{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `create_ordered_profile` (list): `def create_ordered_profile(... = []/{}/set())` ", "shortDescription": {"text": "[MINED109] Mutable default argument in `create_ordered_profile` (list): `def create_ordered_profile(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def create_ordered_profile(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Combine update and install in the same RUN instruction and clean package indexes in that layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `traverse_files` has cognitive complexity 9 (SonarSource scale). Cognitive", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `traverse_files` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.", "shortDescription": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 16 more): Same pattern found in 16 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED024] Js Eval Usage (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 32 more): Same pattern found in 32 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std (and 141 more): Same pattern found in 141 additional files. Review if needed.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std (and 141 more): Same pattern found in 141 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `tools/7z.exe` committed in source repo: `tools/7z.exe` is a .exe binary (557,056 bytes) committe", "shortDescription": {"text": "[MINED134] Binary file `tools/7z.exe` committed in source repo: `tools/7z.exe` is a .exe binary (557,056 bytes) committed to a repo that otherwise has 3737 source files. Trojan binaries inside otherwise-normal source repos are a known suppl"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `vedantmgoyal9/winget-releaser` pinned to mutable ref `@main`: `uses: vedantmgoyal9/winget-releaser@ma", "shortDescription": {"text": "[MINED115] Action `vedantmgoyal9/winget-releaser` pinned to mutable ref `@main`: `uses: vedantmgoyal9/winget-releaser@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/chan"}, "fullDescription": {"text": "Replace with: `uses: vedantmgoyal9/winget-releaser@<40-char-sha>  # main` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `ghcr.io/flathub-infra/flatpak-github-actions:gnome-50` unpinned: `containe", "shortDescription": {"text": "[MINED126] Workflow container/services image `ghcr.io/flathub-infra/flatpak-github-actions:gnome-50` unpinned: `container/services image: ghcr.io/flathub-infra/flatpak-github-actions:gnome-50` without `@sha256:...` pulls a mutable tag at wo"}, "fullDescription": {"text": "Replace with `ghcr.io/flathub-infra/flatpak-github-actions:gnome-50@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `docker.io/ubuntu:24.04` not pinned by digest: `FROM docker.io/ubuntu:24.04` resolves the tag", "shortDescription": {"text": "[MINED118] Dockerfile FROM `docker.io/ubuntu:24.04` not pinned by digest: `FROM docker.io/ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Pr"}, "fullDescription": {"text": "Replace with: `FROM docker.io/ubuntu:24.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / ex", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+2", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see differ"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`", "shortDescription": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import queue` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/969"}, "properties": {"repository": "OrcaSlicer/OrcaSlicer", "repoUrl": "https://github.com/OrcaSlicer/OrcaSlicer", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90971, "scanner": "repobility-ast-engine", "fingerprint": "c54a8edb2a26e4e051283c597a464a493436783d1c61c0090f4a4e7591b5cbdb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c54a8edb2a26e4e051283c597a464a493436783d1c61c0090f4a4e7591b5cbdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90970, "scanner": "repobility-ast-engine", "fingerprint": "c35aaf29001bc135fbb6f0fe2f95f252084cd89875ea67b33a01cc78a481f004", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c35aaf29001bc135fbb6f0fe2f95f252084cd89875ea67b33a01cc78a481f004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90969, "scanner": "repobility-ast-engine", "fingerprint": "546da371ebaef53bdf20d792467a52bdf81f382bb34b444292656336b92721c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|546da371ebaef53bdf20d792467a52bdf81f382bb34b444292656336b92721c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90968, "scanner": "repobility-ast-engine", "fingerprint": "3875ef0d1b45dbed78544455171220f2264efee33c371b6d5be9379050b77891", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3875ef0d1b45dbed78544455171220f2264efee33c371b6d5be9379050b77891"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90967, "scanner": "repobility-ast-engine", "fingerprint": "a0d2332539f39b1234e562a612b6cba3e9c113f99a22267235c2b394e6b5633b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0d2332539f39b1234e562a612b6cba3e9c113f99a22267235c2b394e6b5633b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90966, "scanner": "repobility-ast-engine", "fingerprint": "8d38eedb8454a393b4628b8dc84a40b3545a65f95c810863aef297d4dc54d1ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d38eedb8454