{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `mysql:8` unpinned: `container/services image: mysql:8` without `@sha256:..", "shortDescription": {"text": "[MINED126] Workflow container/services image `mysql:8` unpinned: `container/services image: mysql:8` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline a"}, "fullDescription": {"text": "Replace with `mysql:8@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow", "shortDescription": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (20"}, "fullDescription": {"text": "Replace with: `uses: Swatinem/rust-cache@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@perryts/mysql` pulled from URL/Git: `dependencies.@perryts/mysql` = `github:PerryTS/mysql`", "shortDescription": {"text": "[MINED122] package.json dep `@perryts/mysql` pulled from URL/Git: `dependencies.@perryts/mysql` = `github:PerryTS/mysql` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is "}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Produc"}, "fullDescription": {"text": "Replace with: `FROM debian:bookworm-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1213"}, "properties": {"repository": "PerryTS/perry", "repoUrl": "https://github.com/PerryTS/perry", "branch": "main"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 122230, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 122229, "scanner": "repobility-docker", "fingerprint": "2e48d34f783946d2f7e8f10fa8bb40473008baac6a783c6f07a09fa1b71276ba", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "debian:bookworm-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2e48d34f783946d2f7e8f10fa8bb40473008baac6a783c6f07a09fa1b71276ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 122225, "scanner": "repobility-agent-runtime", "fingerprint": "9541feaeed7b3fb0073c3d8ef090a810fcd23254ed37c46ad5429cab291495a0", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|9541feaeed7b3fb0073c3d8ef090a810fcd23254ed37c46ad5429cab291495a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/wasm_runtime.js"}, "region": {"startLine": 3761}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 122224, "scanner": "repobility-agent-runtime", "fingerprint": "5dbc371ec4722917c35182795b23703ffc2ced45c5570c812050bbbc57597d54", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|5dbc371ec4722917c35182795b23703ffc2ced45c5570c812050bbbc57597d54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-js/src/web_runtime.js"}, "region": {"startLine": 671}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 122192, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 122188, "scanner": "repobility-threat-engine", "fingerprint": "fc00f9e339d5b6aeba4e2aba7a865420158b310172fdcbd9ccf65028a3ed4d69", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'foo bar'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fc00f9e339d5b6aeba4e2aba7a865420158b310172fdcbd9ccf65028a3ed4d69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/minify.rs"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 122187, "scanner": "repobility-threat-engine", "fingerprint": "ef9c7ab3c4db0504c56fde37ac9b90e4f25b27725078dbf645a379ebeab3227f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'foo bar'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ef9c7ab3c4db0504c56fde37ac9b90e4f25b27725078dbf645a379ebeab3227f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-js/src/minify.rs"}, "region": {"startLine": 279}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, for=2, if=5, nested_bonus=4, ternary=3."}, "properties": {"repobilityId": 122174, "scanner": "repobility-threat-engine", "fingerprint": "df0cca162e8cad3f7f315b041dcd9a04f3e2e332bc0c4f68125181241a19eed9", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 5, "for": 2, "elif": 1, "else": 1, "ternary": 3, "nested_bonus": 4}, "complexity": 16, "correlation_key": "fp|df0cca162e8cad3f7f315b041dcd9a04f3e2e332bc0c4f68125181241a19eed9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/scripts/summary.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=1, else=1, except=1, for=1, if=7, nested_bonus=5."}, "properties": {"repobilityId": 122172, "scanner": "repobility-threat-engine", "fingerprint": "96185991c6032d867295c3bec44d703da5c14be07d15159485cd966073ebbe35", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 1, "elif": 1, "else": 1, "except": 1, "continue": 1, "nested_bonus": 5}, "complexity": 17, "correlation_key": "fp|96185991c6032d867295c3bec44d703da5c14be07d15159485cd966073ebbe35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/harness/check_output.