{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED081", "name": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr.", "shortDescription": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `codecov/codecov-action` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: codecov/codecov-action@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/java:1.1.0-` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/java:1.1.0-` not pinned by digest"}, "fullDescription": {"text": "`FROM mcr.microsoft.com/vscode/devcontainers/java:1.1.0-` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/852"}, "properties": {"repository": "TheAlgorithms/Java", "repoUrl": "https://github.com/TheAlgorithms/Java", "branch": "master"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 76864, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 76863, "scanner": "repobility-docker", "fingerprint": "e09a301585bb675c217cbb4f2f226e3f91a78c61b568c20cf5e57d59308163f9", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "mcr.microsoft.com/vscode/devcontainers/java:1.1.0-${VARIANT}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e09a301585bb675c217cbb4f2f226e3f91a78c61b568c20cf5e57d59308163f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 76861, "scanner": "repobility-threat-engine", "fingerprint": "374fda805b23bfb4484b87343a4420535001b11a10c7bd196d8905e6ede90ab0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * (high - low + 1));\n        SortUtils.swap(array, piv", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|374fda805b23bfb4484b87343a4420535001b11a10c7bd196d8905e6ede90ab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/sorts/IntrospectiveSort.java"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 76860, "scanner": "repobility-threat-engine", "fingerprint": "0d0f3ae2b83590ff5e61a22717b3eda556288fbff4363c4564abb3c956fd68e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random() * (high - low + 1));\n        int pivotValue = arr[piv", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d0f3ae2b83590ff5e61a22717b3eda556288fbff4363c4564abb3c956fd68e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/randomized/RandomizedQuickSort.java"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 76851, "scanner": "repobility-threat-engine", "fingerprint": "8ab6c551e32d8055cfbb43f45349e329d607c95ec9fa997bafedf9ad89521d24", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Bit length must be at least \" + MIN_BIT_LENGTH + \" for security.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ab6c551e32d8055cfbb43f45349e329d607c95ec9fa997bafedf9ad89521d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/ciphers/ElGamalCipher.java"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 76850, "scanner": "repobility-threat-engine", "fingerprint": "299f2efa62c98ec58086bb2ae70aefefa8c8f0d13a32333021629dee0eeb89b1", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\" no way to place \" + queens + \" queens on board of size \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|299f2efa62c98ec58086bb2ae70aefefa8c8f0d13a32333021629dee0eeb89b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/backtracking/NQueens.java"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 76849, "scanner": "repobility-threat-engine", "fingerprint": "bcd15a6c841e9f53a12f311c2f4dcc8d6eac1dee951a68fef871a5a0891c18e0", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"aCoeffs must be of size \" + order + \", got \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bcd15a6c841e9f53a12f311c2f4dcc8d6eac1dee951a68fef871a5a0891c18e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/audiofilters/IIRFilter.java"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58e477e9b7e552e95e6dbbf2f55b80370951d46248cf908c4bebeadd7896e0b8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/graph/Dinic.java", "duplicate_line": 13, "correlation_key": "fp|58e477e9b7e552e95e6dbbf2f55b80370951d46248cf908c4bebeadd7896e0b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/graph/PushRelabel.java"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5cfa86fca79dfc3cce87046df253a7e8ea442397fa5dbe9e93d6b501510d0ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/graph/EdmondsKarp.java", "duplicate_line": 34, "correlation_key": "fp|f5cfa86fca79dfc3cce87046df253a7e8ea442397fa5dbe9e93d6b501510d0ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/graph/GomoryHuTree.java"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa62c0d6a0b765f8ae67c2015d4be945b226b928288796b2561c3720fcc819cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/datastructures/lists/CircleLinkedList.java", "duplicate_line": 