-27516"], "package": "jinja2", "rule_id": "GHSA-cpwx-vrp4-4pq7", "scanner": "osv-scanner", "correlation_key": "vuln|jinja2|CVE-2025-27516|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `explain_template_loading_attempts` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, else=2, for=2, if=5, nested_bonus=4, or=1."}, "properties": {"repobilityId": 54471, "scanner": "repobility-threat-engine", "fingerprint": "e47c7c993f0b5154a87572ce481999647748a9221a00348d4b2bd1ee9044e8a6", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "explain_template_loading_attempts", "breakdown": {"if": 5, "or": 1, "for": 2, "elif": 2, "else": 2, "nested_bonus": 4}, "complexity": 16, "correlation_key": "fp|e47c7c993f0b5154a87572ce481999647748a9221a00348d4b2bd1ee9044e8a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/debughelpers.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_dump_loader_info` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=4, elif=1, for=2, if=3, nested_bonus=7."}, "properties": {"repobilityId": 54469, "scanner": "repobility-threat-engine", "fingerprint": "b5259dbfbff89ae11434a9725043c1b3499848f8ca824de4ab8b9448cc592d97", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_dump_loader_info", "breakdown": {"if": 3, "for": 2, "elif": 1, "continue": 4, "nested_bonus": 7}, "complexity": 17, "correlation_key": "fp|b5259dbfbff89ae11434a9725043c1b3499848f8ca824de4ab8b9448cc592d97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/debughelpers.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `werkzeug` is 1 major version(s) behind (2.3.3 -> 3.1.8)"}, "properties": {"repobilityId": 54454, "scanner": "repobility-dependency-currency", "fingerprint": "fedaf6f922b1899964fb968002341c10624543fa14458f954db25cdcdad7122c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "werkzeug", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.8", "correlation_key": "fp|fedaf6f922b1899964fb968002341c10624543fa14458f954db25cdcdad7122c", "current_version": "2.3.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 57}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `redis` is 4 major version(s) behind (4.5.4 -> 8.0.0)"}, "properties": {"repobilityId": 54450, "scanner": "repobility-dependency-currency", "fingerprint": "36837b76320444052efaf98de19d1782860331b8d30dd459cbadb3c933f3b5aa", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "4 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "redis", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "8.0.0", "correlation_key": "fp|36837b76320444052efaf98de19d1782860331b8d30dd459cbadb3c933f3b5aa", "current_version": "4.5.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 46}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `pytz` is 3 major version(s) behind (2023.3 -> 2026.2)"}, "properties": {"repobilityId": 54449, "scanner": "repobility-dependency-currency", "fingerprint": "30b9055bd80e7f50c1318e7cb067890975081ea32b4717a22671bd8773834cb1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pytz", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.2", "correlation_key": "fp|30b9055bd80e7f50c1318e7cb067890975081ea32b4717a22671bd8773834cb1", "current_version": "2023.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 44}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `markupsafe` is 1 major version(s) behind (2.1.2 -> 3.0.3)"}, "properties": {"repobilityId": 54447, "scanner": "repobility-dependency-currency", "fingerprint": "6d09ea6e3bd40ee2f5c6f264a148287caf4fd03237536ebef8ba623171c437a7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "markupsafe", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.0.3", "correlation_key": "fp|6d09ea6e3bd40ee2f5c6f264a148287caf4fd03237536ebef8ba623171c437a7", "current_version": "2.1.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 38}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `flask` is 1 major version(s) behind (2.3.2 -> 3.1.3)"}, "properties": {"repobilityId": 54443, "scanner": "repobility-dependency-currency", "fingerprint": "49052b1959d49eec717c154d067da1f85091fb906f292a86b74fdc2636c56e51", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "flask", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.3", "correlation_key": "fp|49052b1959d49eec717c154d067da1f85091fb906f292a86b74fdc2636c56e51", "current_version": "2.3.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 30}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `billiard` is 1 major version(s) behind (3.6.4.0 -> 4.2.4)"}, "properties": {"repobilityId": 54437, "scanner": "repobility-dependency-currency", "fingerprint": "7b5e0d2185b413651881ddd732373271c19edcfb5f8e1166b996cbe1884033e5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "billiard", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "4.2.4", "correlation_key": "fp|7b5e0d2185b413651881ddd732373271c19edcfb5f8e1166b996cbe1884033e5", "current_version": "3.6.4.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 11}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `async-timeout` is 1 major version(s) behind (4.0.2 -> 5.0.1)"}, "properties": {"repobilityId": 54436, "scanner": "repobility-dependency-currency", "fingerprint": "4ef19419f5346a669aa0066d3122a8b9a2d6fb9362619a3e3b3b8d47857ae0a9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "async-timeout", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.0.1", "correlation_key": "fp|4ef19419f5346a669aa0066d3122a8b9a2d6fb9362619a3e3b3b8d47857ae0a9", "current_version": "4.0.