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 122228, "scanner": "repobility-docker", "fingerprint": "8cb65260be6d0ed32c8b59d9513c6f5ee52600271c4573994eb4b0a51d3226cb", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8cb65260be6d0ed32c8b59d9513c6f5ee52600271c4573994eb4b0a51d3226cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 122227, "scanner": "repobility-docker", "fingerprint": "82727825258bd49d4fd6649584489a9dab1c21f03076b78ee46a8e0a6d4c7a32", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|82727825258bd49d4fd6649584489a9dab1c21f03076b78ee46a8e0a6d4c7a32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 122226, "scanner": "repobility-docker", "fingerprint": "524d7697973da960281e047ef82130061b529d3ea3f58fdd361fd04bf9100b69", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|524d7697973da960281e047ef82130061b529d3ea3f58fdd361fd04bf9100b69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122223, "scanner": "repobility-ai-code-hygiene", "fingerprint": "325e7801a097ab31039c62108fa6d732310667224a78edef3f4a369e10bd709c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/expr/bigint_set.rs", "duplicate_line": 21, "correlation_key": "fp|325e7801a097ab31039c62108fa6d732310667224a78edef3f4a369e10bd709c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/expr/binary.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122222, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd8d942bcc8accba66edfec65001557c13ad3462aab4c5911e94fc50c2752cb4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/expr/array_methods.rs", "duplicate_line": 1, "correlation_key": "fp|cd8d942bcc8accba66edfec65001557c13ad3462aab4c5911e94fc50c2752cb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/expr/binary.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122221, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5d973535036bb296c4eb9dfeee590a9ffa4d5337e5300d8e4f8bffdf6a98e4f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/expr/array_methods.rs", "duplicate_line": 1, "correlation_key": "fp|a5d973535036bb296c4eb9dfeee590a9ffa4d5337e5300d8e4f8bffdf6a98e4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/expr/bigint_set.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122220, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6883ff54e27e3ca599bbc9454e6416cf8909648a2e0e56bd8579e31b4502347d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/collectors/escape_news.rs", "duplicate_line": 189, "correlation_key": "fp|6883ff54e27e3ca599bbc9454e6416cf8909648a2e0e56bd8579e31b4502347d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/collectors/refs.rs"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122219, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3fe5c8cdd6148c099a1a528ee4456beb2c6863c18c1a54df0072c4ad233fe999", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/collectors/escape_arrays.rs", "duplicate_line": 299, "correlation_key": "fp|3fe5c8cdd6148c099a1a528ee4456beb2c6863c18c1a54df0072c4ad233fe999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/collectors/refs.rs"}, "region": {"startLine": 181}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122218, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e84861511578b9ecba3950e0fad678c6bc8f34efefbf43c33ff78ab480587c29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen/src/collectors/escape_arrays.rs", "duplicate_line": 299, "correlation_key": "fp|e84861511578b9ecba3950e0fad678c6bc8f34efefbf43c33ff78ab480587c29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen/src/collectors/escape_news.rs"}, "region": {"startLine": 184}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122217, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cb631ec5db62b5c9d98b53e1c85145f86b18ca9709a180f8c05dd42bcf33dbf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-glance/src/emit_glue.rs", "duplicate_line": 20, "correlation_key": "fp|9cb631ec5db62b5c9d98b53e1c85145f86b18ca9709a180f8c05dd42bcf33dbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wear-tiles/src/emit_glue.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122216, "scanner": "repobility-ai-code-hygiene", "fingerprint": "706fddfd2f699597027890584b39efa68a5f42b5acdb0954addd5b4f0933d0f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-glance/src/emit.rs", "duplicate_line": 38, "correlation_key": "fp|706fddfd2f699597027890584b39efa68a5f42b5acdb0954addd5b4f0933d0f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wear-tiles/src/emit.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122215, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30dd60a328b7ceb7132d2cc66f29e0d02ee1f0c6ad25868db9ba844980f18f11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-js/src/minify.rs", "duplicate_line": 1, "correlation_key": "fp|30dd60a328b7ceb7132d2cc66f29e0d02ee1f0c6ad25868db9ba844980f18f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/minify.