34, "correlation_key": "fp|fa62c0d6a0b765f8ae67c2015d4be945b226b928288796b2561c3720fcc819cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/lists/CircularDoublyLinkedList.java"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0e481c11b1d922baad4bef47a8e7c98f879eb71d03edf9b28df143d44ab11388", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/datastructures/hashmap/hashing/GenericHashMapUsingArray.java", "duplicate_line": 49, "correlation_key": "fp|0e481c11b1d922baad4bef47a8e7c98f879eb71d03edf9b28df143d44ab11388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/hashmap/hashing/GenericHashMapUsingArrayList.java"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a8bbd7f8ed664b138f535b499323e7d90d10db22f4eebfd3e5f60fa5f36eaf3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/datastructures/caches/FIFOCache.java", "duplicate_line": 39, "correlation_key": "fp|2a8bbd7f8ed664b138f535b499323e7d90d10db22f4eebfd3e5f60fa5f36eaf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/caches/RRCache.java"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb4032eb781b6e8b9852b7a4c030cb89baa2d97d452d728ca2bcece704a9d26d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/datastructures/caches/LRUCache.java", "duplicate_line": 72, "correlation_key": "fp|bb4032eb781b6e8b9852b7a4c030cb89baa2d97d452d728ca2bcece704a9d26d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/caches/MRUCache.java"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76817, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17b53be7b3c1d0260fd08016307189f9c6737a843e30f2aea40b0f0ba54dc085", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/com/thealgorithms/datastructures/caches/FIFOCache.java", "duplicate_line": 16, "correlation_key": "fp|17b53be7b3c1d0260fd08016307189f9c6737a843e30f2aea40b0f0ba54dc085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/caches/LIFOCache.java"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 76862, "scanner": "repobility-docker", "fingerprint": "be0b8d3313ec22a72b48539b1312df5fbae576eaa5d6eddf2b7c67f037b4ce25", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "mcr.microsoft.com/vscode/devcontainers/java:1.1.0-${VARIANT}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|be0b8d3313ec22a72b48539b1312df5fbae576eaa5d6eddf2b7c67f037b4ce25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 76859, "scanner": "repobility-threat-engine", "fingerprint": "6e680fdb03920076c860f771db710f7a823ac598770b328578f42a5933cfda5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e680fdb03920076c860f771db710f7a823ac598770b328578f42a5933cfda5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/others/Mandelbrot.java"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED081", "level": "none", "message": {"text": "[MINED081] Java Printstacktrace: Should use logger, not stack trace to stderr."}, "properties": {"repobilityId": 76858, "scanner": "repobility-threat-engine", "fingerprint": "c293beacede6eb59dde560a8b7180730fb953681e76b68295ee953246cce0ec8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-printstacktrace", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348125+00:00", "triaged_in_corpus": 12, "observations_count": 2934, "ai_coder_pattern_id": 126}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c293beacede6eb59dde560a8b7180730fb953681e76b68295ee953246cce0ec8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/others/KochSnowflake.java"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 76857, "scanner": "repobility-threat-engine", "fingerprint": "23e4a264aa1da40ed79eaae8b61fcbb66b394e64a173d2875c941118575ea8da", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23e4a264aa1da40ed79eaae8b61fcbb66b394e64a173d2875c941118575ea8da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/others/CRCAlgorithm.java"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 76856, "scanner": "repobility-threat-engine", "fingerprint": "2a0e716e79df2640561f1b7cc7fecb64b7a5dace6951f4f6ccba5a42de1b1e89", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a0e716e79df2640561f1b7cc7fecb64b7a5dace6951f4f6ccba5a42de1b1e89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/maths/SimpsonIntegration.java"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 76855, "scanner": "repobility-threat-engine", "fingerprint": "78a82056f03542437801fc3fcad04531b2e37bd5c77f8d1164be84841c79cfff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78a82056f03542437801fc3fcad04531b2e37bd5c77f8d1164be84841c79cfff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/maths/MagicSquare.java"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 76853, "scanner": "repobility-threat-engine", "fingerprint": "73f1cffb2ce15ee0c84c8ebee2616013fa501d6142baa7765d4ab1f9a59d2d29", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|131|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/crdt/ORSet.java"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 