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 54426, "scanner": "repobility-ast-engine", "fingerprint": "ef6e3314d4e35dde2a07b05193bb2a59215572e7eb5a9f1a8e886eeefc6c15dc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef6e3314d4e35dde2a07b05193bb2a59215572e7eb5a9f1a8e886eeefc6c15dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 650}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 54425, "scanner": "repobility-ast-engine", "fingerprint": "32eee25fccee904bf4e22a513187ce2b12c10e48d5b83564a993849443ea78f2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32eee25fccee904bf4e22a513187ce2b12c10e48d5b83564a993849443ea78f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/cli.py"}, "region": {"startLine": 956}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 54423, "scanner": "repobility-ast-engine", "fingerprint": "b44c0897bc5e7eafffea7b9d7c2bbfd7c6d3d8e53f558b9606fe13bd8f32014f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b44c0897bc5e7eafffea7b9d7c2bbfd7c6d3d8e53f558b9606fe13bd8f32014f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 1598}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 54421, "scanner": "repobility-ast-engine", "fingerprint": "7fa26e88023705f8d3f953e7f28fc1547cd3ccc44fd3f96c7b926f3337fda2f7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fa26e88023705f8d3f953e7f28fc1547cd3ccc44fd3f96c7b926f3337fda2f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/app.py"}, "region": {"startLine": 1017}}}]}, {"ruleId": "GHSA-68rp-wp8r-4726", "level": "note", "message": {"text": "flask: GHSA-68rp-wp8r-4726"}, "properties": {"repobilityId": 54498, "scanner": "osv-scanner", "fingerprint": "6f0fc4d2692ff81b92edd6fb800eabfb7e6b97aaa96fdf71b6ca91d8718396a9", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27205"], "package": "flask", "rule_id": "GHSA-68rp-wp8r-4726", "scanner": "osv-scanner", "correlation_key": "vuln|flask|CVE-2026-27205|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `register` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, except=1, if=3, nested_bonus=5."}, "properties": {"repobilityId": 54468, "scanner": "repobility-threat-engine", "fingerprint": "9db154e51735cb74c492b1dd27b7676edb773c77f0589d8d1a043f383f6dc22b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "register", "breakdown": {"if": 3, "elif": 1, "except": 1, "nested_bonus": 5}, "complexity": 10, "correlation_key": "fp|9db154e51735cb74c492b1dd27b7676edb773c77f0589d8d1a043f383f6dc22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tutorial/flaskr/auth.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `wcwidth` is minor version(s) behind (0.2.6 -> 0.7.0)"}, "properties": {"repobilityId": 54453, "scanner": "repobility-dependency-currency", "fingerprint": "413db802b2a798c2a0abbf9f4a3393251ee768045dfcae53aaca2ee84cd9ce24", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "wcwidth", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "0.7.0", "correlation_key": "fp|413db802b2a798c2a0abbf9f4a3393251ee768045dfcae53aaca2ee84cd9ce24", "current_version": "0.2.6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 55}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `vine` is minor version(s) behind (5.0.0 -> 5.1.0)"}, "properties": {"repobilityId": 54452, "scanner": "repobility-dependency-currency", "fingerprint": "7348e4fdd1c01724877ea8c8618f5ff428d49c1f0cc5a886638ad292d8b03486", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vine", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.1.0", "correlation_key": "fp|7348e4fdd1c01724877ea8c8618f5ff428d49c1f0cc5a886638ad292d8b03486", "current_version": "5.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 50}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `six` is minor version(s) behind (1.16.0 -> 1.17.0)"}, "properties": {"repobilityId": 54451, "scanner": "repobility-dependency-currency", "fingerprint": "c62c4079f49f1ef4d0ed941cb66244338d95045f8f4a7a9360c014bf02005088", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "six", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.17.0", "correlation_key": "fp|c62c4079f49f1ef4d0ed941cb66244338d95045f8f4a7a9360c014bf02005088", "current_version": "1.16.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 48}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `kombu` is minor version(s) behind (5.2.4 -> 5.6.2)"}, "properties": {"repobilityId": 54446, "scanner": "repobility-dependency-currency", "fingerprint": "d1b4446f3b35a7b4ea9573232140fa9812b15d59e94271552ee613192f6a10f5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "kombu", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.6.2", "correlation_key": "fp|d1b4446f3b35a7b4ea9573232140fa9812b15d59e94271552ee613192f6a10f5", "current_version": "5.2.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 36}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `itsdangerous` is minor version(s) behind (2.1.2 -> 2.2.0)"}, "properties": {"repobilityId": 54444, "scanner": "repobility-dependency-currency", "fingerprint": "48134be58507237ae9915ec99f535234be6b267fda1e412e7b9930d18dc79e28", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "itsdangerous", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.2.0", "correlation_key": "fp|48134be58507237ae9915ec99f535234be6b267fda1e412e7b9930d18dc79e28", "current_version": "2.1.