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122214, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51b88d8214ae58553cd1c3051e9cc9df6001f05e86ac04a8fc686a09800677d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-js/src/lib.rs", "duplicate_line": 120, "correlation_key": "fp|51b88d8214ae58553cd1c3051e9cc9df6001f05e86ac04a8fc686a09800677d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/lib.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122213, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51f6035d8b8d385fb1abd2be9ce2f2c1da79781593ce1c056abb999011610070", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-js/src/emit/calls.rs", "duplicate_line": 227, "correlation_key": "fp|51f6035d8b8d385fb1abd2be9ce2f2c1da79781593ce1c056abb999011610070"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/ui_method_map.rs"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122212, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f350a5fd25fd162128f5e82728df419281e34ff8aaa3f9e3087b34f7766b5212", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/literals_vars.rs", "duplicate_line": 36, "correlation_key": "fp|f350a5fd25fd162128f5e82728df419281e34ff8aaa3f9e3087b34f7766b5212"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/function.rs"}, "region": {"startLine": 227}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122211, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6af75246dc3132ca8ee399524c3f7fc4f43b985f27f12a811dbe26e1bc301b72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/classes.rs", "duplicate_line": 504, "correlation_key": "fp|6af75246dc3132ca8ee399524c3f7fc4f43b985f27f12a811dbe26e1bc301b72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/objects.rs"}, "region": {"startLine": 320}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122210, "scanner": "repobility-ai-code-hygiene", "fingerprint": "448cc7d99a80c2aaa73d578be3178251543cdd1708edcb1aec66a506987011d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/net_fetch_crypto.rs", "duplicate_line": 34, "correlation_key": "fp|448cc7d99a80c2aaa73d578be3178251543cdd1708edcb1aec66a506987011d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/objects.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122209, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c324f339189d9de8f72234e2b543575a818ec74d74fcd30156ca08188c958a3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/arrays.rs", "duplicate_line": 166, "correlation_key": "fp|c324f339189d9de8f72234e2b543575a818ec74d74fcd30156ca08188c958a3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/net_fetch_crypto.rs"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122208, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5303bed6611208cdaaac3ca9e043917ac14a4348cbf5764dc11dcc734ea3302", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/buffers.rs", "duplicate_line": 244, "correlation_key": "fp|e5303bed6611208cdaaac3ca9e043917ac14a4348cbf5764dc11dcc734ea3302"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/net_fetch_crypto.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122207, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06c8e3252a853ba1a4e662c1079fe6e590899048fd0e6dec9d33c3ec2b3ef73f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/arrays.rs", "duplicate_line": 242, "correlation_key": "fp|06c8e3252a853ba1a4e662c1079fe6e590899048fd0e6dec9d33c3ec2b3ef73f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/literals_vars.rs"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122206, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c55c6b15807e84535d9c4f1d5c760aef76036b67b26f5b657c5d1d47ac40b162", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/classes.rs", "duplicate_line": 135, "correlation_key": "fp|c55c6b15807e84535d9c4f1d5c760aef76036b67b26f5b657c5d1d47ac40b162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/date_error.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122205, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1044655024b044aaae5f07f419e2541b283c7bdf34affc805a407d6a2511f45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/calls.rs", "duplicate_line": 134, "correlation_key": "fp|b1044655024b044aaae5f07f419e2541b283c7bdf34affc805a407d6a2511f45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/classes.rs"}, "region": {"startLine": 232}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122204, "scanner": "repobility-ai-code-hygiene", "fingerprint": "359e9b3e08c74cd39e9cc6b85746405a8ead670bfaeeb4cf921cdb30a716f87e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/arrays.rs", "duplicate_line": 162, "correlation_key": "fp|359e9b3e08c74cd39e9cc6b85746405a8ead670bfaeeb4cf921cdb30a716f87e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/classes.