76852, "scanner": "repobility-threat-engine", "fingerprint": "d934ad8b5820c11633d6d2f46061969ad940712dfde399ec7b49fa975888b725", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d934ad8b5820c11633d6d2f46061969ad940712dfde399ec7b49fa975888b725"}}}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76854, "scanner": "repobility-threat-engine", "fingerprint": "cfdcbbddd9b47288ddb4fefa1e032916e87d4b458bf8aafa94e941adb5605490", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.delete();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cfdcbbddd9b47288ddb4fefa1e032916e87d4b458bf8aafa94e941adb5605490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/com/thealgorithms/datastructures/heaps/MinPriorityQueue.java"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76848, "scanner": "repobility-supply-chain", "fingerprint": "e42a9d04f347c8e18da826afabd4d2ea3a1c2fd5448d8a61abd05fb3efb3f03c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e42a9d04f347c8e18da826afabd4d2ea3a1c2fd5448d8a61abd05fb3efb3f03c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76847, "scanner": "repobility-supply-chain", "fingerprint": "edc98d3c456e68bc038ef5720e457699f8267f92f6e508ebd6cbe4e48ead9435", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|edc98d3c456e68bc038ef5720e457699f8267f92f6e508ebd6cbe4e48ead9435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 76846, "scanner": "repobility-supply-chain", "fingerprint": "90d1e9406200a0c2079b13e8b43331c0e26b3329936a50ce69874c2177720386", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90d1e9406200a0c2079b13e8b43331c0e26b3329936a50ce69874c2177720386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76845, "scanner": "repobility-supply-chain", "fingerprint": "04bf616ff4b0602eaec80948206413847226247f51971894d15c8d2c61aeab7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04bf616ff4b0602eaec80948206413847226247f51971894d15c8d2c61aeab7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `DoozyX/clang-format-lint-action` pinned to mutable ref `@v0.20`"}, "properties": {"repobilityId": 76844, "scanner": "repobility-supply-chain", "fingerprint": "dfb2b061dbf5b52c4271a23cd4779838c2815e8915d4366af502c4021c088db3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dfb2b061dbf5b52c4271a23cd4779838c2815e8915d4366af502c4021c088db3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clang-format-lint.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76843, "scanner": "repobility-supply-chain", "fingerprint": "fa07e7e882cf0024cac42d93a1893a4ba836a818b50406b8ecc055e95dd76fea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa07e7e882cf0024cac42d93a1893a4ba836a818b50406b8ecc055e95dd76fea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clang-format-lint.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 76842, "scanner": "repobility-supply-chain", "fingerprint": "eb4e8da9c6586ba2c70d0572115e42fd28750c3934196c3ce7dc31bd85a1fb12", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb4e8da9c6586ba2c70d0572115e42fd28750c3934196c3ce7dc31bd85a1fb12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76841, "scanner": "repobility-supply-chain", "fingerprint": "488708189416a90a18694e53e2bb38c0054aa5173e31e4aea691227abd17f3c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|488708189416a90a18694e53e2bb38c0054aa5173e31e4aea691227abd17f3c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/project_structure.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76840, "scanner": "repobility-supply-chain", "fingerprint": "8a1b788b9ed856a41124128508f260c8a6f3ef127c17b099f2770a7f2b0f00cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a1b788b9ed856a41124128508f260c8a6f3ef127c17b099f2770a7f2b0f00cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/project_structure.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `srz-zumix/setup-infer` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 76839, "scanner": "repobility-supply-chain", "fingerprint": "f22f8276daecde49f1e9447d29432ab9cc993aacb2a0fcdd2743644a5e75a8d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f22f8276daecde49f1e9447d29432ab9cc993aacb2a0fcdd2743644a5e75a8d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/infer.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 76838, "scanner": "repobility-supply-chain", "fingerprint": "f33c3ce8ce920d73acfc059be17d2160936afe79730338180d617474de7054ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f33c3ce8ce920d73acfc059be17d2160936afe79730338180d617474de7054ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/infer.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76837, "scanner": "repobility-supply-chain", "fingerprint": "add6c37a0affbd32ec082dd8ab3f9b106e74a862394c44d762f47cb1819e0f94", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|add6c37a0affbd32ec082dd8ab3f9b106e74a862394c44d762f47cb1819e0f94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/infer.