a393b4628b8dc84a40b3545a65f95c810863aef297d4dc54d1ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90965, "scanner": "repobility-ast-engine", "fingerprint": "83b299cdbeedb9c392857aa8596102e30bb202df9650a97b23968ac1ff6220a0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83b299cdbeedb9c392857aa8596102e30bb202df9650a97b23968ac1ff6220a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90964, "scanner": "repobility-ast-engine", "fingerprint": "c0a1e055540a1c721f017c8cbeae88a418515d6d6d7eb66f0397768127744448", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0a1e055540a1c721f017c8cbeae88a418515d6d6d7eb66f0397768127744448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90963, "scanner": "repobility-ast-engine", "fingerprint": "93676f0303ad9caa41b5d60c5e7035daa3bfd6b1d7888106e23e33131db551b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93676f0303ad9caa41b5d60c5e7035daa3bfd6b1d7888106e23e33131db551b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_extra_profile_check.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90962, "scanner": "repobility-ast-engine", "fingerprint": "833fdd97d6a243133e3beda6dccd0072cf42ac589b3272adf54c7b26dc2e81f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|833fdd97d6a243133e3beda6dccd0072cf42ac589b3272adf54c7b26dc2e81f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90961, "scanner": "repobility-ast-engine", "fingerprint": "d7e8f1fad136ad4f535525be002b386e5a6af51cd5f00e6f754615b0f3b4b686", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7e8f1fad136ad4f535525be002b386e5a6af51cd5f00e6f754615b0f3b4b686"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90960, "scanner": "repobility-ast-engine", "fingerprint": "1641b705fab0d880bc592c611b4827b7f0fac54dfbb2ad1668f957afe0cfafb5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1641b705fab0d880bc592c611b4827b7f0fac54dfbb2ad1668f957afe0cfafb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90959, "scanner": "repobility-ast-engine", "fingerprint": "c4358441c082af5b78e3069672dfca215100466a7ac79deacbf694f3260205ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4358441c082af5b78e3069672dfca215100466a7ac79deacbf694f3260205ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `create_ordered_profile` (list): `def create_ordered_profile(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 90958, "scanner": "repobility-ast-engine", "fingerprint": "f21f0966bf2c027c3e6ff4626bb4e1993cba07c2271d45fd035e2337562be354", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f21f0966bf2c027c3e6ff4626bb4e1993cba07c2271d45fd035e2337562be354"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90956, "scanner": "repobility-ast-engine", "fingerprint": "9718e3986be82fc49901bfee4e8de47911085e83686c8379d06bfba4fbda4c15", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9718e3986be82fc49901bfee4e8de47911085e83686c8379d06bfba4fbda4c15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_moonraker_lane_data.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90955, "scanner": "repobility-ast-engine", "fingerprint": "b32d52e218425fc1f4a6fda40f153c72497be525ee165608f7601c5f7d344dc5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b32d52e218425fc1f4a6fda40f153c72497be525ee165608f7601c5f7d344dc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_moonraker_lane_data.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90954, "scanner": "repobility-ast-engine", "fingerprint": "c622b22469fa28fb6beafa9b4d15cdacbd26cf5db185755bee8ae08d935b12b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c622b22469fa28fb6beafa9b4d15cdacbd26cf5db185755bee8ae08d935b12b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_moonraker_lane_data.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90953, "scanner": "repobility-ast-engine", "fingerprint": "665f3671e927c550b765eead35ef06718718233a84fa0ee509e3a7cc1727801b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|665f3671e927c550b765eead35ef06718718233a84fa0ee509e3a7cc1727801b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_moonraker_lane_data.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90951, "scanner": "repobility-ast-engine", "fingerprint": "05eac8e3cef2410fa904b5b629bbb42a4707988b1c0ca45d215ec15cbfd3fa65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05eac8e3cef2410fa904b5b629bbb42a4707988b1c0ca45d215ec15cbfd3fa65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/optimize_cover_images.py"}, "region": {"startLine": 434}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90950, "scanner": "repobility-ast-engine", "fingerprint": "3dfbbfac86a39f5fa97ad8199f3d2011d183b9513d12bd77f67491742009e400", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3dfbbfac86a39f5fa97ad8199f3d2011d183b9513d12bd77f67491742009e400"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/optimize_cover_images.py"}, "region": {"startLine": 361}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 90949, "scanner": "repobility-ast-engine", "fingerprint": "ac51aef9609ebc1cc1b08c152f92f89a4af4377567fb65ba7c04295b4ca55add", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac51aef9609ebc1cc1b08c152f92f89a4af4377567fb65ba7c04295b4ca55add"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/optimize_cover_images.