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122203, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a694ff6023c0477f60818343d1ffb0ad79d72fb5b36a17d879c5fde04b0fade8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-wasm/src/emit/expr/arrays.rs", "duplicate_line": 241, "correlation_key": "fp|a694ff6023c0477f60818343d1ffb0ad79d72fb5b36a17d879c5fde04b0fade8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/emit/expr/buffers.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4711c6f4a378f19ef05fba1ccc5e889da83bfc6bfba7557b53beb3f8d92c15a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-glance/src/lib.rs", "duplicate_line": 32, "correlation_key": "fp|a4711c6f4a378f19ef05fba1ccc5e889da83bfc6bfba7557b53beb3f8d92c15a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-swiftui/src/lib.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "584fd68fc5d1d3ed5cdee21c664758b0d295c177320847becd859c82bea52659", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-api-manifest/src/emit.rs", "duplicate_line": 501, "correlation_key": "fp|584fd68fc5d1d3ed5cdee21c664758b0d295c177320847becd859c82bea52659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/text.rs"}, "region": {"startLine": 274}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad6a80e86d1593a78b7a2c6506f5a22c2e96f301720dc6fa22c8c45916d6a017", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/widgets/stack.rs", "duplicate_line": 43, "correlation_key": "fp|ad6a80e86d1593a78b7a2c6506f5a22c2e96f301720dc6fa22c8c45916d6a017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/structure.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16a276a8a36257c09e6c3d1f58dd701d3d3403efc7a4bd12b89d39cfffde9cdc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/mutations.rs", "duplicate_line": 680, "correlation_key": "fp|16a276a8a36257c09e6c3d1f58dd701d3d3403efc7a4bd12b89d39cfffde9cdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/structure.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "904fa64cfed12b1731cb46d582aa5173f9366cd4f5dc636d465c9aedc46abc48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/widgets/scroll.rs", "duplicate_line": 3, "correlation_key": "fp|904fa64cfed12b1731cb46d582aa5173f9366cd4f5dc636d465c9aedc46abc48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/structure.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3850e0fbcc0a934682edad6a8beb8b7c33a1081d9fc26dd316a0ee556d50248", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/mutations.rs", "duplicate_line": 684, "correlation_key": "fp|d3850e0fbcc0a934682edad6a8beb8b7c33a1081d9fc26dd316a0ee556d50248"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/stack.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122196, "scanner": "repobility-ai-code-hygiene", "fingerprint": "498a305594664db5cecef66f53428d1d66248cb599e52457c090c13d4c01428e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/widgets/scroll.rs", "duplicate_line": 3, "correlation_key": "fp|498a305594664db5cecef66f53428d1d66248cb599e52457c090c13d4c01428e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/stack.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122195, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c573d2bc3871ed7f8dff7142178bf2bb236da109bf189ef879c1d616b1c2407", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/mutations.rs", "duplicate_line": 680, "correlation_key": "fp|4c573d2bc3871ed7f8dff7142178bf2bb236da109bf189ef879c1d616b1c2407"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/scroll.rs"}, "region": {"startLine": 215}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 122194, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34f0f05eff301dcad03931000a55f1d60878e6853576f62faf54e8356b9ca830", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/perry-codegen-arkts/src/util.rs", "duplicate_line": 27, "correlation_key": "fp|34f0f05eff301dcad03931000a55f1d60878e6853576f62faf54e8356b9ca830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/widgets/image.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 122193, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50a715f15a969b5ea9ddafdfedb9e3815750c8c297ab4afd19fd522d1a0be4bd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|50a715f15a969b5ea9ddafdfedb9e3815750c8c297ab4afd19fd522d1a0be4bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-arkts/src/state_rewrite.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 122178, "scanner": "repobility-threat-engine", "fingerprint": "abd9d6a8b4ce16d7d1d715b8f1c333f6aca32e25c929030fb4949d9d1e43a0bf", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = json.Unmarshal(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|abd9d6a8b4ce16d7d1d715b8f1c333f6aca32e25c929030fb4949d9d1e43a0bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/json_polyglot/bench_field_access.