{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 937 lines (recommend <300)", "shortDescription": {"text": "Average file size is 937 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 13."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED075] C Malloc No Check (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED087", "name": "[MINED087] Js Always True If: if (true) \u2014 else branch unreachable. Likely debug residue.", "shortDescription": {"text": "[MINED087] Js Always True If: if (true) \u2014 else branch unreachable. Likely debug residue."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-561 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1205"}, "properties": {"repository": "dolthub/doltlite", "repoUrl": "https://github.com/dolthub/doltlite", "branch": "master"}, "results": [{"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 121497, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c2a1b2c1f2ed7dabbe007700d08bcbd3bf479608f78f1d737c97dd1763dfbc1", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "backup", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "ext/jni/src/org/sqlite/jni/capi/sqlite3.java", "correlation_key": "fp|4c2a1b2c1f2ed7dabbe007700d08bcbd3bf479608f78f1d737c97dd1763dfbc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/jni/src/org/sqlite/jni/capi/sqlite3_backup.java"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 121469, "scanner": "repobility-threat-engine", "fingerprint": "64ba6931a4f3d5b6f5b28d090455204de73f1de82979bb7b1ca741c8189e50bd", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|152|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/common/SqliteTestUtil.js"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 121468, "scanner": "repobility-threat-engine", "fingerprint": "98b6dc52d0e03ed92e5567219f39b71b550b8208a4ecf5a8668528fac9d5226f", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|examples/quickstart.c|32|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/quickstart.c"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 121467, "scanner": "repobility-threat-engine", "fingerprint": "b84b483049a04adba7a141d3da225932838faf67c4233364c28afe48ea1c7cf0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|examples/go/main.go|26|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/go/main.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 937 lines (recommend <300)"}, "properties": {"repobilityId": 121466, "scanner": "repobility-core", "fingerprint": "0eb22aff4d4391d1143d3068f04d94f5e184ea991e76a6474bd90cda7e2e1999", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|0eb22aff4d4391d1143d3068f04d94f5e184ea991e76a6474bd90cda7e2e1999"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6e85ef1bbf374b940a2598d75c41961b268a394e22ce21ce399e99c681f6e0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 272, "correlation_key": "fp|c6e85ef1bbf374b940a2598d75c41961b268a394e22ce21ce399e99c681f6e0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/vfsstat.c"}, "region": {"startLine": 457}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "500a0e21de82eedfb66aaa5dc5f7e9452111e60c599d28ae369fbddc648202ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|500a0e21de82eedfb66aaa5dc5f7e9452111e60c599d28ae369fbddc648202ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/unionvtab.c"}, "region": {"startLine": 786}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcb03e097a2d01dee4ba9ca40e5a93853c173e19397e10cf7af5d6849ce45027", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts5/fts5_test_tok.c", "duplicate_line": 31, "correlation_key": "fp|fcb03e097a2d01dee4ba9ca40e5a93853c173e19397e10cf7af5d6849ce45027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/unionvtab.c"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee902a87b1b62a8fdfb7d7212af769a48f3a7e4cfb201fd2fe1aa435bcb8637a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts5/fts5_config.c", "duplicate_line": 83, "correlation_key": "fp|ee902a87b1b62a8fdfb7d7212af769a48f3a7e4cfb201fd2fe1aa435bcb8637a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/unionvtab.c"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07a9f1ccd4e3b016d94a3eba7455cd74521e2329f6f3836454c63f2594f7d1f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|07a9f1ccd4e3b016d94a3eba7455cd74521e2329f6f3836454c63f2594f7d1f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/stmt.c"}, "region": {"startLine": 176}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cff2710dcf6771630b798a2b42d125b03ba6038f3cd8fa9234de4cd426f7d6e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/sha1.c", "duplicate_line": 