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 90948, "scanner": "repobility-docker", "fingerprint": "6fdcc76c0dd022e65fc8c2045315583abca10011460774eaf8eab90edd907c47", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "docker.io/ubuntu:24.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6fdcc76c0dd022e65fc8c2045315583abca10011460774eaf8eab90edd907c47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 90947, "scanner": "repobility-docker", "fingerprint": "cd0aa8a22860d2fad20275c7f5d53e0365b301260b8ccf6a5f851a26097682a0", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cd0aa8a22860d2fad20275c7f5d53e0365b301260b8ccf6a5f851a26097682a0", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 61}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 90944, "scanner": "repobility-docker", "fingerprint": "f72388ed7a5a537d6535ba8c4bace978b0a144dfd5db6cdeb4e8246a34939e93", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f72388ed7a5a537d6535ba8c4bace978b0a144dfd5db6cdeb4e8246a34939e93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 90942, "scanner": "repobility-docker", "fingerprint": "4da6bec71d31c7c85504298a31927f47fb8a01850be5732c44c0ca0e80e3a8fc", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4da6bec71d31c7c85504298a31927f47fb8a01850be5732c44c0ca0e80e3a8fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 90910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9525d369ab3a3609e72654ce5a994dd826ea9f1f6285b934b06d054a82f320c1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "temp", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|9525d369ab3a3609e72654ce5a994dd826ea9f1f6285b934b06d054a82f320c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/stdin_to_temp.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 90909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6fb29af15dfa45dcd85b3a83c1b9b0aba43c2f944425f78550a2a440510b368", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "temp", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|a6fb29af15dfa45dcd85b3a83c1b9b0aba43c2f944425f78550a2a440510b368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/stdin_to_temp.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 90908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4fa34e8604ba91d057d0fbe5bdeabc1934d241d615b3d534cb6604fe73c3c0f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b4fa34e8604ba91d057d0fbe5bdeabc1934d241d615b3d534cb6604fe73c3c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/min_quad_with_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 90888, "scanner": "repobility-threat-engine", "fingerprint": "c125990b8fe72161d33865c119c61732c5cf7a1d18c41c9dd84c506e121bfc3f", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open('../22/index.html','_self')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|18|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/21/21.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 90887, "scanner": "repobility-threat-engine", "fingerprint": "7d17bd660ae09e4970a4396da1b62817f8a4dd31446842b57352d80f331c3374", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open('../'+TargetPage+'/index.html','_self')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|27|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/0/load.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 90878, "scanner": "repobility-threat-engine", "fingerprint": "d8f772f5d6cfc792454735ae4bddc17e8c1d371cdbab7418030369d807b8d39a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8f772f5d6cfc792454735ae4bddc17e8c1d371cdbab7418030369d807b8d39a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/js/common.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 90877, "scanner": "repobility-threat-engine", "fingerprint": "cddebf3a3b6d200070b839b1b9fa83fca1e26c88c7dd9b100864e703581b325a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cddebf3a3b6d200070b839b1b9fa83fca1e26c88c7dd9b100864e703581b325a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/js/common.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 90876, "scanner": "repobility-threat-engine", "fingerprint": "0676e1be05cefe83ade84e4b53072300d8cf1fa5486f2bba59a01b09a44b6829", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (err) { }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0676e1be05cefe83ade84e4b53072300d8cf1fa5486f2bba59a01b09a44b6829"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/ExportPresetDialog/index.js"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 90874, "scanner": "repobility-threat-engine", "fingerprint": "a32b334c3e0f183ac3ce452343b03d3f4301f67b90d35090ddb73f2cc3903eb4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n\tcatch(exception)\n\t{\n\t    return null;\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a32b334c3e0f183ac3ce452343b03d3f4301f67b90d35090ddb73f2cc3903eb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/js/globalapi.js"}, "region": {"startLine": 181}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 90873, "scanner": "repobility-threat-engine", "fingerprint": "abb35aa0b1042aa77937b2ab374ead7c333376e14f5ad269d568d07e87cba375", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n\tcatch(exception)\n\t{\n\t    return