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 122177, "scanner": "repobility-threat-engine", "fingerprint": "294c48650ca1ce28d8ff252d0eba30923600997d191bf8633f45bb115de5f2a3", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = json.Unmarshal(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|294c48650ca1ce28d8ff252d0eba30923600997d191bf8633f45bb115de5f2a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/json_polyglot/bench.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=4, if=2, nested_bonus=3."}, "properties": {"repobilityId": 122173, "scanner": "repobility-threat-engine", "fingerprint": "7d661a2385cefebcdd74a981a4813cdc93560c2489f61090e751f8a8ca8366a6", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "for": 4, "continue": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|7d661a2385cefebcdd74a981a4813cdc93560c2489f61090e751f8a8ca8366a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/scripts/plot.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 122191, "scanner": "repobility-threat-engine", "fingerprint": "9dc5b4d64b98961583ab33c83c8b1e0bd081764e655642c9ec03503d03d5efe1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9dc5b4d64b98961583ab33c83c8b1e0bd081764e655642c9ec03503d03d5efe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-swiftui/src/lib.rs"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 122190, "scanner": "repobility-threat-engine", "fingerprint": "5c8a2f4659aa229e114217e4be0b2277b57daa6209a65920fea3da107c966519", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c8a2f4659aa229e114217e4be0b2277b57daa6209a65920fea3da107c966519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-wasm/src/minify.rs"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 122189, "scanner": "repobility-threat-engine", "fingerprint": "311743eec1329069051577987367e71d4b998b01a143d87e82bb2573dcc39f36", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|311743eec1329069051577987367e71d4b998b01a143d87e82bb2573dcc39f36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-js/src/minify.rs"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 122186, "scanner": "repobility-threat-engine", "fingerprint": "2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "aggregated_count": 4}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 122182, "scanner": "repobility-threat-engine", "fingerprint": "e2451939092dd4cabc17cdab6cd3e898aa49f48ad2f3a291adde07e02da994d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2451939092dd4cabc17cdab6cd3e898aa49f48ad2f3a291adde07e02da994d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/suite/bench_object_property.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 122181, "scanner": "repobility-threat-engine", "fingerprint": "ac105ed817b9cce93b83466bb2b4656d74c2f1da83aa6a4f8ff141d01265fcbf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac105ed817b9cce93b83466bb2b4656d74c2f1da83aa6a4f8ff141d01265fcbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/suite/bench_gc_pressure.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 122180, "scanner": "repobility-threat-engine", "fingerprint": "7e7d3ae591c24cda303ddbdc4aeae3c19530f438bf1e049772ff8a6639cc509f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e7d3ae591c24cda303ddbdc4aeae3c19530f438bf1e049772ff8a6639cc509f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/json_polyglot/bench_field_access.rs"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 122179, "scanner": "repobility-threat-engine", "fingerprint": "88cab7312c211262a9d38a51153445b9ca233d52fbfbb1c5fd4b9fd0ba1ff845", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|88cab7312c211262a9d38a51153445b9ca233d52fbfbb1c5fd4b9fd0ba1ff845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/json_polyglot/bench.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 122176, "scanner": "repobility-threat-engine", "fingerprint": "3040b75857071ba0bf7cd2e2dc363600366300180f5605eea6542a5fc4ddca75", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3040b75857071ba0bf7cd2e2dc363600366300180f5605eea6542a5fc4ddca75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/workloads/1_json_pipeline/perry/json_pipeline.ts"}, "region": {"startLine": 57}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 122175, "scanner": "repobility-threat-engine", "fingerprint": "374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 1, "elif": 1, "else": 1, "except": 1, "continue": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 17, "correlation_key": "fp|374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "aggregated_count": 