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 32}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `click-repl` is minor version(s) behind (0.2.0 -> 0.3.0)"}, "properties": {"repobilityId": 54442, "scanner": "repobility-dependency-currency", "fingerprint": "5da9ec55a53dd8731a5905a28ffb936f13f0ac9248a70919290de59e87f6faad", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "click-repl", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "0.3.0", "correlation_key": "fp|5da9ec55a53dd8731a5905a28ffb936f13f0ac9248a70919290de59e87f6faad", "current_version": "0.2.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 28}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `click` is minor version(s) behind (8.1.3 -> 8.4.1)"}, "properties": {"repobilityId": 54440, "scanner": "repobility-dependency-currency", "fingerprint": "b382bbbc403742c6cd8038087bb13c1a940eaa21ad22cfc6f609ab163da2ca20", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "click", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "8.4.1", "correlation_key": "fp|b382bbbc403742c6cd8038087bb13c1a940eaa21ad22cfc6f609ab163da2ca20", "current_version": "8.1.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `celery` is minor version(s) behind (5.2.7 -> 5.6.3)"}, "properties": {"repobilityId": 54439, "scanner": "repobility-dependency-currency", "fingerprint": "881b15403846b79dc764c1690b0b5c50ce01c48a9f5d865e71a1bdc3c227dd03", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "celery", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.6.3", "correlation_key": "fp|881b15403846b79dc764c1690b0b5c50ce01c48a9f5d865e71a1bdc3c227dd03", "current_version": "5.2.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `blinker` is minor version(s) behind (1.6.2 -> 1.9.0)"}, "properties": {"repobilityId": 54438, "scanner": "repobility-dependency-currency", "fingerprint": "420f7165f67cddad26e4b14f03f392d23027af74ef64f84c62e2b10553b71122", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "blinker", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.9.0", "correlation_key": "fp|420f7165f67cddad26e4b14f03f392d23027af74ef64f84c62e2b10553b71122", "current_version": "1.6.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `amqp` is minor version(s) behind (5.1.1 -> 5.3.1)"}, "properties": {"repobilityId": 54435, "scanner": "repobility-dependency-currency", "fingerprint": "e5e1a0b798f3fa844b114c51a1e89f6862fd289c96c8f8fa1dd958c0a470a756", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "amqp", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.3.1", "correlation_key": "fp|e5e1a0b798f3fa844b114c51a1e89f6862fd289c96c8f8fa1dd958c0a470a756", "current_version": "5.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54475, "scanner": "repobility-threat-engine", "fingerprint": "71abc4712a49260bb5f13a770225012f90fbd21203d64ec421436723e889f2ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|71abc4712a49260bb5f13a770225012f90fbd21203d64ec421436723e889f2ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/views.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54474, "scanner": "repobility-threat-engine", "fingerprint": "9b2811c1f19490680221927920b15bd4f0c3d5fcb28c543150b49dbdbf5f9c5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b2811c1f19490680221927920b15bd4f0c3d5fcb28c543150b49dbdbf5f9c5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/json/tag.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 54473, "scanner": "repobility-threat-engine", "fingerprint": "782fe7ce3ef31a21ad2191295c55dded7803f09448dd13559eb6d028eb6515f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|782fe7ce3ef31a21ad2191295c55dded7803f09448dd13559eb6d028eb6515f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/json/provider.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 54472, "scanner": "repobility-threat-engine", "fingerprint": "1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "register", "breakdown": {"if": 3, "elif": 1, "except": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 10, "correlation_key": "fp|1546edbd1ec206d3e853833bc9ae84deffffaaaf9c166b9e72e02b6701c5c4de", "aggregated_count": 4}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 54455, "scanner": "repobility-threat-engine", "fingerprint": "65474df27de9505afb6543769a72d09e95e96a265b1e7598fce6512691abf92f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65474df27de9505afb6543769a72d09e95e96a265b1e7598fce6512691abf92f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/on-create-command.sh"}, "region": {"startLine": 5}}}]}, {"ruleId": "DEPCUR-PY", "level": "none", "message": {"text": "Python package `prompt-toolkit` is patch version(s) behind (3.0.38 -> 3.0.52)"}, "properties": {"repobilityId": 54448, "scanner": "repobility-dependency-currency", "fingerprint": "c3991a184ca1896ae20ec05108bd4fd5242677e9ce09b5a7787dcd76a2b68614", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prompt-toolkit", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.0.52", "correlation_key": "fp|c3991a184ca1896ae20ec05108bd4fd5242677e9ce09b5a7787dcd76a2b68614", "current_version": "3.0.38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 42}}}]}, {"ruleId": "DEPCUR-PY", "level": "none", "message": {"text": "Python package `jinja2` is patch version(s) behind (3.1.2 -> 3.1.6)"}, "properties": {"repobilityId": 54445, "scanner": "repobility-dependency-currency", "fingerprint": "198ff2025fdb1ef193086c57903de24321e9622a040207eeb872ac65ed112e00", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "jinja2", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.1.6", "correlation_key": "fp|198ff2025fdb1ef193086c57903de24321e9622a040207eeb872ac65ed112e00", "current_version": "3.1.