null;\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|abb35aa0b1042aa77937b2ab374ead7c333376e14f5ad269d568d07e87cba375"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/js/globalapi.js"}, "region": {"startLine": 181}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 90872, "scanner": "repobility-threat-engine", "fingerprint": "382901ebe3e0d2e3e6091d79c413beb5ba8cac8cd624cc1a040aab4d8ebb4301", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n    catch (err) {\n        return null;\n    }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|382901ebe3e0d2e3e6091d79c413beb5ba8cac8cd624cc1a040aab4d8ebb4301"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/ExportPresetDialog/index.js"}, "region": {"startLine": 355}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 90860, "scanner": "repobility-threat-engine", "fingerprint": "7faa5c547524d61f9a3753e16fe559b02e271aaac57dacd79d55ad87cfca3695", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|177|sec045", "duplicate_count": 2, "duplicate_rule_ids": ["SEC045"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["4f2bf0c36df85b45ade21497eb843bd09a8a8bd25ddb259119344a3fb74c0c90", "7faa5c547524d61f9a3753e16fe559b02e271aaac57dacd79d55ad87cfca3695", "8691b9adb30feaa15e1a8ba1612d98e039a552bfaeb9fb647be12c5372357c0f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/js/json2.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 90946, "scanner": "repobility-docker", "fingerprint": "0ed9619e12bd0d42f5c351cc225c5264ebdcf8211ac7fede5e5bd2f1cf1d6655", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0ed9619e12bd0d42f5c351cc225c5264ebdcf8211ac7fede5e5bd2f1cf1d6655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 90945, "scanner": "repobility-docker", "fingerprint": "0c983bef77ad9baac0f5ecddf1a42c8363596437e953205c5de3e2a2af9e98b2", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0c983bef77ad9baac0f5ecddf1a42c8363596437e953205c5de3e2a2af9e98b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 90943, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5184ad47f98f941b0379dfb1efed430cd6b34117c2d43f8f246eac9633e635be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/ShinyData.h", "duplicate_line": 7, "correlation_key": "fp|5184ad47f98f941b0379dfb1efed430cd6b34117c2d43f8f246eac9633e635be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNodePool.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c922607df496433d488b98f8fef13a1f56d5e883e5da77020a62f93bdf0fe1bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|c922607df496433d488b98f8fef13a1f56d5e883e5da77020a62f93bdf0fe1bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNodePool.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2ed7c1f8d89ce00a4497525ba2ffa42ced656a1423fc0ef5825f9b24e4318a9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|b2ed7c1f8d89ce00a4497525ba2ffa42ced656a1423fc0ef5825f9b24e4318a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNodePool.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "804b1b3be69727396dc55162ea370ad71a5ad0b7aa7f3d747d37c0d186e1f859", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/ShinyData.h", "duplicate_line": 7, "correlation_key": "fp|804b1b3be69727396dc55162ea370ad71a5ad0b7aa7f3d747d37c0d186e1f859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNode.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90936, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8a095b9a020866a3c0dddba30e1e2eef7f6223144790efc909dd9b34eaa1f84", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|c8a095b9a020866a3c0dddba30e1e2eef7f6223144790efc909dd9b34eaa1f84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNode.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90935, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6bcf1294cd7413cb1fe32f054fb1be8847cc8c58bad6e5a5a6ce7adff3799d34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|6bcf1294cd7413cb1fe32f054fb1be8847cc8c58bad6e5a5a6ce7adff3799d34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyNode.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90934, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7867da94c002d33821ac8ea405d1371dcd3eb604c2176bfac819b707b5d04fef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/ShinyData.h", "duplicate_line": 7, "correlation_key": "fp|7867da94c002d33821ac8ea405d1371dcd3eb604c2176bfac819b707b5d04fef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyManager.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90933, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f51e81472e71e0fb366dd8c6810aa617c693f74c1cb98f5ebc6cbf2cf86d2a48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|f51e81472e71e0fb366dd8c6810aa617c693f74c1cb98f5ebc6cbf2cf86d2a48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyManager.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90932, "scanner": "repobility-ai-code-hygiene", "fingerprint": "adbe7239459a500b2680aff989dd07c719056bf5c2104aa26e1ef483629c3847", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|adbe7239459a500b2680aff989dd07c719056bf5c2104aa26e1ef483629c3847"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyManager.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90931, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ffb1925ff0b9f369690a8e40c2064497b58bb331f849db5e923a16475e1947ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|ffb1925ff0b9f369690a8e40c2064497b58bb331f849db5e923a16475e1947ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyMacros.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90930, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10f3846a13f0d5d2468c7e8fe3a6efa0a86e63b727c9aceb852950cc9f316bc3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|10f3846a13f0d5d2468c7e8fe3a6efa0a86e63b727c9aceb852950cc9f316bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyData.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90929, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0caa613c7a7d16db376771b3f3cd69f339672abe299071ae782a07cb84c7a3cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps_src/Shiny/Shiny.h", "duplicate_line": 1, "correlation_key": "fp|0caa613c7a7d16db376771b3f3cd69f339672abe299071ae782a07cb84c7a3cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyConfig.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90928, "scanner": "repobility-ai-code-hygiene", "fingerprint": "158febff43e735b8b10616290ea8d21a97c188d377e4f2dc096321969082fdcf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/MPFR/mpfr/include/mpf2mpfr.h", "duplicate_line": 2, "correlation_key": "fp|158febff43e735b8b10616290ea8d21a97c188d377e4f2dc096321969082fdcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/MPFR/mpfr/include/mpfr.h"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90927, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c99f81c73bc94c56c6c061d9eaf2ab9c7589e0e9a8d28f9ee8aa57820a48895f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|c99f81c73bc94c56c6c061d9eaf2ab9c7589e0e9a8d28f9ee8aa57820a48895f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/xmltok_impl.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90926, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8777a80dd5a0e2de5c6864d7b18a5b839ca163d39f9b4c03c66b1887a24f445f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/expat.h", "duplicate_line": 23, "correlation_key": "fp|8777a80dd5a0e2de5c6864d7b18a5b839ca163d39f9b4c03c66b1887a24f445f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/xmltok.h"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90925, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e2038076b983f34378eaf433d1cfe2731228b269cc84cccd2bdd5bede6ca5e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|5e2038076b983f34378eaf433d1cfe2731228b269cc84cccd2bdd5bede6ca5e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/xmltok.h"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42f4ac6dabea6dc4400241df442655af1eab207e7a34c82a089b713d73bc53af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|42f4ac6dabea6dc4400241df442655af1eab207e7a34c82a089b713d73bc53af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/xmlrole.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a20fb01a9407f451bd30e38b3fd11cbbb69a3fe6ad1683a215fc4bf6378f0bb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/asciitab.h", "duplicate_line": 9, "correlation_key": "fp|a20fb01a9407f451bd30e38b3fd11cbbb69a3fe6ad1683a215fc4bf6378f0bb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/xmlrole.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8bfcf93080b8b3b7c73d5ec728fcfd4dfaa63d6b782496b7f6916d05ab6d05c4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|8bfcf93080b8b3b7c73d5ec728fcfd4dfaa63d6b782496b7f6916d05ab6d05c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/utf8tab.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79d59fabc25ea90c1e1ed14f962e53f0ec1a7e44184aa05faa51d0201185165e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/asciitab.h", "duplicate_line": 1, "correlation_key": "fp|79d59fabc25ea90c1e1ed14f962e53f0ec1a7e44184aa05faa51d0201185165e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/utf8tab.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c73dfd93589c3127f5397ebc386dfd74f3f89a9590feefe693accd0acc7331a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|c73dfd93589c3127f5397ebc386dfd74f3f89a9590feefe693accd0acc7331a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/nametab.h"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b4f12d9d263abcba2e12544f981b93dd5212688b1e59010d0a9b975949a37b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|3b4f12d9d263abcba2e12544f981b93dd5212688b1e59010d0a9b975949a37b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/latin1tab.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54993f34e71a5b8d11be29792635c2e321601f452f14dab7eb719503dd899c67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/asciitab.h", "duplicate_line": 1, "correlation_key": "fp|54993f34e71a5b8d11be29792635c2e321601f452f14dab7eb719503dd899c67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/latin1tab.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b36435717e3b387ab3d728d0c94b9699e4921a34e8b73269415d12924b28f776", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|b36435717e3b387ab3d728d0c94b9699e4921a34e8b73269415d12924b28f776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/internal.h"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2a2c403af7f89d94fd3e73de4c0feaa13b639524e21ae3645e571d92980fc68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|f2a2c403af7f89d94fd3e73de4c0feaa13b639524e21ae3645e571d92980fc68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/iasciitab.