2}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 122169, "scanner": "repobility-threat-engine", "fingerprint": "49740e3cda1ad7d33d39ae640807944dff49a7f056df62abdcd905c65a4eadfa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|49740e3cda1ad7d33d39ae640807944dff49a7f056df62abdcd905c65a4eadfa", "aggregated_count": 52}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 122168, "scanner": "repobility-threat-engine", "fingerprint": "bb05518308c6696a46afd05f50728b507ed77a640ab07d8e7976e316857167af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb05518308c6696a46afd05f50728b507ed77a640ab07d8e7976e316857167af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/app-patterns/kernels/json_parse_1mb.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 122167, "scanner": "repobility-threat-engine", "fingerprint": "ccb3474c91719642774f7bfa2588ab187b99adab564551b0a000359b427a5c54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ccb3474c91719642774f7bfa2588ab187b99adab564551b0a000359b427a5c54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/app-patterns/kernels/date_format_parse.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 122166, "scanner": "repobility-threat-engine", "fingerprint": "107f2e7e6f079d5f2d806c021891e3c1ea431e7f47c2101047774ea41ae297d9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|107f2e7e6f079d5f2d806c021891e3c1ea431e7f47c2101047774ea41ae297d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/app-patterns/kernels/buffer_transcode.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `mysql:8` unpinned: `container/services image: mysql:8` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 122260, "scanner": "repobility-supply-chain", "fingerprint": "5f36061bee8bb1ad87b95244779ca18ad40942ee724aa7eca66fc3aec1613625", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f36061bee8bb1ad87b95244779ca18ad40942ee724aa7eca66fc3aec1613625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 930}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122259, "scanner": "repobility-supply-chain", "fingerprint": "72335655ba352d5c4465786b7f478c40437afcd8240de3db19a86a06b023106c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|72335655ba352d5c4465786b7f478c40437afcd8240de3db19a86a06b023106c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122258, "scanner": "repobility-supply-chain", "fingerprint": "96c3491f65abbc23670fbdba9162671be637c4f1a2d74fe538c95eb90f62d221", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96c3491f65abbc23670fbdba9162671be637c4f1a2d74fe538c95eb90f62d221"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122257, "scanner": "repobility-supply-chain", "fingerprint": "3318c6b6ab46a2bc5e799a936c6b7ddff5b66ba7f777e776e5a6b4bd4f836c9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3318c6b6ab46a2bc5e799a936c6b7ddff5b66ba7f777e776e5a6b4bd4f836c9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122256, "scanner": "repobility-supply-chain", "fingerprint": "f21ebf2e3af7b3f131981057ce6fe6d608ddb84056171e765ae8c444b3886f73", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f21ebf2e3af7b3f131981057ce6fe6d608ddb84056171e765ae8c444b3886f73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 328}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122255, "scanner": "repobility-supply-chain", "fingerprint": "c6c5820505a89ebae563a7d2eb1df1566794edd9cfe92279749cd7980e66eeec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c6c5820505a89ebae563a7d2eb1df1566794edd9cfe92279749cd7980e66eeec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122254, "scanner": "repobility-supply-chain", "fingerprint": "6ecad8015fb70488bee80558b6cf47e5d019a71baf91cec25a4395c902019a71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ecad8015fb70488bee80558b6cf47e5d019a71baf91cec25a4395c902019a71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122253, "scanner": "repobility-supply-chain", "fingerprint": "90318f8f98ac2ba76e80e325d3cc393a59aebfb87ada2b2a1e22b0fa7209b060", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90318f8f98ac2ba76e80e325d3cc393a59aebfb87ada2b2a1e22b0fa7209b060"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122252, "scanner": "repobility-supply-chain", "fingerprint": "da59e05cb3f6903b2345c9d66c64e6a45dcb923135191a9bce7e2b5676aefee2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da59e05cb3f6903b2345c9d66c64e6a45dcb923135191a9bce7e2b5676aefee2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122251, "scanner": "repobility-supply-chain", "fingerprint": "5e171822066be61788fd12b665d9b091feef3988394ada4f2af7564d160546ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e171822066be61788fd12b665d9b091feef3988394ada4f2af7564