{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `extract_names` has cognitive complexity 10 (SonarSource scale). Cognitive", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `extract_names` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED039] Rust Todo Macro (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 46 more): Same pattern found in 46 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar` committed in source repo:", "shortDescription": {"text": "[MINED134] Binary file `benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a "}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@boltffi/demo` pulled from URL/Git: `dependencies.@boltffi/demo` = `file:./dist` bypasses t", "shortDescription": {"text": "[MINED122] package.json dep `@boltffi/demo` pulled from URL/Git: `dependencies.@boltffi/demo` = `file:./dist` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_instance_methods` of class `Blittabl", "shortDescription": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_instance_methods` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This ra"}, "fullDescription": {"text": "Initialize `self.demo_case = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_point_functions: Test function `test_point_functions` runs code but contains no a", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_point_functions: Test function `test_point_functions` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1278"}, "properties": {"repository": "boltffi/boltffi", "repoUrl": "https://github.com/boltffi/boltffi", "branch": "main"}, "results": [{"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f87239c51a3bf46ebc412c43e336d492b7444fe6d6c6cd7129af3e4855cc4e3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_macros/src/experimental/render/function.rs", "duplicate_line": 16, "correlation_key": "fp|f87239c51a3bf46ebc412c43e336d492b7444fe6d6c6cd7129af3e4855cc4e3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_macros/src/experimental/syntax/function.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85aea36cea7176f5cd195dc3fc5f922076dc54c962b68623a51cb86f6db4362b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_macros/src/experimental/render/returns/direct_vec.rs", "duplicate_line": 49, "correlation_key": "fp|85aea36cea7176f5cd195dc3fc5f922076dc54c962b68623a51cb86f6db4362b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_macros/src/experimental/render/returns/scalar_option.rs"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39de5cc9d8d6c96d826cd74e960127e716016a8760082b3b5df971ee1c025334", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_macros/src/experimental/render/returns/fallible.rs", "duplicate_line": 39, "correlation_key": "fp|39de5cc9d8d6c96d826cd74e960127e716016a8760082b3b5df971ee1c025334"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_macros/src/experimental/render/returns/mod.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "954a64b3c72d9390a630fd511f98dc5f937d81e9743a963b570ca3d34ffd6d8f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_macros/src/experimental/render/asynchronous.rs", "duplicate_line": 685, "correlation_key": "fp|954a64b3c72d9390a630fd511f98dc5f937d81e9743a963b570ca3d34ffd6d8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_macros/src/experimental/render/function.rs"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0088ba803117558d6a79a75368991e19ae5faf9e76413e9a73c34b6764bdc13", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_ast/src/primitive.rs", "duplicate_line": 2, "correlation_key": "fp|c0088ba803117558d6a79a75368991e19ae5faf9e76413e9a73c34b6764bdc13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_ffi_rules/src/primitive.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f56a33b7edfb1be1f66f0fa8d540965d6b79677a1309d1bffd42a5cd90f54b40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_cli/src/cargo/config.rs", "duplicate_line": 216, "correlation_key": "fp|f56a33b7edfb1be1f66f0fa8d540965d6b79677a1309d1bffd42a5cd90f54b40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_cli/src/pack/python/plan.rs"}, "region": {"startLine": 197}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b22b439585266926c0830e1246a1cdb3aeefe669e37e33e8ace5871884bd4f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_cli/src/pack/android/mod.rs", "duplicate_line": 82, "correlation_key": "fp|3b22b439585266926c0830e1246a1cdb3aeefe669e37e33e8ace5871884bd4f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_cli/src/pack/kmp.rs"}, "region": {"startLine": 144}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a47c19f4debb1d584587ef6d7e4a2a5407ac3ea3023af5ece267d37b09dcb64", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_cli/src/pack/android/mod.rs", "duplicate_line": 125, "correlation_key": "fp|0a47c19f4debb1d584587ef6d7e4a2a5407ac3ea3023af5ece267d37b09dcb64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_cli/src/pack/dart/mod.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8619ba1a01233ec13c9631f97125750704586f6e84f0f9c3bacff856a050706f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_binding/src/lower/callable/params.rs", "duplicate_line": 92, "correlation_key": "fp|8619ba1a01233ec13c9631f97125750704586f6e84f0f9c3bacff856a050706f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_binding/src/lower/callable/returns.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "95ec9a50d3dc104e0483f68e72f1a7f144e969494ff68a55f29c39096f1434ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_ast/src/primitive.rs", "duplicate_line": 2, "correlation_key": "fp|95ec9a50d3dc104e0483f68e72f1a7f144e969494ff68a55f29c39096f1434ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_binding/src/ir/primitive.rs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6a3f1fb89acdd15c4faf0fe88b176467e3ea5534eb89ea603e38900ac9dbfe8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/python/plan/record.rs", "duplicate_line": 36, "correlation_key": "fp|d6a3f1fb89acdd15c4faf0fe88b176467e3ea5534eb89ea603e38900ac9dbfe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/python/primitives/scalars.