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb5f49c3d598aaae9f18115de6af39410f37d698acf7093fb64fb513193b5942", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/asciitab.h", "duplicate_line": 1, "correlation_key": "fp|fb5f49c3d598aaae9f18115de6af39410f37d698acf7093fb64fb513193b5942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/iasciitab.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "429d250a8460f800231f47efbc1facf6796d7b6babde73664f7b0467136afe73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|429d250a8460f800231f47efbc1facf6796d7b6babde73664f7b0467136afe73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/expat_external.h"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1bb37ba4a68eb846a92c6cb13fcb7388b5bb9452f3f4d314d3c2615a7c80f74b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|1bb37ba4a68eb846a92c6cb13fcb7388b5bb9452f3f4d314d3c2615a7c80f74b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/expat_config.h"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2623c2f507a7352199343269fd00eb7dd2d2b937ac3e3e9966a95f329f036d31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 12, "correlation_key": "fp|2623c2f507a7352199343269fd00eb7dd2d2b937ac3e3e9966a95f329f036d31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/expat.h"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 90911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24a8cf9e112d1148d053d21d703ea7f907474847ec962cdebbc9d85ef6a226d3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "deps/EXPAT/expat/ascii.h", "duplicate_line": 11, "correlation_key": "fp|24a8cf9e112d1148d053d21d703ea7f907474847ec962cdebbc9d85ef6a226d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/EXPAT/expat/asciitab.h"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8dc6a470aa029afeca130bdea24729f09c1d5d9876c72e67ec75a2471f82bed9", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8dc6a470aa029afeca130bdea24729f09c1d5d9876c72e67ec75a2471f82bed9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/stdin_to_temp.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "673a09b16302bc34b1083866ae2ba926bd41a1574cd186a7cb5a48027c56b1da", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "temp", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|673a09b16302bc34b1083866ae2ba926bd41a1574cd186a7cb5a48027c56b1da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/stdin_to_temp.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "751c58f84b8bbdd0c8983d37c1ad237b7dcb36e59a8e8e927760d9692bd8d723", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|751c58f84b8bbdd0c8983d37c1ad237b7dcb36e59a8e8e927760d9692bd8d723"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/min_quad_with_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5e0e5c09f9e9d7b4e449d89f5266624810f1d0608d792d63464b10b3b2b758d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b5e0e5c09f9e9d7b4e449d89f5266624810f1d0608d792d63464b10b3b2b758d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/dated_copy.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 90903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30d9e9d5ffaa41b11e199b5988fcfa2e4586df9d1dfcce547790e23131afbf62", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|30d9e9d5ffaa41b11e199b5988fcfa2e4586df9d1dfcce547790e23131afbf62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/dated_copy.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `traverse_files` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=1, if=2, nested_bonus=4, recursion=1."}, "properties": {"repobilityId": 90871, "scanner": "repobility-threat-engine", "fingerprint": "8e6d6bfe998f9ce690c85e1a4da22ff19ed29f7493f1173380e830dda3b1008a", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "traverse_files", "breakdown": {"if": 2, "for": 1, "elif": 1, "recursion": 1, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|8e6d6bfe998f9ce690c85e1a4da22ff19ed29f7493f1173380e830dda3b1008a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/profiles/check_unused_setting_id.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 90941, "scanner": "repobility-docker", "fingerprint": "f8e2a0b93bb1e88b9039c8f1c1595fe3aaa009f366c66babb78cf807cf25b907", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|f8e2a0b93bb1e88b9039c8f1c1595fe3aaa009f366c66babb78cf807cf25b907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 90901, "scanner": "repobility-threat-engine", "fingerprint": "edeff05315295f3dfe4e618a53b784cc045d106fe84910e4e95bbfe063176477", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|edeff05315295f3dfe4e618a53b784cc045d106fe84910e4e95bbfe063176477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/libslic3r/MacUtils.mm"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 90900, "scanner": "repobility-threat-engine", "fingerprint": "17583b6de064d8ca0498494d67d4e78644bcb7488a2b4217f05559364b53fa90", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17583b6de064d8ca0498494d67d4e78644bcb7488a2b4217f05559364b53fa90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/backfill-duplicate-comments.