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v9`"}, "properties": {"repobilityId": 76836, "scanner": "repobility-supply-chain", "fingerprint": "e12e75fd42e0070bfcdab696251b27cb54fe255aa075a5c3e780120fa54f7be6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e12e75fd42e0070bfcdab696251b27cb54fe255aa075a5c3e780120fa54f7be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close-failed-prs.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-pull-request` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 76835, "scanner": "repobility-supply-chain", "fingerprint": "ac12d13230310bb22c1db03534de4349ae0a1b8594b6acf054140911340ed699", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac12d13230310bb22c1db03534de4349ae0a1b8594b6acf054140911340ed699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-directorymd.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `DenizAltunkapan/directory-tree-generator` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 76834, "scanner": "repobility-supply-chain", "fingerprint": "34c8215a5cf6b554b5337177834d784c139387024e533910cb8b8f6623d5b4e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|34c8215a5cf6b554b5337177834d784c139387024e533910cb8b8f6623d5b4e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-directorymd.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76833, "scanner": "repobility-supply-chain", "fingerprint": "17d990cd3cc521bceea2020e8d58d4f8c7f38355a371225474960bdb3ce624c6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17d990cd3cc521bceea2020e8d58d4f8c7f38355a371225474960bdb3ce624c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-directorymd.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/analyze` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 76832, "scanner": "repobility-supply-chain", "fingerprint": "e3e48cb65029ade1afe1f09212cd841598d4aa3495521ff7bad92b33e1b2913b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3e48cb65029ade1afe1f09212cd841598d4aa3495521ff7bad92b33e1b2913b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/init` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 76831, "scanner": "repobility-supply-chain", "fingerprint": "1cc1d49d225e9b76122b84c8f9319814eae7cb9de3c43fe14d8519dc40f77b12", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1cc1d49d225e9b76122b84c8f9319814eae7cb9de3c43fe14d8519dc40f77b12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76830, "scanner": "repobility-supply-chain", "fingerprint": "bbdf7db468c5021a4e8f2566199a48f14d336db4ef02f5e5a4e24952589f7ad9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bbdf7db468c5021a4e8f2566199a48f14d336db4ef02f5e5a4e24952589f7ad9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/analyze` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 76829, "scanner": "repobility-supply-chain", "fingerprint": "7e914ac625a3348be7df85326ff97acdb7d7e52b8c7a1c8c0a2114ccfc957cf0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e914ac625a3348be7df85326ff97acdb7d7e52b8c7a1c8c0a2114ccfc957cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/init` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 76828, "scanner": "repobility-supply-chain", "fingerprint": "d80b5bceed8914620957c91164f7d568e60e40031550339be3b67fe8666d9127", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d80b5bceed8914620957c91164f7d568e60e40031550339be3b67fe8666d9127"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 76827, "scanner": "repobility-supply-chain", "fingerprint": "47c53ab1b68f9dfd6e55e37ab8b8420d80206c6fdeda450e534b44419b3ebb73", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47c53ab1b68f9dfd6e55e37ab8b8420d80206c6fdeda450e534b44419b3ebb73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 76826, "scanner": "repobility-supply-chain", "fingerprint": "e2f9c675488464a9356678e1070aeb8c343b5209ba30d607230eb9ffa0133722", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2f9c675488464a9356678e1070aeb8c343b5209ba30d607230eb9ffa0133722"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `mcr.microsoft.com/vscode/devcontainers/java:1.1.0-` not pinned by digest"}, "properties": {"repobilityId": 76825, "scanner": "repobility-supply-chain", "fingerprint": "9ec204185d2792475618777462186a6a2bea4fdba1577012849dd2cd4405af3a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ec204185d2792475618777462186a6a2bea4fdba1577012849dd2cd4405af3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `gitpod/workspace-java-21:2025-11-14-10-05-32` not pinned by digest"}, "properties": {"repobilityId": 76824, "scanner": "repobility-supply-chain", "fingerprint": "765a1f731624da8d582d7bd46c050b46520f64f53e13a12ba91a069094fa9913", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|765a1f731624da8d582d7bd46c050b46520f64f53e13a12ba91a069094fa9913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".gitpod.dockerfile"}, "region": {"startLine": 1}}}]}]}]}