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10cb641659ae30a8a92f5d59829cfeeb817fa6c8248ecb509104d9ec2d48a719", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/python/plan/callable.rs", "duplicate_line": 130, "correlation_key": "fp|10cb641659ae30a8a92f5d59829cfeeb817fa6c8248ecb509104d9ec2d48a719"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/python/plan/record.rs"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80daf0af5e8332dbeba881e16d3b2e1caea25074b25d67f99f864e1eee081eb8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/dart/emit.rs", "duplicate_line": 118, "correlation_key": "fp|80daf0af5e8332dbeba881e16d3b2e1caea25074b25d67f99f864e1eee081eb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/kotlin/emit.rs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2e3f328bcee9fd4f70da16d2686337571d2e76a70f9032db24713938902ba61", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/csharp/lower/lowerer.rs", "duplicate_line": 245, "correlation_key": "fp|d2e3f328bcee9fd4f70da16d2686337571d2e76a70f9032db24713938902ba61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/dart/lower/record.rs"}, "region": {"startLine": 140}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0ec0f7f5034c54994f24b6c7613c32c22f419af58a9d708156cbddfbd027a9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/csharp/lower/encode.rs", "duplicate_line": 129, "correlation_key": "fp|a0ec0f7f5034c54994f24b6c7613c32c22f419af58a9d708156cbddfbd027a9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/size.rs"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61043a9c9c4ef5424422fb0ba755fe5762dc94045ed23c717603425d91864055", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/csharp/lower/enumerations.rs", "duplicate_line": 233, "correlation_key": "fp|61043a9c9c4ef5424422fb0ba755fe5762dc94045ed23c717603425d91864055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/records.rs"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00baf68496135c4e5d4977b3a637f4bd66974114944564602b37ffccf9a62184", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/render/csharp/ast/identifier.rs", "duplicate_line": 65, "correlation_key": "fp|00baf68496135c4e5d4977b3a637f4bd66974114944564602b37ffccf9a62184"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/ast/type_shape.rs"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56350119005c2d2158e3c53daa6f558a1494f01effd9b637253c8334c3bf4dfa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/record.rs", "duplicate_line": 58, "correlation_key": "fp|56350119005c2d2158e3c53daa6f558a1494f01effd9b637253c8334c3bf4dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/stream.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90640f68917d1a50fda8dfb1af8f522251886cfa403a2f72b74db7f9cf75e8c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/class.rs", "duplicate_line": 23, "correlation_key": "fp|90640f68917d1a50fda8dfb1af8f522251886cfa403a2f72b74db7f9cf75e8c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/stream.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1fa96690ebd205999b45dbd1c4fe705d7eff5a143a096cff644da17ba12f4937", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/callback_trait.rs", "duplicate_line": 21, "correlation_key": "fp|1fa96690ebd205999b45dbd1c4fe705d7eff5a143a096cff644da17ba12f4937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/stream.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129512, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5991903b25191b0773e3a30681ea0ac0c1adb40c9d826062249e0772fa8f48f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/class.rs", "duplicate_line": 23, "correlation_key": "fp|e5991903b25191b0773e3a30681ea0ac0c1adb40c9d826062249e0772fa8f48f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/record.rs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05cf0ce0d0d8827452e74db68145ef11d1bb002a2f1d39b6eb316e328c59903b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/enumeration.rs", "duplicate_line": 35, "correlation_key": "fp|05cf0ce0d0d8827452e74db68145ef11d1bb002a2f1d39b6eb316e328c59903b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/record.rs"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c53ce7d20f7fbd888cfe5f30e42a58614174b1b492593d59e872a36beb59c6ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/callback_trait.rs", "duplicate_line": 21, "correlation_key": "fp|c53ce7d20f7fbd888cfe5f30e42a58614174b1b492593d59e872a36beb59c6ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/method.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51a655f152b29bd729e7146f1b7a8c81529d7f4d2d6e8d362bf1066b1946572c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/function.rs", "duplicate_line": 29, "correlation_key": "fp|51a655f152b29bd729e7146f1b7a8c81529d7f4d2d6e8d362bf1066b1946572c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/method.rs"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24e04c2156aee48fbb3649b872fcb7c1babe0b3bbf4e1099a92687ce927e816e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/callback_trait.rs", "duplicate_line": 21, "correlation_key": "fp|24e04c2156aee48fbb3649b872fcb7c1babe0b3bbf4e1099a92687ce927e816e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/function.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6cc73c0b4405fb4e7c563cf9a5e625e4b83c9a7bb00f3f9f5e19defeb89d96c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/callback_trait.rs", "duplicate_line": 21, "correlation_key": "fp|6cc73c0b4405fb4e7c563cf9a5e625e4b83c9a7bb00f3f9f5e19defeb89d96c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/enumeration.rs"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129506, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d0fb64609f078d4482229ddc9f756303554661f642b6c1b456512bf743cba4c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/class.rs", "duplicate_line": 23, "correlation_key": "fp|d0fb64609f078d4482229ddc9f756303554661f642b6c1b456512bf743cba4c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/enumeration.