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 90899, "scanner": "repobility-threat-engine", "fingerprint": "34fa10273328a84d8a8a6e80aac7acffccae04611eb09523fcc34dfc9f741fb9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34fa10273328a84d8a8a6e80aac7acffccae04611eb09523fcc34dfc9f741fb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/auto-close-duplicates.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 90898, "scanner": "repobility-threat-engine", "fingerprint": "b971ad97873910b9cf64af2cffc88907e442934585cc10b694f9b06939bb8554", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b971ad97873910b9cf64af2cffc88907e442934585cc10b694f9b06939bb8554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/backfill-duplicate-comments.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 90897, "scanner": "repobility-threat-engine", "fingerprint": "78256d6ba070e737c46c55eb2dc05f5ab0262f6610c8f508c415aef2a619387a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78256d6ba070e737c46c55eb2dc05f5ab0262f6610c8f508c415aef2a619387a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/auto-close-duplicates.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 90896, "scanner": "repobility-threat-engine", "fingerprint": "10dbe59bba8d0f829a267c27ed884d612f07c8ee92ae7c45386c806fb32fb64f", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(\"[DEBUG] GitHub token found\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|8|console.log debug github token found"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/backfill-duplicate-comments.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 90895, "scanner": "repobility-threat-engine", "fingerprint": "10f66ced4567b13adde10360ffe023fa414dbf746c640bbd79ec5ebf8c34e385", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(\"[DEBUG] GitHub token found\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|console.log debug github token found"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/auto-close-duplicates.ts"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 90894, "scanner": "repobility-threat-engine", "fingerprint": "8e1eba7fa867ff7498b2ea9a585b6900e4d928baa557d7b985b5e1fa147dd7d6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8e1eba7fa867ff7498b2ea9a585b6900e4d928baa557d7b985b5e1fa147dd7d6"}}}, {"ruleId": "MINED024", "level": "none", "message": {"text": "[MINED024] Js Eval Usage (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 90886, "scanner": "repobility-threat-engine", "fingerprint": "1a328c557b75a493859403947c2ce2b501b4b5d3c3926d3a6ba73dad03daec56", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1a328c557b75a493859403947c2ce2b501b4b5d3c3926d3a6ba73dad03daec56", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 90882, "scanner": "repobility-threat-engine", "fingerprint": "616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|616a737d019ae97f53e0426cdc95b2538ef7f9404ddcccfa97846cbdfe3982a9", "aggregated_count": 5}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 90881, "scanner": "repobility-threat-engine", "fingerprint": "22d9074d70b4f8c8e3e278953f402d4bbe74ccb3690384932a1c3acffdc57e42", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|22d9074d70b4f8c8e3e278953f402d4bbe74ccb3690384932a1c3acffdc57e42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/swiper/postinstall.js"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 90880, "scanner": "repobility-threat-engine", "fingerprint": "b425ab376ffa1b7f47347a0070127db00652aad8e9417b0f28f556ed257d8034", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b425ab376ffa1b7f47347a0070127db00652aad8e9417b0f28f556ed257d8034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/js/globalapi.js"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 90879, "scanner": "repobility-threat-engine", "fingerprint": "b7b84e160d8fadeb7b8472674592e1ed0e7f5378710ff703a2fe103de1e0b613", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7b84e160d8fadeb7b8472674592e1ed0e7f5378710ff703a2fe103de1e0b613"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/js/globalapi.js"}, "region": {"startLine": 248}}}]}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 90875, "scanner": "repobility-threat-engine", "fingerprint": "177c770515f587906108b42e96cd3338ec47ddf67f686d5997cc1b924f1a1bdf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|177c770515f587906108b42e96cd3338ec47ddf67f686d5997cc1b924f1a1bdf"}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 90870, "scanner": "repobility-threat-engine", "fingerprint": "952b82b937e2e20bd1f4d255f3e6557586e041678e608fab7e60f74ed812971a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|952b82b937e2e20bd1f4d255f3e6557586e041678e608fab7e60f74ed812971a", "aggregated_count": 32}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 90869, "scanner": "repobility-threat-engine", "fingerprint": "c76841cc072490f67140306a7526690fd10110eff8b54bc7f5f0e5276e895181", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c76841cc072490f67140306a7526690fd10110eff8b54bc7f5f0e5276e895181"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/libslic3r/ExtrusionEntityCollection.cpp"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 