d160546ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122250, "scanner": "repobility-supply-chain", "fingerprint": "e3c852cccc0d609a66d097c32dfe7a1aaf03d889ba6ffeb723e2a27b11a0fcb7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3c852cccc0d609a66d097c32dfe7a1aaf03d889ba6ffeb723e2a27b11a0fcb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122249, "scanner": "repobility-supply-chain", "fingerprint": "ddc0f0a1b2185769bdbd5275b141ec7268c4f824bbf0dbae434155b72cd3a359", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ddc0f0a1b2185769bdbd5275b141ec7268c4f824bbf0dbae434155b72cd3a359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122248, "scanner": "repobility-supply-chain", "fingerprint": "cffbcb27e450d8c752414dc6ea2e7e39a8ffa54cc8893f3e390c6a8579201093", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cffbcb27e450d8c752414dc6ea2e7e39a8ffa54cc8893f3e390c6a8579201093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122247, "scanner": "repobility-supply-chain", "fingerprint": "2734b3ec37954a57409d476e9f4cd7a9d05ac329baf43ba75da126f3ae832456", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2734b3ec37954a57409d476e9f4cd7a9d05ac329baf43ba75da126f3ae832456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122246, "scanner": "repobility-supply-chain", "fingerprint": "47af3492d7d7d0ae3068b8ea29812733e75705dac32240f4b3f43f8550cc5e89", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47af3492d7d7d0ae3068b8ea29812733e75705dac32240f4b3f43f8550cc5e89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122245, "scanner": "repobility-supply-chain", "fingerprint": "9ea44a3395c9c9965a75d82a4247d81ea263ba9121b92fe7226a305346dd546e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ea44a3395c9c9965a75d82a4247d81ea263ba9121b92fe7226a305346dd546e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122244, "scanner": "repobility-supply-chain", "fingerprint": "4a0a8f674f581b1c2e6231bb1835f1e232ef8ddeb8a86b066f477885c3cf059c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a0a8f674f581b1c2e6231bb1835f1e232ef8ddeb8a86b066f477885c3cf059c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122243, "scanner": "repobility-supply-chain", "fingerprint": "bd9374a7d5d2b9d261a866c59965a4972df08896483197739e252bf55d598717", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bd9374a7d5d2b9d261a866c59965a4972df08896483197739e252bf55d598717"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122242, "scanner": "repobility-supply-chain", "fingerprint": "eff3e6ecb4f1413fecbfd6cd36e42f02dd1e1df96e5c98695869956d7dceb434", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eff3e6ecb4f1413fecbfd6cd36e42f02dd1e1df96e5c98695869956d7dceb434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/container-tests.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122241, "scanner": "repobility-supply-chain", "fingerprint": "13ca1c885c8ade63cbe5a624ccac37175f386b930aebc0da6f9e87c26bf9fc6c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|13ca1c885c8ade63cbe5a624ccac37175f386b930aebc0da6f9e87c26bf9fc6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-hono-server.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122240, "scanner": "repobility-supply-chain", "fingerprint": "17fe29a28219aabca354203b39038f5d620a1794b254ce3f534ed255f9c4a7ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17fe29a28219aabca354203b39038f5d620a1794b254ce3f534ed255f9c4a7ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release-hono-server.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122239, "scanner": "repobility-supply-chain", "fingerprint": "3d77024bbe165ed5501e3fd65631096289f4946574168d6d61d62b596fc95717", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d77024bbe165ed5501e3fd65631096289f4946574168d6d61d62b596fc95717"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-core-subset.yml"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122238, "scanner": "repobility-supply-chain", "fingerprint": "a48d04b9c3c2a2db67f60abe7a38af376795fdf2a370a460e5af21bab2af9026", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a48d04b9c3c2a2db67f60abe7a38af376795fdf2a370a460e5af21bab2af9026"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-core-subset.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122237, "scanner": "repobility-supply-chain", "fingerprint": "06aed6459b9837ca44b41f12a16c1562cfb570d828292ad23e26f2285ca2e627", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|06aed6459b9837ca44b41f12a16c1562cfb570d828292ad23e26f2285ca2e627"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-core-subset.