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129505, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da254c9f87d31d5d88fef8a8778414c179f66f863ed9362328f13d91c7c65a09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_bindgen/src/model/callback_trait.rs", "duplicate_line": 21, "correlation_key": "fp|da254c9f87d31d5d88fef8a8778414c179f66f863ed9362328f13d91c7c65a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/model/class.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129504, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85d848931b618040bd7c77b3ef89ee8709a3ae7a8c5252f0f0dcdc89610e3429", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_ast/src/primitive.rs", "duplicate_line": 3, "correlation_key": "fp|85d848931b618040bd7c77b3ef89ee8709a3ae7a8c5252f0f0dcdc89610e3429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/ir/plan.rs"}, "region": {"startLine": 107}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 129503, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0870fab9ab97ba48a38c2873ba110b8b796931b3898e28001a18bd7143569114", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "boltffi_ast/src/class.rs", "duplicate_line": 17, "correlation_key": "fp|0870fab9ab97ba48a38c2873ba110b8b796931b3898e28001a18bd7143569114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_ast/src/trait_def.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_names` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=3, nested_bonus=3, ternary=1."}, "properties": {"repobilityId": 129474, "scanner": "repobility-threat-engine", "fingerprint": "c0b1bb3cbc20e2465e73c61e6601ffd5b6accf53eb8c0586a05e1104b9632629", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_names", "breakdown": {"if": 3, "for": 2, "else": 1, "ternary": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|c0b1bb3cbc20e2465e73c61e6601ffd5b6accf53eb8c0586a05e1104b9632629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/audit_benchmark_catalog.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 129502, "scanner": "repobility-threat-engine", "fingerprint": "045a6615b8e49216da62bc703ed80061f656dfd1a9bb77312e1e51441d16963b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|045a6615b8e49216da62bc703ed80061f656dfd1a9bb77312e1e51441d16963b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/wasm/test.mjs"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 129499, "scanner": "repobility-threat-engine", "fingerprint": "db500abfd1207dc69064b579be70eb7e17fb7ce5ae840d8b06e22ae648b8b082", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db500abfd1207dc69064b579be70eb7e17fb7ce5ae840d8b06e22ae648b8b082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/src/components/TypeTable.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 129497, "scanner": "repobility-threat-engine", "fingerprint": "1c9fbb248f481ac20253840a77a96fba45e721b79b89ebbf6b21b5736c9b072c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c9fbb248f481ac20253840a77a96fba45e721b79b89ebbf6b21b5736c9b072c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/src/components/CodeComparison.tsx"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 129496, "scanner": "repobility-threat-engine", "fingerprint": "802c5631e62c5f7218541fce27400176bd6bbda06a31217606ca4d4d918c735f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|802c5631e62c5f7218541fce27400176bd6bbda06a31217606ca4d4d918c735f", "aggregated_count": 22}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 129495, "scanner": "repobility-threat-engine", "fingerprint": "5220e5c1b42db8dceb6da32d4a6339aca11837a084629de772781938854bdd47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5220e5c1b42db8dceb6da32d4a6339aca11837a084629de772781938854bdd47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_core/src/handle.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 129494, "scanner": "repobility-threat-engine", "fingerprint": "1ea67654e888814003ac923421eda31157c51c710e41ec3c49ff861c05f5b6a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ea67654e888814003ac923421eda31157c51c710e41ec3c49ff861c05f5b6a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_core/src/callback/wasm.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 129493, "scanner": "repobility-threat-engine", "fingerprint": "bce8751e7b9830d8aef69e3fc6e72cd3a21215b020ed7417342feca9a6c7138e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bce8751e7b9830d8aef69e3fc6e72cd3a21215b020ed7417342feca9a6c7138e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_core/src/callback/native.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED039", "level": "none", "message": {"text": "[MINED039] Rust Todo Macro (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 129492, "scanner": "repobility-threat-engine", "fingerprint": "dfdd597e941b3d964b3cde6a2760358968b3f4b871a26ae8fa6c263bb06ea57d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dfdd597e941b3d964b3cde6a2760358968b3f4b871a26ae8fa6c263bb06ea57d", "aggregated_count": 2}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 129488, "scanner": "repobility-threat-engine", "fingerprint": "d10e8bf65935f82a1511bc7df93b215a950dc7a13eeae826e57166856572506d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d10e8bf65935f82a1511bc7df93b215a950dc7a13eeae826e57166856572506d", "aggregated_count": 14}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 129487, "scanner": "repobility-threat-engine", "fingerprint": "88ccdcf6a7d605f0b9f9604936d6fcddc21921ae01ced505f5ee6cad96b9a0a9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|88ccdcf6a7d605f0b9f9604936d6fcddc21921ae01ced505f5ee6cad96b9a0a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/prefix.rs"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 129486, "scanner": "repobility-threat-engine", "fingerprint": "24ee675795ad474b34168a97aeee107eeede99853d1f9e3e1a99e3184098927c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24ee675795ad474b34168a97aeee107eeede99853d1f9e3e1a99e3184098927c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/custom.