165, "correlation_key": "fp|cff2710dcf6771630b798a2b42d125b03ba6038f3cd8fa9234de4cd426f7d6e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/shathree.c"}, "region": {"startLine": 439}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bbb2c29c820c4d5095eb619cc5edb8cc3b6659d773eca979b634bfc7e6a3b67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/closure.c", "duplicate_line": 556, "correlation_key": "fp|4bbb2c29c820c4d5095eb619cc5edb8cc3b6659d773eca979b634bfc7e6a3b67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/series.c"}, "region": {"startLine": 493}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0ac2fcad41d8f3b6a393660305af14fa27f4a4bb60bbf413b93a02e824c39c00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|0ac2fcad41d8f3b6a393660305af14fa27f4a4bb60bbf413b93a02e824c39c00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/series.c"}, "region": {"startLine": 491}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97036b37b57acd2475d36084fef8191473cca4d4f2c2a4fc80eea92c4c8c8a20", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|97036b37b57acd2475d36084fef8191473cca4d4f2c2a4fc80eea92c4c8c8a20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/memstat.c"}, "region": {"startLine": 244}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e7fd7bc07f84cbf8b23574244cbf862e101c7b55dab005b2969f94964a66f0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/decimal.c", "duplicate_line": 538, "correlation_key": "fp|2e7fd7bc07f84cbf8b23574244cbf862e101c7b55dab005b2969f94964a66f0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/ieee754.c"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec3abcc6f39c9adb81d7cf4d77a197d933b87a779608bd1b9d1a40e811edda72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|ec3abcc6f39c9adb81d7cf4d77a197d933b87a779608bd1b9d1a40e811edda72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/fuzzer.c"}, "region": {"startLine": 704}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1613c96dc20302cc0f1a1f84fa7e86d2c64ad7dec712c5611cdc22ead9d7db0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/closure.c", "duplicate_line": 179, "correlation_key": "fp|1613c96dc20302cc0f1a1f84fa7e86d2c64ad7dec712c5611cdc22ead9d7db0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/fuzzer.c"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edc2da793a97098bf8ed27419dab18c6e6764c5c38f62145e88d60e83fa30638", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|edc2da793a97098bf8ed27419dab18c6e6764c5c38f62145e88d60e83fa30638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/fileio.c"}, "region": {"startLine": 702}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50547ff60bfc8320488977272b82d147a2aaeff1ffc264f4437c434b7a31b2a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|50547ff60bfc8320488977272b82d147a2aaeff1ffc264f4437c434b7a31b2a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/explain.c"}, "region": {"startLine": 157}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d6d25509d23eee671cb71761881f8bcb64b5f87ae5edd69f63c8261a21c768e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/closure.c", "duplicate_line": 556, "correlation_key": "fp|8d6d25509d23eee671cb71761881f8bcb64b5f87ae5edd69f63c8261a21c768e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/csv.c"}, "region": {"startLine": 650}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e929f62327d819f31504951cde9d4403281390853aa8b78fb24966f30f8ba68b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|e929f62327d819f31504951cde9d4403281390853aa8b78fb24966f30f8ba68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/csv.c"}, "region": {"startLine": 618}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3c24d854030f0afa62a60f782b95e3eeedd72fc13c036ffaefdc4af92fcd307", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|d3c24d854030f0afa62a60f782b95e3eeedd72fc13c036ffaefdc4af92fcd307"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/completion.c"}, "region": {"startLine": 314}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b47c3f1ba9cc800fab67c856760d4c78ca169c9bd5750ac9f5a4fd1bb4f6fb18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/btreeinfo.c", "duplicate_line": 271, "correlation_key": "fp|b47c3f1ba9cc800fab67c856760d4c78ca169c9bd5750ac9f5a4fd1bb4f6fb18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/closure.c"}, "region": {"startLine": 554}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cf02aef2d341eca68c6bddcf7b62ca6e01d9fb96a8fb436152f7710764826bd8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/misc/base64.c", "duplicate_line": 115, "correlation_key": "fp|cf02aef2d341eca68c6bddcf7b62ca6e01d9fb96a8fb436152f7710764826bd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/misc/base85.c"}, "region": {"startLine": 