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122236, "scanner": "repobility-supply-chain", "fingerprint": "2503baa6c78c89ff478dc67d1def033c2b4591dba6687cb11a1f325c23fdf846", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2503baa6c78c89ff478dc67d1def033c2b4591dba6687cb11a1f325c23fdf846"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-core-subset.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 122235, "scanner": "repobility-supply-chain", "fingerprint": "8c061e903c2b23351222c1d625d839a1c8c09cf8231c30bfd10b5c3bf41e3abe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c061e903c2b23351222c1d625d839a1c8c09cf8231c30bfd10b5c3bf41e3abe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-core-subset.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@perryts/mysql` pulled from URL/Git: `dependencies.@perryts/mysql` = `github:PerryTS/mysql` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 122234, "scanner": "repobility-supply-chain", "fingerprint": "d08c9af09cb59424fb07c71c079868e88fe51accf9e86c359a5fc4203cedc453", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d08c9af09cb59424fb07c71c079868e88fe51accf9e86c359a5fc4203cedc453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/release/packages/drizzle-mysql/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 122233, "scanner": "repobility-supply-chain", "fingerprint": "ac7506ac66a0fbd2e2c62f43533bf08223541604247ced4a6aafd8cbfcadca34", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac7506ac66a0fbd2e2c62f43533bf08223541604247ced4a6aafd8cbfcadca34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:bookworm-slim` not pinned by digest: `FROM debian:bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 122232, "scanner": "repobility-supply-chain", "fingerprint": "bb43c04a9cc6178001ad7bc3a83d451914f5474569ae104051afe13490fd4409", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb43c04a9cc6178001ad7bc3a83d451914f5474569ae104051afe13490fd4409"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `rust:1.75-bookworm` not pinned by digest: `FROM rust:1.75-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 122231, "scanner": "repobility-supply-chain", "fingerprint": "de47fcf1c0ac277f9b4639ee108e9d0c3f8b71a1f739d91d9e3839fd6a277a53", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de47fcf1c0ac277f9b4639ee108e9d0c3f8b71a1f739d91d9e3839fd6a277a53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 122185, "scanner": "repobility-threat-engine", "fingerprint": "fd250a9e12b06b0e3037d22e9ff0d1e0345860f676cadf297cd5475868b22179", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd250a9e12b06b0e3037d22e9ff0d1e0345860f676cadf297cd5475868b22179"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-js/src/minify.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 122184, "scanner": "repobility-threat-engine", "fingerprint": "9e2bdcb692fff7dc713a6bff0439b700119f5d9c49209b3d90566a7263dac785", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e2bdcb692fff7dc713a6bff0439b700119f5d9c49209b3d90566a7263dac785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-js/src/emit/helpers.rs"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 122183, "scanner": "repobility-threat-engine", "fingerprint": "f8a6e460f8d7b9c1694f703f57c367196dcfe671d61f8acec3eeb9a3db9a2efe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8a6e460f8d7b9c1694f703f57c367196dcfe671d61f8acec3eeb9a3db9a2efe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/perry-codegen-glance/src/emit_glue.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 122171, "scanner": "repobility-threat-engine", "fingerprint": "f5ac17d12770a6c25e486e137cb5ac58792104cbd5c3c47513b61808d133649b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "h.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f5ac17d12770a6c25e486e137cb5ac58792104cbd5c3c47513b61808d133649b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/harness/check_output.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 122170, "scanner": "repobility-threat-engine", "fingerprint": "0c2276aa7cf0f134e9601de0b8cf42bec8e1dc61ea7f3259a57a4ae70103278b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "h.update(chunk)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0c2276aa7cf0f134e9601de0b8cf42bec8e1dc61ea7f3259a57a4ae70103278b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/honest_bench/harness/capture_expected.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 122165, "scanner": "repobility-threat-engine", "fingerprint": "c47fdf509e9e3ffbfdcd96ef6cb3432a76f657e8e3178c53f3093e390689cd2a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c47fdf509e9e3ffbfdcd96ef6cb3432a76f657e8e3178c53f3093e390689cd2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "android-build/app/src/main/java/com/perry/app/PerryActivity.kt"}, "region": {"startLine": 33}}}]}]}]}