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 129485, "scanner": "repobility-threat-engine", "fingerprint": "403bce0baaf682e4c823592303d29916191e34575e45df353b43efe0ee875dc4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|403bce0baaf682e4c823592303d29916191e34575e45df353b43efe0ee875dc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/ir/lower/codec.rs"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "properties": {"repobilityId": 129484, "scanner": "repobility-threat-engine", "fingerprint": "922a9aab362cf133e77a995f7be395ea99ef8ecef4535dc802a5b2751b9e1c98", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 46 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|922a9aab362cf133e77a995f7be395ea99ef8ecef4535dc802a5b2751b9e1c98", "aggregated_count": 46}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 129483, "scanner": "repobility-threat-engine", "fingerprint": "85c0e4afb1e794599cf4cc59be0e4c88f3b0f3e515b2942ac010e915d4aff93c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85c0e4afb1e794599cf4cc59be0e4c88f3b0f3e515b2942ac010e915d4aff93c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/functions.rs"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 129482, "scanner": "repobility-threat-engine", "fingerprint": "5007ff3a3e9a439c3ab504dfc5f35863d4d85cdf4944ab681daecb53d1f81c78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5007ff3a3e9a439c3ab504dfc5f35863d4d85cdf4944ab681daecb53d1f81c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/custom.rs"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 129481, "scanner": "repobility-threat-engine", "fingerprint": "6e05377c9a027391cec2f9888fdecba5f436fc4d6968bf2cc9c6fb1e19e1bd83", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e05377c9a027391cec2f9888fdecba5f436fc4d6968bf2cc9c6fb1e19e1bd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/ir/lower/codec.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 129480, "scanner": "repobility-threat-engine", "fingerprint": "39b5cf82cd91cf85d465f0290cde0c40bcf7e46710436118b4b94482519432c6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|39b5cf82cd91cf85d465f0290cde0c40bcf7e46710436118b4b94482519432c6", "aggregated_count": 19}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 129476, "scanner": "repobility-threat-engine", "fingerprint": "ac614b29bebcfd5e27da9c088f4e3e5a7c01a7dc660d9fc176fcc474258b1ef6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac614b29bebcfd5e27da9c088f4e3e5a7c01a7dc660d9fc176fcc474258b1ef6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/demo_export_inventory.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 129475, "scanner": "repobility-threat-engine", "fingerprint": "4e2a8dcf50bbbaf093228b5bf41899293dfc769a821ae5c27d6f9b96c553b15b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 5, "and": 1, "for": 2, "else": 3, "ternary": 4, "nested_bonus": 13}, "aggregated": true, "complexity": 28, "correlation_key": "fp|4e2a8dcf50bbbaf093228b5bf41899293dfc769a821ae5c27d6f9b96c553b15b", "aggregated_count": 10}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 129471, "scanner": "repobility-threat-engine", "fingerprint": "15c03cefadc65caf7d88ac4df8a4ea177ddff6989a5c8bf9721756b7f9615899", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15c03cefadc65caf7d88ac4df8a4ea177ddff6989a5c8bf9721756b7f9615899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/adapters/uniffi/build-xcframework.sh"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 713 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 129588, "scanner": "repobility-supply-chain", "fingerprint": "525bfe924322b85562a243c03eed6af26309cbd50ec45b18a8bb600610456052", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|525bfe924322b85562a243c03eed6af26309cbd50ec45b18a8bb600610456052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/java-jvm-bench/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `benchmarks/harnesses/kotlin-jvm-bench/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `benchmarks/harnesses/kotlin-jvm-bench/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,462 bytes) committed to a repo that otherwise has 713 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 129587, "scanner": "repobility-supply-chain", "fingerprint": "62b9d9df2eab35344e7a3d5e6aeb11ef3545f607b5a5cc29200ee2acd3b50794", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|62b9d9df2eab35344e7a3d5e6aeb11ef3545f607b5a5cc29200ee2acd3b50794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/kotlin-jvm-bench/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129586, "scanner": "repobility-supply-chain", "fingerprint": "a899f0e9a0c735256c2964a21d7d77af68112aa262102d31eaf38bd511a9f73b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a899f0e9a0c735256c2964a21d7d77af68112aa262102d31eaf38bd511a9f73b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129585, "scanner": "repobility-supply-chain", "fingerprint": "a1c016f3760d6a1e8920a6cae32cce6674a9acb14de971139d377b5eea03737b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1c016f3760d6a1e8920a6cae32cce6674a9acb14de971139d377b5eea03737b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129584, "scanner": "repobility-supply-chain", "fingerprint": "5cd7a91d01478a6c00b8c6bd547a75ba806d7e5632de368965da1a094616cf3c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cd7a91d01478a6c00b8c6bd547a75ba806d7e5632de368965da1a094616cf3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129583, "scanner": "repobility-supply-chain", "fingerprint": "fb14ed9d12845575d699aa5344f251ef350a893c0ae7e8e4612368f84c951ec0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb14ed9d12845575d699aa5344f251ef350a893c0ae7e8e4612368f84c951ec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@nightly`: `uses: dtolnay/rust-toolchain@nightly` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129582, "scanner": "repobility-supply-chain", "fingerprint": "799f061ec900c7abac26c0ddfefa72cc2ebc8fab0ba94ab7ab4c0ab27f485924", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|799f061ec900c7abac26c0ddfefa72cc2ebc8fab0ba94ab7ab4c0ab27f485924"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129581, "scanner": "repobility-supply-chain", "fingerprint": "ae24e2a5e312dc0c86206376ed2c2c7a4a54f25511dfa67ada9cca416b0b3f10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae24e2a5e312dc0c86206376ed2c2c7a4a54f25511dfa67ada9cca416b0b3f10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129580, "scanner": "repobility-supply-chain", "fingerprint": "1a9ab017e579bc39d104d43c1cb02a0b19a82d5968def3a9e3f096570496222e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a9ab017e579bc39d104d43c1cb02a0b19a82d5968def3a9e3f096570496222e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129579, "scanner": "repobility-supply-chain", "fingerprint": "76e5af821d58a60d3a4a7e5d3412c515fb9b2a0e3750bad70d65fff4bd0fe6f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76e5af821d58a60d3a4a7e5d3412c515fb9b2a0e3750bad70d65fff4bd0fe6f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129578, "scanner": "repobility-supply-chain", "fingerprint": "c3cfd420f13437b151ce659ccb3c0bd30e5a7d8f25066d469bf39d1fc5c0071e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c3cfd420f13437b151ce659ccb3c0bd30e5a7d8f25066d469bf39d1fc5c0071e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129577, "scanner": "repobility-supply-chain", "fingerprint": "0aefd126523cfa476c93d2c1a32e721dee0834d2b3aaa3ed00946f7e7d05f93d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0aefd126523cfa476c93d2c1a32e721dee0834d2b3aaa3ed00946f7e7d05f93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129576, "scanner": "repobility-supply-chain", "fingerprint": "3f4763174399dd743e3eea08afd52c61dd47daaae76612b11d8dc270ad1e8d36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f4763174399dd743e3eea08afd52c61dd47daaae76612b11d8dc270ad1e8d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129575, "scanner": "repobility-supply-chain", "fingerprint": "54f111f5c27cb116416e4401d650ffc2dade3b4ae29b6f4d58d24413d9ea2f00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54f111f5c27cb116416e4401d650ffc2dade3b4ae29b6f4d58d24413d9ea2f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129574, "scanner": "repobility-supply-chain", "fingerprint": "8aa2443c98749d0b20ccf6ea0411c646e9cd89803e082aaa28e0f27c59aa72ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8aa2443c98749d0b20ccf6ea0411c646e9cd89803e082aaa28e0f27c59aa72ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129573, "scanner": "repobility-supply-chain", "fingerprint": "abe1f2b938301507348aebdc3cc2563278ff403919f238410e2bd6df21ae15d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|abe1f2b938301507348aebdc3cc2563278ff403919f238410e2bd6df21ae15d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129572, "scanner": "repobility-supply-chain", "fingerprint": "53f04456971205cfd0125b357e354bb0c710e6e3a8ff96f3de8a7d2496f7fef1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|53f04456971205cfd0125b357e354bb0c710e6e3a8ff96f3de8a7d2496f7fef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129571, "scanner": "repobility-supply-chain", "fingerprint": "ef0cdd0ab58e0f148a81259cdae3c070cdc111c1c9a99e74050d420dea1e802a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef0cdd0ab58e0f148a81259cdae3c070cdc111c1c9a99e74050d420dea1e802a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129570, "scanner": "repobility-supply-chain", "fingerprint": "85ac22c5e69b177962f9c4c800a50842542e0a494ae1bfa3bf513f2fd2160abe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85ac22c5e69b177962f9c4c800a50842542e0a494ae1bfa3bf513f2fd2160abe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129569, "scanner": "repobility-supply-chain", "fingerprint": "c977afa33e0b2caf80160a75ea5cc6829198e2ef28b8ee483cb691d72d337f45", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c977afa33e0b2caf80160a75ea5cc6829198e2ef28b8ee483cb691d72d337f45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129568, "scanner": "repobility-supply-chain", "fingerprint": "e9f757e55ec165785696c0881cebbb21aff7431340c4cae4eb24ae3a49bf78bb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e9f757e55ec165785696c0881cebbb21aff7431340c4cae4eb24ae3a49bf78bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129567, "scanner": "repobility-supply-chain", "fingerprint": "9cc59ef5d8163febf785ab434ad3f00d283efa166fd57871212f298d65da71b9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9cc59ef5d8163febf785ab434ad3f00d283efa166fd57871212f298d65da71b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129566, "scanner": "repobility-supply-chain", "fingerprint": "0d3deab8928db24243ebf065629c7279e5d62d994a3de96a0aca1a7f6d784fb3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d3deab8928db24243ebf065629c7279e5d62d994a3de96a0aca1a7f6d784fb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129565, "scanner": "repobility-supply-chain", "fingerprint": "bc76d69006df768202707ead2582fd0a32a3349ffbe4118a5829e4487f786636", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc76d69006df768202707ead2582fd0a32a3349ffbe4118a5829e4487f786636"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129564, "scanner": "repobility-supply-chain", "fingerprint": "ed356a82ab4bb3852666c80be2df74eb6b30135ef8b4d1216a997dc8bb2a6c18", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed356a82ab4bb3852666c80be2df74eb6b30135ef8b4d1216a997dc8bb2a6c18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129563, "scanner": "repobility-supply-chain", "fingerprint": "9ece51870ade162035e1dabb8b89196e668cb5370f27de936a49d9147eceaa4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ece51870ade162035e1dabb8b89196e668cb5370f27de936a49d9147eceaa4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-ci.