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 34}}}]}, {"ruleId": "DEPCUR-PY", "level": "none", "message": {"text": "Python package `click-didyoumean` is patch version(s) behind (0.3.0 -> 0.3.1)"}, "properties": {"repobilityId": 54441, "scanner": "repobility-dependency-currency", "fingerprint": "d53347210025668ee4c77b4a977a6d1aa11ac767ce1541d3ffd2cd38fc67a35f", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "click-didyoumean", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "0.3.1", "correlation_key": "fp|d53347210025668ee4c77b4a977a6d1aa11ac767ce1541d3ffd2cd38fc67a35f", "current_version": "0.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 24}}}]}, {"ruleId": "PYSEC-2026-161", "level": "error", "message": {"text": "starlette: PYSEC-2026-161"}, "properties": {"repobilityId": 54527, "scanner": "osv-scanner", "fingerprint": "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-48710", "GHSA-86qp-5c8j-p5mr", "X41-2026-002"], "package": "starlette", "rule_id": "PYSEC-2026-161", "scanner": "osv-scanner", "correlation_key": "vuln|starlette|CVE-2026-48710|uv.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-86qp-5c8j-p5mr", "PYSEC-2026-161"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["20d0e73bab623b5772bb5ee81b54e26f25bfd7b3f632ca3aec483536eb176c89", "993c965e051ac08384f28c004ed2828303fa08d6e623c80da1211dbce5cea7ce"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2g68-c3qc-8985", "level": "error", "message": {"text": "werkzeug: GHSA-2g68-c3qc-8985"}, "properties": {"repobilityId": 54518, "scanner": "osv-scanner", "fingerprint": "2e9e08823f98db43000812f5b9225f20d7a43e903343988f6851c7b0a8529466", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-34069"], "package": "werkzeug", "rule_id": "GHSA-2g68-c3qc-8985", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2024-34069|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-221", "level": "error", "message": {"text": "werkzeug: PYSEC-2023-221"}, "properties": {"repobilityId": 54511, "scanner": "osv-scanner", "fingerprint": "2dbab4d09f10864ead6425ce58d129d848e05f3b8e584dbb529420e9decb76c4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-46136", "GHSA-hrfv-mqp8-q5rw"], "package": "werkzeug", "rule_id": "PYSEC-2023-221", "scanner": "osv-scanner", "correlation_key": "vuln|werkzeug|CVE-2023-46136|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hrfv-mqp8-q5rw", "PYSEC-2023-221"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2dbab4d09f10864ead6425ce58d129d848e05f3b8e584dbb529420e9decb76c4", "a5d9d21a613dc398f88e50e8a93a64fb64b07ad70a5119d445e5739ff8d72d00"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 54457, "scanner": "repobility-threat-engine", "fingerprint": "29389cce8acf06e8394e438c8c7cec747906ebadf23be335954f8a842d0aa956", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.config.update(test_config)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|29389cce8acf06e8394e438c8c7cec747906ebadf23be335954f8a842d0aa956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/tutorial/flaskr/__init__.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 54456, "scanner": "repobility-threat-engine", "fingerprint": "facb0eabffdc78e4c7f55de47eeae3916ed72ee0c1dfdbc852455f07de60b3ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route(\"/add\", methods=[\"POST\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|facb0eabffdc78e4c7f55de47eeae3916ed72ee0c1dfdbc852455f07de60b3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/javascript/js_example/views.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /process has no auth"}, "properties": {"repobilityId": 54434, "scanner": "repobility-route-auth", "fingerprint": "87c6637192ce96df1db8360f811cba8d1a5a9bf4854c388eef797024cb04fff1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|87c6637192ce96df1db8360f811cba8d1a5a9bf4854c388eef797024cb04fff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /block has no auth"}, "properties": {"repobilityId": 54433, "scanner": "repobility-route-auth", "fingerprint": "777f0ebd6fc347e90a7383f3dbba10f40b9393fd6fbb47c88994508d3ea62914", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|777f0ebd6fc347e90a7383f3dbba10f40b9393fd6fbb47c88994508d3ea62914"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /add has no auth"}, "properties": {"repobilityId": 54432, "scanner": "repobility-route-auth", "fingerprint": "80002139908fdc20274c6783ba51916094aba35d58dd070634e64306764f6490", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|80002139908fdc20274c6783ba51916094aba35d58dd070634e64306764f6490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/views.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 54431, "scanner": "repobility-route-auth", "fingerprint": "2297ea098b9286a86850e3c9fd66d4c4d6b195eb300baf5c773ac19d8d36becd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2297ea098b9286a86850e3c9fd66d4c4d6b195eb300baf5c773ac19d8d36becd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_request.