141}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3fd72a356c9971c1c9ddd045328e322cdc0af46bb1ce53f04f45f95a4804226", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/jni/src/org/sqlite/jni/capi/AggregateFunction.java", "duplicate_line": 15, "correlation_key": "fp|b3fd72a356c9971c1c9ddd045328e322cdc0af46bb1ce53f04f45f95a4804226"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/jni/src/org/sqlite/jni/wrapper1/AggregateFunction.java"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1c25c8c77ffa8a735eb03c5773e23dcd7c814d193807451f3d273f0c37287028", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts3/fts3_unicode2.c", "duplicate_line": 112, "correlation_key": "fp|1c25c8c77ffa8a735eb03c5773e23dcd7c814d193807451f3d273f0c37287028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts5/fts5_unicode2.c"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121506, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f97a3c5db4b16398d75c953cef2168a9f61423cc298b2de7caa547c4b2913ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts3/fts3_aux.c", "duplicate_line": 377, "correlation_key": "fp|3f97a3c5db4b16398d75c953cef2168a9f61423cc298b2de7caa547c4b2913ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts5/fts5_test_tok.c"}, "region": {"startLine": 294}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121505, "scanner": "repobility-ai-code-hygiene", "fingerprint": "48430c41b89f7d48d89aea5a4c1e219a24a348e1ded84abec6b5ab435aa2319b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts3/fts3_tokenize_vtab.c", "duplicate_line": 35, "correlation_key": "fp|48430c41b89f7d48d89aea5a4c1e219a24a348e1ded84abec6b5ab435aa2319b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts5/fts5_test_tok.c"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121504, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ece24e982d3bd2dbdaf11ffa0b4224c5908a154a3b6985c500077864f825bdab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts5/fts5_config.c", "duplicate_line": 81, "correlation_key": "fp|ece24e982d3bd2dbdaf11ffa0b4224c5908a154a3b6985c500077864f825bdab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts5/fts5_test_tok.c"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121503, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00e933b7caf6c5021cc4f57aaf640b2cdd01d8c5fe47997ee0e1aa3e4a1c99b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts3/fts3_aux.c", "duplicate_line": 377, "correlation_key": "fp|00e933b7caf6c5021cc4f57aaf640b2cdd01d8c5fe47997ee0e1aa3e4a1c99b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts3/fts3_tokenize_vtab.c"}, "region": {"startLine": 271}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121502, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f7151ecba6cdeed937b54f4a18f5334d88fa008ebcb57d037e81b2a04a8cd24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/fts3/fts3_aux.c", "duplicate_line": 377, "correlation_key": "fp|1f7151ecba6cdeed937b54f4a18f5334d88fa008ebcb57d037e81b2a04a8cd24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/fts3/fts3_term.c"}, "region": {"startLine": 234}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121501, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a5273ad176e601fc9b0d7cf5f8fbcb51a01a39c621ac07702d9de59a3442d5de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/blake3/blake3_avx2.c", "duplicate_line": 27, "correlation_key": "fp|a5273ad176e601fc9b0d7cf5f8fbcb51a01a39c621ac07702d9de59a3442d5de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/blake3/blake3_sse41.c"}, "region": {"startLine": 212}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121500, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72532bf4ed92c20649bc482d2bd00168b1e1238606bf3495cc77db505e8e67f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/blake3/blake3_sse2.c", "duplicate_line": 1, "correlation_key": "fp|72532bf4ed92c20649bc482d2bd00168b1e1238606bf3495cc77db505e8e67f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/blake3/blake3_sse41.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121499, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5768b99d09b0d2bb77717d414715c6775a9967a56f9547d8817ee24884622b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/blake3/blake3_avx2.c", "duplicate_line": 27, "correlation_key": "fp|b5768b99d09b0d2bb77717d414715c6775a9967a56f9547d8817ee24884622b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/blake3/blake3_sse2.c"}, "region": {"startLine": 217}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 121498, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24ecd2739ada8a7fcfe05b9091fc92189e0a454c471cbe78de4417e04a7c2448", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ext/blake3/blake3_neon.c", "duplicate_line": 253, "correlation_key": "fp|24ecd2739ada8a7fcfe05b9091fc92189e0a454c471cbe78de4417e04a7c2448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/blake3/blake3_portable.c"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 121477, "scanner": "repobility-threat-engine", "fingerprint": "8ef9d5cabb964558bf33d81ad7368441be619643d28c6c0498c3c0834ca46d12", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"SQL function argument index \"+ndx+\" is out of range.