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 129562, "scanner": "repobility-supply-chain", "fingerprint": "71cebfcd961c5550b2c4029aa1d68fda9cc6b3a6be3204e4bc9005ab1a7464a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71cebfcd961c5550b2c4029aa1d68fda9cc6b3a6be3204e4bc9005ab1a7464a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-ci.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@boltffi/demo` pulled from URL/Git: `dependencies.@boltffi/demo` = `file:./dist` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 129561, "scanner": "repobility-supply-chain", "fingerprint": "2df0fce8724f57bc36cc5fbdbb22326904d2701add6627592e53688b6d757bdb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2df0fce8724f57bc36cc5fbdbb22326904d2701add6627592e53688b6d757bdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/wasm/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@boltffi/runtime` pulled from URL/Git: `dependencies.@boltffi/runtime` = `file:../../../runtime/typescript` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 129560, "scanner": "repobility-supply-chain", "fingerprint": "98b9765b065c64764d51503fd0767289cb563ab993a0dd9d7637af2e33acf491", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98b9765b065c64764d51503fd0767289cb563ab993a0dd9d7637af2e33acf491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/wasm/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@boltffi/runtime` pulled from URL/Git: `dependencies.@boltffi/runtime` = `file:../../../runtime/typescript` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 129559, "scanner": "repobility-supply-chain", "fingerprint": "86ff7c822767450074d4d5c67bfe36d4dbb3ff993be77885b37a78c4d0bf24ee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86ff7c822767450074d4d5c67bfe36d4dbb3ff993be77885b37a78c4d0bf24ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/wasm-bench/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_instance_methods` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129558, "scanner": "repobility-ast-engine", "fingerprint": "7fb917191e9f4a0f4f1145ad7fec96dec01dddd2f572f37ff100d4e7dc0353a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7fb917191e9f4a0f4f1145ad7fec96dec01dddd2f572f37ff100d4e7dc0353a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129557, "scanner": "repobility-ast-engine", "fingerprint": "90f0ca7c381cd2dd3b56f6d8881a2c9a8b8031db0b21db8a9e889aeb3a97522e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90f0ca7c381cd2dd3b56f6d8881a2c9a8b8031db0b21db8a9e889aeb3a97522e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129556, "scanner": "repobility-ast-engine", "fingerprint": "adf83ffd47eff1c77bccee267e29c88735ba6953bde8f13b240815b422727489", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|adf83ffd47eff1c77bccee267e29c88735ba6953bde8f13b240815b422727489"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_point` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.assert_point`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129555, "scanner": "repobility-ast-engine", "fingerprint": "4c289740da5739a8279e03160b88547c55f4d4c39e22a157dd9230b546ca2083", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c289740da5739a8279e03160b88547c55f4d4c39e22a157dd9230b546ca2083"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129554, "scanner": "repobility-ast-engine", "fingerprint": "099e4a1b783dc9d99c7ba3305206de132fc4f01ede684912629c7b7f48b3bb38", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|099e4a1b783dc9d99c7ba3305206de132fc4f01ede684912629c7b7f48b3bb38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_point` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.assert_point`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129553, "scanner": "repobility-ast-engine", "fingerprint": "d7214e96cd1feb4ce8ff5f7c31e7467eb3abd7cd6d4017db7a7c26d8ea2d0da3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7214e96cd1feb4ce8ff5f7c31e7467eb3abd7cd6d4017db7a7c26d8ea2d0da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129552, "scanner": "repobility-ast-engine", "fingerprint": "07208810f343bfd2b490ddd92c2c65dc85c345055adf6e7d4b9f3eab2f782379", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07208810f343bfd2b490ddd92c2c65dc85c345055adf6e7d4b9f3eab2f782379"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_point` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.assert_point`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129551, "scanner": "repobility-ast-engine", "fingerprint": "bc0d883fc2b23457c0f6fe16c9cba9718933d85eca8883ccaae50e4fe23328ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc0d883fc2b23457c0f6fe16c9cba9718933d85eca8883ccaae50e4fe23328ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.demo_case` used but never assigned in __init__: Method `test_point_surface` of class `BlittableRecordsTests` reads `self.demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129550, "scanner": "repobility-ast-engine", "fingerprint": "a17dd47376d126b1f7aad9624d955eb90b1cd23b2da41b009fe5489d693430bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a17dd47376d126b1f7aad9624d955eb90b1cd23b2da41b009fe5489d693430bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `assert_point` of class `BlittableRecordsTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129549, "scanner": "repobility-ast-engine", "fingerprint": "0f3425fe90e63988c4bbe680f6d27229e39e2c56d664693cc56d18973c2c8672", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f3425fe90e63988c4bbe680f6d27229e39e2c56d664693cc56d18973c2c8672"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `assert_point` of class `BlittableRecordsTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129548, "scanner": "repobility-ast-engine", "fingerprint": "5658ea89b8f01f40462a271443fe20cd11dbc0464447d70936fbcaec65162c47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5658ea89b8f01f40462a271443fe20cd11dbc0464447d70936fbcaec65162c47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertIsInstance` used but never assigned in __init__: Method `assert_point` of class `BlittableRecordsTests` reads `self.assertIsInstance`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129547, "scanner": "repobility-ast-engine", "fingerprint": "e04ff30ebf68117fe050adf192cdbd5716e430e5a339e66eb22b65c269dc842f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e04ff30ebf68117fe050adf192cdbd5716e430e5a339e66eb22b65c269dc842f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_point_functions: Test function `test_point_functions` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 129546, "scanner": "repobility-ast-engine", "fingerprint": "c92776bae85107679320c865f2966d9eadbb4225322414ffaeba8742d4d5ec93", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c92776bae85107679320c865f2966d9eadbb4225322414ffaeba8742d4d5ec93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/records/test_blittable.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._current_demo_case` used but never assigned in __init__: Method `_callTestMethod` of class `DemoTestCase` reads `self._current_demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129545, "scanner": "repobility-ast-engine", "fingerprint": "a9b48979cbf83adf22cb6ceb6ca1c7f1db7b2d9737d19eed447bc314d3c86e58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9b48979cbf83adf22cb6ceb6ca1c7f1db7b2d9737d19eed447bc314d3c86e58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/support.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._current_demo_case` used but never assigned in __init__: Method `fail` of class `DemoTestCase` reads `self._current_demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129544, "scanner": "repobility-ast-engine", "fingerprint": "ff1a5317dd682d66754db8154bfd2d62fe9fda999663142d4043920bc894dd3e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff1a5317dd682d66754db8154bfd2d62fe9fda999663142d4043920bc894dd3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/support.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._current_demo_case` used but never assigned in __init__: Method `fail` of class `DemoTestCase` reads `self._current_demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129543, "scanner": "repobility-ast-engine", "fingerprint": "56733b06d32682f2f0a59a1482b9f1c35f00531cf7ab82e8108984e10f91ae1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56733b06d32682f2f0a59a1482b9f1c35f00531cf7ab82e8108984e10f91ae1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/support.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._current_demo_case` used but never assigned in __init__: Method `demo_case` of class `DemoTestCase` reads `self._current_demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129542, "scanner": "repobility-ast-engine", "fingerprint": "a309d8288e05d3d106d91fa7d4c7f982d3ef590b20b49776bdc8750f293288ea", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a309d8288e05d3d106d91fa7d4c7f982d3ef590b20b49776bdc8750f293288ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/support.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._current_demo_case` used but never assigned in __init__: Method `setUp` of class `DemoTestCase` reads `self._current_demo_case`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129541, "scanner": "repobility-ast-engine", "fingerprint": "3ef6cb466d42d100689b7784f5aa5a5a5fd48f6662e18a5ba271cc1e09c83add", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ef6cb466d42d100689b7784f5aa5a5a5fd48f6662e18a5ba271cc1e09c83add"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/tests/support.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._purge_demo_modules` used but never assigned in __init__: Method `_load_boltffi_module` of class `PythonBenchmarkHarness` reads `self._purge_demo_modules`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129540, "scanner": "repobility-ast-engine", "fingerprint": "694578ed823d5d1130f3542976c1883963f9d81357134c9281ca4075423457a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|694578ed823d5d1130f3542976c1883963f9d81357134c9281ca4075423457a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/python-bench/bench.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._cases` used but never assigned in __init__: Method `selected_cases` of class `PythonBenchmarkHarness` reads `self._cases`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129539, "scanner": "repobility-ast-engine", "fingerprint": "18109e7f5af12dc5109f3ca2861e22d11f3314b39d2947b12b42cb50d1f42c48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18109e7f5af12dc5109f3ca2861e22d11f3314b39d2947b12b42cb50d1f42c48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/python-bench/bench.