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 54430, "scanner": "repobility-route-auth", "fingerprint": "1d6c9c3287669955a51bd4ef06c64f920a7cf609bee53afea13731f73845f106", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1d6c9c3287669955a51bd4ef06c64f920a7cf609bee53afea13731f73845f106"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 395}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST / has no auth"}, "properties": {"repobilityId": 54427, "scanner": "repobility-route-auth", "fingerprint": "d0ac4a01555552776cde82c77b18c27c017b17c0d685cf37661f47a4c39292b2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d0ac4a01555552776cde82c77b18c27c017b17c0d685cf37661f47a4c39292b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.from_pyfile` used but never assigned in __init__"}, "properties": {"repobilityId": 54419, "scanner": "repobility-ast-engine", "fingerprint": "e4444079c1a97b4de9f36b910e2aa7dea92c62142dac251089f6b91ccb6668f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4444079c1a97b4de9f36b910e2aa7dea92c62142dac251089f6b91ccb6668f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/config.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.files` used but never assigned in __init__"}, "properties": {"repobilityId": 54417, "scanner": "repobility-ast-engine", "fingerprint": "3f8a52f669d26ef675db9db3efe4bdcd34b3ffd98bacf01de19657caa9cd472c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f8a52f669d26ef675db9db3efe4bdcd34b3ffd98bacf01de19657caa9cd472c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.mimetype` used but never assigned in __init__"}, "properties": {"repobilityId": 54415, "scanner": "repobility-ast-engine", "fingerprint": "d23dbe6c3699d118f3d110e9d98fe04461a7ba79cd42bfec45af8b61f5ad5801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d23dbe6c3699d118f3d110e9d98fe04461a7ba79cd42bfec45af8b61f5ad5801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.blueprint` used but never assigned in __init__"}, "properties": {"repobilityId": 54413, "scanner": "repobility-ast-engine", "fingerprint": "ce231431cb5b36b5ea285642323e28029549932f3c907dc62309734417660105", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce231431cb5b36b5ea285642323e28029549932f3c907dc62309734417660105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.endpoint` used but never assigned in __init__"}, "properties": {"repobilityId": 54412, "scanner": "repobility-ast-engine", "fingerprint": "cb665dd681850368915f66e638cab88918ced8e45031cf8edfbe78571f021d1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb665dd681850368915f66e638cab88918ced8e45031cf8edfbe78571f021d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/wrappers.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 54411, "scanner": "repobility-ast-engine", "fingerprint": "219faabaef28bb54404f7b257e59b972daa323ef3fe5e31c2ca93b9c4b04cd6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|219faabaef28bb54404f7b257e59b972daa323ef3fe5e31c2ca93b9c4b04cd6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 54410, "scanner": "repobility-ast-engine", "fingerprint": "c87c8c46237574e2f75890fa04e06c63bd7f58b143b9405e34c2b1bba820b8b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c87c8c46237574e2f75890fa04e06c63bd7f58b143b9405e34c2b1bba820b8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 54409, "scanner": "repobility-ast-engine", "fingerprint": "8d33ce163d6ee4b82264170ef003003f314acc1ca8a538ce93fe99ea81503fdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d33ce163d6ee4b82264170ef003003f314acc1ca8a538ce93fe99ea81503fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._request_from_builder_args` used but never assigned in __init__"}, "properties": {"repobilityId": 54400, "scanner": "repobility-ast-engine", "fingerprint": "d2969ef434c012c0ab42eea5cc2b07cd4802138642c6b6c149cf2951c11c62f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d2969ef434c012c0ab42eea5cc2b07cd4802138642c6b6c149cf2951c11c62f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._copy_environ` used but never assigned in __init__"}, "properties": {"repobilityId": 54399, "scanner": "repobility-ast-engine", "fingerprint": "4960461ac4be5d48baaf66f103b44a973e689c7890b356fd0dea335d8e1fc79d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4960461ac4be5d48baaf66f103b44a973e689c7890b356fd0dea335d8e1fc79d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._update_cookies_from_response` used but never assigned in __init__"}, "properties": {"repobilityId": 54398, "scanner": "repobility-ast-engine", "fingerprint": "96def296513f2c8b079b8a5d2caab3cb512a485790b10d887af4a5e4a6595e2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96def296513f2c8b079b8a5d2caab3cb512a485790b10d887af4a5e4a6595e2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._add_cookies_to_wsgi` used but never assigned in __init__"}, "properties": {"repobilityId": 54397, "scanner": "repobility-ast-engine", "fingerprint": "5d440bc299765bf3ed213eb723fbecad0c7233354cf400d4c044f34aa6a34115", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d440bc299765bf3ed213eb723fbecad0c7233354cf400d4c044f34aa6a34115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._cookies` used but never assigned in __init__"}, "properties": {"repobilityId": 54391, "scanner": "repobility-ast-engine", "fingerprint": "0c35cf32cbbfaba55b3d018558df015379309e00c4a73e266e26e59bdb37b946", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c35cf32cbbfaba55b3d018558df015379309e00c4a73e266e26e59bdb37b946"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flask/testing.