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ef9d5cabb964558bf33d81ad7368441be619643d28c6c0498c3c0834ca46d12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/jni/src/org/sqlite/jni/wrapper1/SqlFunction.java"}, "region": {"startLine": 67}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=9, if=2, nested_bonus=2."}, "properties": {"repobilityId": 121476, "scanner": "repobility-threat-engine", "fingerprint": "6a1dcce4a8648c8ec5ba1e6eb9cf7b5e014d6800293c8758f0f63f624d9ca584", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "for": 9, "nested_bonus": 2}, "complexity": 13, "correlation_key": "fp|6a1dcce4a8648c8ec5ba1e6eb9cf7b5e014d6800293c8758f0f63f624d9ca584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/quickstart.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 121474, "scanner": "repobility-threat-engine", "fingerprint": "dd30bf7901a94b44e9c83bce19b33169f44c6c8648d4cf4ad87729915994a468", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = db.Query(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dd30bf7901a94b44e9c83bce19b33169f44c6c8648d4cf4ad87729915994a468"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/go/main.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 121496, "scanner": "repobility-threat-engine", "fingerprint": "58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "aggregated_count": 1}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 121492, "scanner": "repobility-threat-engine", "fingerprint": "90e217dd9992e40169f168494070f3e2247c852d4ff1fa5c45774be21c88ffe9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|90e217dd9992e40169f168494070f3e2247c852d4ff1fa5c45774be21c88ffe9", "aggregated_count": 5}}}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 121491, "scanner": "repobility-threat-engine", "fingerprint": "cc9b3e7d1e3159659ee722451e3b1e9c63c2db03f04bf114774488db4b549bc2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc9b3e7d1e3159659ee722451e3b1e9c63c2db03f04bf114774488db4b549bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/getlock.c"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 121490, "scanner": "repobility-threat-engine", "fingerprint": "a8e559d7524f6355f170f91c9ff587fcf6a2b178d9f9fa95095fad1cea47a4d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a8e559d7524f6355f170f91c9ff587fcf6a2b178d9f9fa95095fad1cea47a4d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/extract.c"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 121489, "scanner": "repobility-threat-engine", "fingerprint": "07412350932e94cb2522e95b24df2354debc497a8bc19bc5b691e7addd7ed20d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|07412350932e94cb2522e95b24df2354debc497a8bc19bc5b691e7addd7ed20d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/dbtotxt.c"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED012", "level": "none", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 121487, "scanner": "repobility-threat-engine", "fingerprint": "9fe1b7b77ed3109fcfa941011383282929799a653e5bc93d9ee6162c0d9c0e8a", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9fe1b7b77ed3109fcfa941011383282929799a653e5bc93d9ee6162c0d9c0e8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "install.sh"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED087", "level": "none", "message": {"text": "[MINED087] Js Always True If: if (true) \u2014 else branch unreachable. Likely debug residue."}, "properties": {"repobilityId": 121486, "scanner": "repobility-threat-engine", "fingerprint": "3355702315b9abc2af6608fc4cd7344490eca106b548998c3efec6b6a9e11cb2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-always-true-if", "owasp": null, "cwe_ids": ["CWE-561"], "languages": ["javascript", "typescript", "tsx", "jsx", "python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348140+00:00", "triaged_in_corpus": 12, "observations_count": 739, "ai_coder_pattern_id": 140}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3355702315b9abc2af6608fc4cd7344490eca106b548998c3efec6b6a9e11cb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/sqlite3-vfs-opfs.c-pp.js"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 121485, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 