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129538, "scanner": "repobility-ast-engine", "fingerprint": "4f7234c3b5de5a24cd9a02a64d82f7cf2d390fd6656af63a1242690d1c05995d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4f7234c3b5de5a24cd9a02a64d82f7cf2d390fd6656af63a1242690d1c05995d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129537, "scanner": "repobility-ast-engine", "fingerprint": "5f8838c59973b54a5d24513ad461d4562027112f352f1d3b764e32ed6b9f7cee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f8838c59973b54a5d24513ad461d4562027112f352f1d3b764e32ed6b9f7cee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129536, "scanner": "repobility-ast-engine", "fingerprint": "517c5786cd008afb5a2946cacc6f2fed1a6f92284056e1204bceafce8b9f760a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|517c5786cd008afb5a2946cacc6f2fed1a6f92284056e1204bceafce8b9f760a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129535, "scanner": "repobility-ast-engine", "fingerprint": "37427e8f914d07270bb8464a9ae0386feae11bd7f9af2fcb477a7750aee0ed3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37427e8f914d07270bb8464a9ae0386feae11bd7f9af2fcb477a7750aee0ed3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129534, "scanner": "repobility-ast-engine", "fingerprint": "7eeaedcc9df727b3523e8e08f4184819f41b819338c991a113e528fc60693e7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7eeaedcc9df727b3523e8e08f4184819f41b819338c991a113e528fc60693e7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_reads_multiple_reports_as_one_run` of class `BenchmarkDotNetResultsTests` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 129533, "scanner": "repobility-ast-engine", "fingerprint": "734d17513001ac2fac5c0cc468d701e041bfe1840ac7baab8aa2d4958fd266b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|734d17513001ac2fac5c0cc468d701e041bfe1840ac7baab8aa2d4958fd266b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/scripts/test_benchmarkdotnet_to_run.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 129501, "scanner": "repobility-threat-engine", "fingerprint": "42ec43ed7e8cfd528b4ed395eafc24cb549915d89969ec62ae7cdb426b4115c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|42ec43ed7e8cfd528b4ed395eafc24cb549915d89969ec62ae7cdb426b4115c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/platforms/python/test-demo.sh"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 129500, "scanner": "repobility-threat-engine", "fingerprint": "a36df12f8700ce5963fb7c22fde86bbeeb720b39bd15828eb041b3f8204b0239", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a36df12f8700ce5963fb7c22fde86bbeeb720b39bd15828eb041b3f8204b0239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/demo/src/builtins/mod.rs"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 129498, "scanner": "repobility-threat-engine", "fingerprint": "c78e9cff315622f8608dd0011bc6ca1d134fa21f90a27a68a8622d3ee2d8c1c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "next.delete(id);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c78e9cff315622f8608dd0011bc6ca1d134fa21f90a27a68a8622d3ee2d8c1c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/src/components/Sidebar.tsx"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 129491, "scanner": "repobility-threat-engine", "fingerprint": "d4ae05f92e6c415f7580390637a553cd19428eac16423e0cdc63305dfe50a5db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4ae05f92e6c415f7580390637a553cd19428eac16423e0cdc63305dfe50a5db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_scan/src/items/constant.rs"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 129490, "scanner": "repobility-threat-engine", "fingerprint": "3e93650fdb3bbb389b20855f11c15be5dbe6c77670bfcaa2ee482a7024f2f46a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e93650fdb3bbb389b20855f11c15be5dbe6c77670bfcaa2ee482a7024f2f46a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_scan/src/items/class.rs"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 129489, "scanner": "repobility-threat-engine", "fingerprint": "f55b80c4b7bc8024c8825c556723d66135cd544e1606fdc90faa8410d101bd20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f55b80c4b7bc8024c8825c556723d66135cd544e1606fdc90faa8410d101bd20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/lower/types.rs"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 129479, "scanner": "repobility-threat-engine", "fingerprint": "b2f145f8a9b7282a21ceb9809bb0898b53f5728e0c784f78db9927bf1c3b337f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2f145f8a9b7282a21ceb9809bb0898b53f5728e0c784f78db9927bf1c3b337f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/render/csharp/ast/comment.rs"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 129478, "scanner": "repobility-threat-engine", "fingerprint": "c6fe32b1873af5c3f4ffbeb819175c1b1f52cebe07034f121ebc9580f5a3df1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c6fe32b1873af5c3f4ffbeb819175c1b1f52cebe07034f121ebc9580f5a3df1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/lib.rs"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 129477, "scanner": "repobility-threat-engine", "fingerprint": "1c99e72fb157a25e9f8883570b52149d6c9e2bc0a52d77941c1d727ab8555fd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1c99e72fb157a25e9f8883570b52149d6c9e2bc0a52d77941c1d727ab8555fd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "boltffi_bindgen/src/ir/contract.rs"}, "region": {"startLine": 118}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 43 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=4, elif=2, else=3, for=2, if=10, nested_bonus=20, ternary=2."}, "properties": {"repobilityId": 129473, "scanner": "repobility-threat-engine", "fingerprint": "afc3d2891b557d94f3670ab9eb0b8ed8a027aa8d774b9200a703d1b262580621", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 43 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 10, "for": 2, "elif": 2, "else": 3, "ternary": 2, "continue": 4, "nested_bonus": 20}, "complexity": 43, "correlation_key": "fp|afc3d2891b557d94f3670ab9eb0b8ed8a027aa8d774b9200a703d1b262580621"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/swift-macos-bench/format_bench.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, else=3, for=2, if=5, nested_bonus=13, ternary=4."}, "properties": {"repobilityId": 129472, "scanner": "repobility-threat-engine", "fingerprint": "f8c099b8c6972e9468b7e8b179c364407d1ddbad6cbc45cfebe5798f70dc0a8d", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 5, "and": 1, "for": 2, "else": 3, "ternary": 4, "nested_bonus": 13}, "complexity": 28, "correlation_key": "fp|f8c099b8c6972e9468b7e8b179c364407d1ddbad6cbc45cfebe5798f70dc0a8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/harnesses/kotlin-jvm-bench/jmh_report.py"}, "region": {"startLine": 81}}}]}]}]}