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.run` used but never assigned in __init__"}, "properties": {"repobilityId": 54389, "scanner": "repobility-ast-engine", "fingerprint": "8ec5204c1227e81b3cfc5b30d5097c1bf9e39e05364e0f5df021bcd3158e1384", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ec5204c1227e81b3cfc5b30d5097c1bf9e39e05364e0f5df021bcd3158e1384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/celery/src/task_app/__init__.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.report_error` used but never assigned in __init__"}, "properties": {"repobilityId": 54387, "scanner": "repobility-ast-engine", "fingerprint": "f906de580a89b8f61f71045dc343a363c8d7b57734a9c462c5595af27b80e25a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f906de580a89b8f61f71045dc343a363c8d7b57734a9c462c5595af27b80e25a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.report_error` used but never assigned in __init__"}, "properties": {"repobilityId": 54385, "scanner": "repobility-ast-engine", "fingerprint": "bd7687f0729fb1e8d121e1780ced8d0f483cc23436773e9f3701a0102e4ef360", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd7687f0729fb1e8d121e1780ced8d0f483cc23436773e9f3701a0102e4ef360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.Custom` used but never assigned in __init__"}, "properties": {"repobilityId": 54383, "scanner": "repobility-ast-engine", "fingerprint": "f34ad6b5b8a203da30e66df79eff8e47e86645454bec41f744134926a8484121", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f34ad6b5b8a203da30e66df79eff8e47e86645454bec41f744134926a8484121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_user_error_handler.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.object_hook` used but never assigned in __init__"}, "properties": {"repobilityId": 54382, "scanner": "repobility-ast-engine", "fingerprint": "cf3c4721f7f129c13b2e5384e5404d2705c97db9f048925536540c89b19806b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf3c4721f7f129c13b2e5384e5404d2705c97db9f048925536540c89b19806b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_json.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.serializer` used but never assigned in __init__"}, "properties": {"repobilityId": 54380, "scanner": "repobility-ast-engine", "fingerprint": "d65839ff7f7e9847a005bcd51835058d770982b3cab532cbd3ba8decd5e7b5d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d65839ff7f7e9847a005bcd51835058d770982b3cab532cbd3ba8decd5e7b5d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_json_tag.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 54379, "scanner": "repobility-ast-engine", "fingerprint": "56fc716f42856fa3dad3f94d4c20c45ae32183e32cdcc4ded67e84b3ba93aa47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56fc716f42856fa3dad3f94d4c20c45ae32183e32cdcc4ded67e84b3ba93aa47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 54378, "scanner": "repobility-ast-engine", "fingerprint": "43cc862e9fe4a3febf967bdaab29089010e83ada3c4baacfb3da1ecdad4fdce4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43cc862e9fe4a3febf967bdaab29089010e83ada3c4baacfb3da1ecdad4fdce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 54377, "scanner": "repobility-ast-engine", "fingerprint": "ae652a5a149c423c5fc4e0e7d2208e05f055ceb9903a1bd2d1ce7aad5515532b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae652a5a149c423c5fc4e0e7d2208e05f055ceb9903a1bd2d1ce7aad5515532b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.expect_order` used but never assigned in __init__"}, "properties": {"repobilityId": 54376, "scanner": "repobility-ast-engine", "fingerprint": "d4a817bf73b0e3ef0dd4c72394ec1e6d02799327c0471fbd7fe6ebce8bb8e84d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4a817bf73b0e3ef0dd4c72394ec1e6d02799327c0471fbd7fe6ebce8bb8e84d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_locate_app_raises"}, "properties": {"repobilityId": 54375, "scanner": "repobility-ast-engine", "fingerprint": "7d90102ebef8eca924220ceef7f23f9dba1b82019713b871bd4fcf7e6a916f33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d90102ebef8eca924220ceef7f23f9dba1b82019713b871bd4fcf7e6a916f33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_class"}, "properties": {"repobilityId": 54374, "scanner": "repobility-ast-engine", "fingerprint": "379750858910136d96fdc7d1ab98faeb945b003ed3d714dde8bc78202dfa0f09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|379750858910136d96fdc7d1ab98faeb945b003ed3d714dde8bc78202dfa0f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_mapping"}, "properties": {"repobilityId": 54373, "scanner": "repobility-ast-engine", "fingerprint": "ca41eedb327bb7b8cc5330cabbdb7752407e0b64e269b637a7558008bf67a4ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca41eedb327bb7b8cc5330cabbdb7752407e0b64e269b637a7558008bf67a4ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_file_toml"}, "properties": {"repobilityId": 54372, "scanner": "repobility-ast-engine", "fingerprint": "1ba0b2f4167d9c5a3efb3dee73e639816bdf507dfb22b5dc054597975e1b1f60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ba0b2f4167d9c5a3efb3dee73e639816bdf507dfb22b5dc054597975e1b1f60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_file_json"}, "properties": {"repobilityId": 54371, "scanner": "repobility-ast-engine", "fingerprint": "5c9213d53d179ff6e3f5485f2afbfbac036a71a9aad60abfbeae6382e17054a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c9213d53d179ff6e3f5485f2afbfbac036a71a9aad60abfbeae6382e17054a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_object"}, "properties": {"repobilityId": 54370, "scanner": "repobility-ast-engine", "fingerprint": "e20aa61ac4d75461325211d6673d695afe45cf00e16fba0538cf48355d957df7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e20aa61ac4d75461325211d6673d695afe45cf00e16fba0538cf48355d957df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_config_from_pyfile"}, "properties": {"repobilityId": 54369, "scanner": "repobility-ast-engine", "fingerprint": "9baaacdf8fecbebdc19d2bbdaba79715d2bf9bb285c6a3384ce87e3bc5211379", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9baaacdf8fecbebdc19d2bbdaba79715d2bf9bb285c6a3384ce87e3bc5211379"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_config.