121481, "scanner": "repobility-threat-engine", "fingerprint": "5dbb9c9aeae4e323789e3c8382a48b9986a1c09f59fc9918e319871ba411dc73", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5dbb9c9aeae4e323789e3c8382a48b9986a1c09f59fc9918e319871ba411dc73", "aggregated_count": 10}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 121480, "scanner": "repobility-threat-engine", "fingerprint": "167b9cdd3fbb7f459262937c36a302d997a633e464fee75418be4196b6cbb2aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|167b9cdd3fbb7f459262937c36a302d997a633e464fee75418be4196b6cbb2aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/post-js-footer.js"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 121479, "scanner": "repobility-threat-engine", "fingerprint": "89fb029de40b8ec42ef914d98a4b15d6f8965f4beb618bae6756b99a82673109", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89fb029de40b8ec42ef914d98a4b15d6f8965f4beb618bae6756b99a82673109"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/extern-post-js.c-pp.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 121478, "scanner": "repobility-threat-engine", "fingerprint": "c2109c9ba43e9640cbfc860152ce6108be8bc6c7f3659018f6180d604e1d5653", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2109c9ba43e9640cbfc860152ce6108be8bc6c7f3659018f6180d604e1d5653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/SQLTester/SQLTester.run.mjs"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 121475, "scanner": "repobility-threat-engine", "fingerprint": "aa1e6f14ccc5dda980420d9cd95a1a7879109df1e7f65a37e2e1684484d186d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aa1e6f14ccc5dda980420d9cd95a1a7879109df1e7f65a37e2e1684484d186d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/quickstart.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 121470, "scanner": "repobility-threat-engine", "fingerprint": "9a38e81725d4cd7d3858c2dca40b30fff35130f2f83e2579933f8cbdf2284cba", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9a38e81725d4cd7d3858c2dca40b30fff35130f2f83e2579933f8cbdf2284cba"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121552, "scanner": "repobility-supply-chain", "fingerprint": "cbac4bebe52145fe4a137dc4db3cf318a0af3c4cfd46a9b329e0ece049fc90b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbac4bebe52145fe4a137dc4db3cf318a0af3c4cfd46a9b329e0ece049fc90b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-test.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121551, "scanner": "repobility-supply-chain", "fingerprint": "d3b8021ec5f8240082c331fb5184c6ef48f4f5fc2a0cee2724c538f0088f9cdb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3b8021ec5f8240082c331fb5184c6ef48f4f5fc2a0cee2724c538f0088f9cdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121550, "scanner": "repobility-supply-chain", "fingerprint": "cc4f492a769d399c2ac3bf40703e5f523206423e4b7504e59b139d1f97d7bcfa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc4f492a769d399c2ac3bf40703e5f523206423e4b7504e59b139d1f97d7bcfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121549, "scanner": "repobility-supply-chain", "fingerprint": "079ecb4e4315d9cf22505257f3cfa65efb8cb0b9f53e8668edebdf68e64294dc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|079ecb4e4315d9cf22505257f3cfa65efb8cb0b9f53e8668edebdf68e64294dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121548, "scanner": "repobility-supply-chain", "fingerprint": "a41ce02844ed2cccee4d1e2836fa0c90f1b1ebd1cfaf18523c677c91268a5573", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a41ce02844ed2cccee4d1e2836fa0c90f1b1ebd1cfaf18523c677c91268a5573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/benchmark.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121547, "scanner": "repobility-supply-chain", "fingerprint": "dccd0dd7f3a59dfa8b123bd0d7991cc9ea6a9474d49f54777c2559a12cbd33e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dccd0dd7f3a59dfa8b123bd0d7991cc9ea6a9474d49f54777c2559a12cbd33e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/smoke.yml"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121546, "scanner": "repobility-supply-chain", "fingerprint": "5d5cc722a3a602f78b9abe167776ae9ff6813933f09955e436cc4b854cdd32c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d5cc722a3a602f78b9abe167776ae9ff6813933f09955e436cc4b854cdd32c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/smoke.