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_endpoint_override"}, "properties": {"repobilityId": 54368, "scanner": "repobility-ast-engine", "fingerprint": "7fb82d5451d3ea68ee979dbe58d551ce861c7a4b24e95300c513bbd5d7913c27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fb82d5451d3ea68ee979dbe58d551ce861c7a4b24e95300c513bbd5d7913c27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_view_patching"}, "properties": {"repobilityId": 54367, "scanner": "repobility-ast-engine", "fingerprint": "ddcb5520c3ee734852e6ee2d5caab3ef2e87282e9abf9071c0f8b8db23576e0d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddcb5520c3ee734852e6ee2d5caab3ef2e87282e9abf9071c0f8b8db23576e0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_method_based_view"}, "properties": {"repobilityId": 54365, "scanner": "repobility-ast-engine", "fingerprint": "69d6f1524c128fb07a847cf4bffeb160f31a02d36c12b5c0a2d31e4c80814fe1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69d6f1524c128fb07a847cf4bffeb160f31a02d36c12b5c0a2d31e4c80814fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_basic_view"}, "properties": {"repobilityId": 54363, "scanner": "repobility-ast-engine", "fingerprint": "1b3baccc80480ac4e33f3c897f5759493bcfa7acc9c25104ede38d2670d38ee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b3baccc80480ac4e33f3c897f5759493bcfa7acc9c25104ede38d2670d38ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_views.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_session_transaction_needs_cookies"}, "properties": {"repobilityId": 54361, "scanner": "repobility-ast-engine", "fingerprint": "50096b4abf1012b2253a35f366ec461323fa505b09364daab4b6de94f2e68249", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50096b4abf1012b2253a35f366ec461323fa505b09364daab4b6de94f2e68249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_testing.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._gen` used but never assigned in __init__"}, "properties": {"repobilityId": 54353, "scanner": "repobility-ast-engine", "fingerprint": "1c2ab5010062cf3f513117b4e74f91b284e7506e057f3190d9a5b9e2e6822af5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c2ab5010062cf3f513117b4e74f91b284e7506e057f3190d9a5b9e2e6822af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._gen` used but never assigned in __init__"}, "properties": {"repobilityId": 54351, "scanner": "repobility-ast-engine", "fingerprint": "d857de9f0047d042a874edb1addd6642c0ca8381a4cd59ae2a465911956338bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d857de9f0047d042a874edb1addd6642c0ca8381a4cd59ae2a465911956338bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_name_with_import_error"}, "properties": {"repobilityId": 54350, "scanner": "repobility-ast-engine", "fingerprint": "49236bd5e78c1844c8b415c2feb3c0d26324f98966d5bc235aa5b1d5ea443560", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49236bd5e78c1844c8b415c2feb3c0d26324f98966d5bc235aa5b1d5ea443560"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_open_resource_exceptions"}, "properties": {"repobilityId": 54343, "scanner": "repobility-ast-engine", "fingerprint": "3b0828473d66e699ecbd21a322e84a2344a9eec110cd26c2d5265a849a84c74a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b0828473d66e699ecbd21a322e84a2344a9eec110cd26c2d5265a849a84c74a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_abort_with_app"}, "properties": {"repobilityId": 54342, "scanner": "repobility-ast-engine", "fingerprint": "00dbaf0df12e7b5955794b0645d6b63deb2773ce1c4f29d12ee40043c060deee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|00dbaf0df12e7b5955794b0645d6b63deb2773ce1c4f29d12ee40043c060deee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_abort_no_app"}, "properties": {"repobilityId": 54340, "scanner": "repobility-ast-engine", "fingerprint": "6d7f49faa89a24fa580675ba6d9047ba954707d6c49f016ffb1cd27a0b0fe17e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d7f49faa89a24fa580675ba6d9047ba954707d6c49f016ffb1cd27a0b0fe17e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_redirect_with_app"}, "properties": {"repobilityId": 54339, "scanner": "repobility-ast-engine", "fingerprint": "33cddeb19e618e002516f4236f8855ff3a3a1e0a58266b948d324bb329a25f5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33cddeb19e618e002516f4236f8855ff3a3a1e0a58266b948d324bb329a25f5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_helpers.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_apps"}, "properties": {"repobilityId": 54338, "scanner": "repobility-ast-engine", "fingerprint": "cbd1cfc5ab50fc250288fc752d9ff323793b0dbd0f1df2c36553cbf0247435d3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbd1cfc5ab50fc250288fc752d9ff323793b0dbd0f1df2c36553cbf0247435d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/conftest.