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121545, "scanner": "repobility-supply-chain", "fingerprint": "3d140536fb184d549737dcf8bdf8f4a4160e5cd55769717f2661a8a6b3fe0321", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d140536fb184d549737dcf8bdf8f4a4160e5cd55769717f2661a8a6b3fe0321"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 419}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121544, "scanner": "repobility-supply-chain", "fingerprint": "578c6ab782d4282b25320b7001d4636d0062a61a5e5304a30442476ffd45bf76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|578c6ab782d4282b25320b7001d4636d0062a61a5e5304a30442476ffd45bf76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 416}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121543, "scanner": "repobility-supply-chain", "fingerprint": "b1918615bc0ae752f042ef0ca90034a9389fcb1830556bc31730bc2abf634e42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1918615bc0ae752f042ef0ca90034a9389fcb1830556bc31730bc2abf634e42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 405}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121542, "scanner": "repobility-supply-chain", "fingerprint": "da61ea6e7bb12332b590cc8954273d7e0dd39d5f0904e4f507f841076ab7c3db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|da61ea6e7bb12332b590cc8954273d7e0dd39d5f0904e4f507f841076ab7c3db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 374}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121541, "scanner": "repobility-supply-chain", "fingerprint": "496e037623fac5a1a9090fb11a9ce5b24b1eaf21c4d57ba4c3cd2da7a2ce9061", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|496e037623fac5a1a9090fb11a9ce5b24b1eaf21c4d57ba4c3cd2da7a2ce9061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121540, "scanner": "repobility-supply-chain", "fingerprint": "0c409f8896290af06c5fbb430ffef6709c59a56d90eb6ea25fe921e7c18cc97a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c409f8896290af06c5fbb430ffef6709c59a56d90eb6ea25fe921e7c18cc97a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `msys2/setup-msys2` pinned to mutable ref `@v2`: `uses: msys2/setup-msys2@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121539, "scanner": "repobility-supply-chain", "fingerprint": "57f4d794a505855b75eb2ed85104c8279864b8355f088674c6455fc05f4866c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57f4d794a505855b75eb2ed85104c8279864b8355f088674c6455fc05f4866c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121538, "scanner": "repobility-supply-chain", "fingerprint": "9718c71b11b00efa84f8ade90291e4d3cdae041626b8315cbee700028408b083", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9718c71b11b00efa84f8ade90291e4d3cdae041626b8315cbee700028408b083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121537, "scanner": "repobility-supply-chain", "fingerprint": "ee74e1d4f2aa18fe23d1f41ed80ac49697766ec9ae24ea26af41fca1ad026ac3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee74e1d4f2aa18fe23d1f41ed80ac49697766ec9ae24ea26af41fca1ad026ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121536, "scanner": "repobility-supply-chain", "fingerprint": "d0fa3aa0197206b3efd1a2f78a6f930c9801bed60f17e821a06d540fcbc4d996", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0fa3aa0197206b3efd1a2f78a6f930c9801bed60f17e821a06d540fcbc4d996"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121535, "scanner": "repobility-supply-chain", "fingerprint": "4f47962ca7e156ab07590218670e531abb844fffabfe0c7514df0a4998da4306", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f47962ca7e156ab07590218670e531abb844fffabfe0c7514df0a4998da4306"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121534, "scanner": "repobility-supply-chain", "fingerprint": "c827c482931c063fc09d192a6c68ad53b0e58a06d1c181e61e576d392722495e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c827c482931c063fc09d192a6c68ad53b0e58a06d1c181e61e576d392722495e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121533, "scanner": "repobility-supply-chain", "fingerprint": "beeffce4bdd7edde137959b4c49f1df9ce1b597e8e657b02c0f4fa2eda600260", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|beeffce4bdd7edde137959b4c49f1df9ce1b597e8e657b02c0f4fa2eda600260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sanitizers.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121532, "scanner": "repobility-supply-chain", "fingerprint": "50112de0695b2cb7d3adeff8f182e8fe86136f866453c43a30fb5eec78ec4b71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|50112de0695b2cb7d3adeff8f182e8fe86136f866453c43a30fb5eec78ec4b71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sqlite-upstream-drift.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121531, "scanner": "repobility-supply-chain", "fingerprint": "b5a70d4c6944fad6154589d27bc6f315be09948b8ce1817c2eff43cb491e70b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5a70d4c6944fad6154589d27bc6f315be09948b8ce1817c2eff43cb491e70b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121530, "scanner": "repobility-supply-chain", "fingerprint": "67819e814233c67cc5aed182ac4001c55c5458a47d4744b32461012610d0bc9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67819e814233c67cc5aed182ac4001c55c5458a47d4744b32461012610d0bc9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121529, "scanner": "repobility-supply-chain", "fingerprint": "9f69a04457d11e23185c19b91c4feaa34da26cf6b80672d5feedc9d0a56d5466", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f69a04457d11e23185c19b91c4feaa34da26cf6b80672d5feedc9d0a56d5466"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 121528, "scanner": "repobility-supply-chain", "fingerprint": "2b8cd1f25e96a36b9fae045092f4628f7bacbfe49380c13332f484b7c9303bd2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2b8cd1f25e96a36b9fae045092f4628f7bacbfe49380c13332f484b7c9303bd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 121488, "scanner": "repobility-threat-engine", "fingerprint": "48bd3ecf85d3f400c81beee97ac3900211c98441f399ee20bdeef386e9f3e809", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(zInput", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|tool/dbtotxt.c|117|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/dbtotxt.c"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 121484, "scanner": "repobility-threat-engine", "fingerprint": "63c4144059af74f2fe1643445df6d49b9baf3dc33a83a92e0ab506f0b35590c0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|63c4144059af74f2fe1643445df6d49b9baf3dc33a83a92e0ab506f0b35590c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/sqlite3-worker1.c-pp.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 121483, "scanner": "repobility-threat-engine", "fingerprint": "50b7a9a84cf13a0e58006158450ac869bad2fba92108079d003175f01c11e105", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|50b7a9a84cf13a0e58006158450ac869bad2fba92108079d003175f01c11e105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/pre-js.c-pp.js"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 121482, "scanner": "repobility-threat-engine", "fingerprint": "ae2294933cd8bc357f091330451a766dec59039a979b3442b374e11c12c8e034", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae2294933cd8bc357f091330451a766dec59039a979b3442b374e11c12c8e034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/api/extern-post-js.c-pp.js"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 121473, "scanner": "repobility-threat-engine", "fingerprint": "ca656b8e1b590d35a9b9b2b18a5ec0cc61c67ce26f1fc3118db386d11f6e390a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec( sp", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ca656b8e1b590d35a9b9b2b18a5ec0cc61c67ce26f1fc3118db386d11f6e390a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext/wasm/common/SqliteTestUtil.js"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 121472, "scanner": "repobility-threat-engine", "fingerprint": "4aa56b9a0e52e8ed43bd124f9dcf54e44da7159b268a3b907d7bc1f2f154ad86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(sqlite3", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4aa56b9a0e52e8ed43bd124f9dcf54e44da7159b268a3b907d7bc1f2f154ad86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/quickstart.c"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 121471, "scanner": "repobility-threat-engine", "fingerprint": "5e7f80553f22b5d6167e23b4e15160b7cf5801736e6341d371d0ba188b8b7007", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(db", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5e7f80553f22b5d6167e23b4e15160b7cf5801736e6341d371d0ba188b8b7007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/go/main.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 121495, "scanner": "repobility-threat-engine", "fingerprint": "24ac2d99706ce186fd8fb50abf4bad45265a6f838bf67361f70359509c002b46", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24ac2d99706ce186fd8fb50abf4bad45265a6f838bf67361f70359509c002b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/showjournal.c"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 121494, "scanner": "repobility-threat-engine", "fingerprint": "ace8502ea500ce16e83bebfe87fbdd3840751297cfb64682fb675f3e56ee110b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ace8502ea500ce16e83bebfe87fbdd3840751297cfb64682fb675f3e56ee110b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/rollback-test.c"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 121493, "scanner": "repobility-threat-engine", "fingerprint": "500c56d057d34567ab2e2d6767534da1f49ef34f91fe400ac6e9445cf578dce2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|500c56d057d34567ab2e2d6767534da1f49ef34f91fe400ac6e9445cf578dce2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tool/pagesig.c"}, "region": {"startLine": 36}}}]}]}]}