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_index"}, "properties": {"repobilityId": 54337, "scanner": "repobility-ast-engine", "fingerprint": "50ace85a7bf88d3df47b9683b831d96cf51199dbce1b1de0155af1d3174ae931", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50ace85a7bf88d3df47b9683b831d96cf51199dbce1b1de0155af1d3174ae931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1790}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_werkzeug_passthrough_errors"}, "properties": {"repobilityId": 54336, "scanner": "repobility-ast-engine", "fingerprint": "3e7d7c7b7dc7f0011fe67e31c0479e0f4e9f2c416dc09fb286719fff1e274fce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e7d7c7b7dc7f0011fe67e31c0479e0f4e9f2c416dc09fb286719fff1e274fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1628}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_build_error_handler_reraise"}, "properties": {"repobilityId": 54334, "scanner": "repobility-ast-engine", "fingerprint": "eabd1ae378d91de870878144e78a33bda6ce12c5d76e1700ebc7d8af27c61cfc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eabd1ae378d91de870878144e78a33bda6ce12c5d76e1700ebc7d8af27c61cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1396}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_trapping_of_all_http_exceptions"}, "properties": {"repobilityId": 54332, "scanner": "repobility-ast-engine", "fingerprint": "5f006aded7497715cb02205ca84b4bbc86ebf250af7cbde1a2e9435b7f17336f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f006aded7497715cb02205ca84b4bbc86ebf250af7cbde1a2e9435b7f17336f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 1086}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_baseexception_error_handling"}, "properties": {"repobilityId": 54329, "scanner": "repobility-ast-engine", "fingerprint": "807078b5e7b9c6db1c9ee4456ef393380da47f7ec382da56431ee671c66e6f74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|807078b5e7b9c6db1c9ee4456ef393380da47f7ec382da56431ee671c66e6f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 945}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_disallow_string_for_allowed_methods"}, "properties": {"repobilityId": 54327, "scanner": "repobility-ast-engine", "fingerprint": "050e2db95e4181376c830851bace0d4fed2271eb9db1b7292065f933ca7952e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|050e2db95e4181376c830851bace0d4fed2271eb9db1b7292065f933ca7952e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_method_route_no_methods"}, "properties": {"repobilityId": 54325, "scanner": "repobility-ast-engine", "fingerprint": "e819635b5fade6afb4c52f02dea7efef110049605248348e23f8cd4be7d9002b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e819635b5fade6afb4c52f02dea7efef110049605248348e23f8cd4be7d9002b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_basic.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54497, "scanner": "gitleaks", "fingerprint": "c711c512765f8a53f4d6891a18233200a3b36de34c66954920749349c0a3413a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "FLASK_SECRET_KEY = \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/config.rst|58|flask_secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/config.rst"}, "region": {"startLine": 587}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54496, "scanner": "gitleaks", "fingerprint": "21c5b8735c5882426b2d60f12c1f509c5c35ecf131eaa8d3b0fac01e33fb2a10", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "FLASK_SECRET_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/config.rst|57|flask_secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/config.rst"}, "region": {"startLine": 578}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54495, "scanner": "gitleaks", "fingerprint": "8b0e1f39f020645aa8e0f82fd51ebe3fc8b7e7752eb79f38402b1d25ef8858ff", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "FLASK_SECRET_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/config.rst|55|flask_secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/config.rst"}, "region": {"startLine": 560}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54492, "scanner": "gitleaks", "fingerprint": "ff4f25ff25335a1245b6ac022635572e47c6d1cdae927e70b741f83e6ba5032b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "SECRET_KEY = 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/config.rst|51|secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/config.rst"}, "region": {"startLine": 513}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54489, "scanner": "gitleaks", "fingerprint": "07c58d12480349573814b9c533400884e5302c3610adff4b63ab162930eaae2c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "SECRET_KEY='REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/config.rst|4|secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/config.rst"}, "region": {"startLine": 41}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 54476, "scanner": "gitleaks", "fingerprint": "c99cac0266137cff372691434c645d0dccfdf88190dfab0f7b6d8b53bc0e703f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "SECRET_KEY = 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|docs/tutorial/deploy.rst|7|secret_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/tutorial/deploy.rst"}, "region": {"startLine": 73}}}]}]}]}