90868, "scanner": "repobility-threat-engine", "fingerprint": "dd0f7dbf0f3e930d52a9f73c8e7640ab5744fb4a0c4c438f1175e720c40ab3f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd0f7dbf0f3e930d52a9f73c8e7640ab5744fb4a0c4c438f1175e720c40ab3f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/libslic3r/AABBMesh.cpp"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 90867, "scanner": "repobility-threat-engine", "fingerprint": "2055fd4985006b4c6371e236c4de173ba5c3a8ce818094be6fafb064c3d15e0f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2055fd4985006b4c6371e236c4de173ba5c3a8ce818094be6fafb064c3d15e0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/mcut/include/mcut/internal/timer.h"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 90865, "scanner": "repobility-threat-engine", "fingerprint": "32f299b718c02e3eef333957c30aaee31c9f17b99997d7c9b667c11ecc1f64db", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|32f299b718c02e3eef333957c30aaee31c9f17b99997d7c9b667c11ecc1f64db", "aggregated_count": 6}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 63 more): Same pattern found in 63 additional files. Review if needed."}, "properties": {"repobilityId": 90861, "scanner": "repobility-threat-engine", "fingerprint": "2b54310f4d736abd76dee0286c781a0730f287d691059833b33204e8e2afa191", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 63 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 63 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2b54310f4d736abd76dee0286c781a0730f287d691059833b33204e8e2afa191"}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std (and 141 more): Same pattern found in 141 additional files. Review if needed."}, "properties": {"repobilityId": 90859, "scanner": "repobility-threat-engine", "fingerprint": "36286a23302d259190a0278eedbc945ca8669e3b07b8a6ef91854a097eec2981", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 141 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|36286a23302d259190a0278eedbc945ca8669e3b07b8a6ef91854a097eec2981", "aggregated_count": 141}}}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 90858, "scanner": "repobility-threat-engine", "fingerprint": "9f551b64e4df2d10f5c69cf33967bca661bd03c06902f776df77d87c7b9d1f95", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f551b64e4df2d10f5c69cf33967bca661bd03c06902f776df77d87c7b9d1f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/arap.cpp"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 90857, "scanner": "repobility-threat-engine", "fingerprint": "915f9c7bb6321b4cac002d36ec9404111c3bfa9a14f0e6965c5b6ac122b5bcab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|915f9c7bb6321b4cac002d36ec9404111c3bfa9a14f0e6965c5b6ac122b5bcab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/adjacency_matrix.cpp"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 90856, "scanner": "repobility-threat-engine", "fingerprint": "14a9088d4e2ca9463f496ca4e2970907d58ad8c661d266daa6ed25483089fb55", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|14a9088d4e2ca9463f496ca4e2970907d58ad8c661d266daa6ed25483089fb55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/WindingNumberAABB.h"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 90855, "scanner": "repobility-threat-engine", "fingerprint": "d5ac058700426ed14325971139efba634921cffda7e8461a0ef98ec4b5b76f22", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d5ac058700426ed14325971139efba634921cffda7e8461a0ef98ec4b5b76f22", "aggregated_count": 26}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 90854, "scanner": "repobility-threat-engine", "fingerprint": "a2e5dd151a754ff178998aa035c368440befcf1508b8eb0c13eeb3e83e063840", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2e5dd151a754ff178998aa035c368440befcf1508b8eb0c13eeb3e83e063840"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/ShinyConfig.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 90853, "scanner": "repobility-threat-engine", "fingerprint": "436fb7e6a9b826561c504c08d8455697caa4a18bdd5d67d0845772960fd5e713", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|436fb7e6a9b826561c504c08d8455697caa4a18bdd5d67d0845772960fd5e713"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/Shiny/Shiny.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 90852, "scanner": "repobility-threat-engine", "fingerprint": "e78e0486f35db5de7b8d744e94b6d5a50990f9dc2a2acc977907e88c2de70190", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e78e0486f35db5de7b8d744e94b6d5a50990f9dc2a2acc977907e88c2de70190"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps/MPFR/mpfr/include/mpf2mpfr.h"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tools/7z.exe` committed in source repo: `tools/7z.exe` is a .exe binary (557,056 bytes) committed to a repo that otherwise has 3737 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 91003, "scanner": "repobility-supply-chain", "fingerprint": "411f811a448edab1632990dad3dfd04707df632d5a356390e1d02b1bd303baf4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|411f811a448edab1632990dad3dfd04707df632d5a356390e1d02b1bd303baf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/7z.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tools/xgettext.exe` committed in source repo: `tools/xgettext.exe` is a .exe binary (3,423,198 bytes) committed to a repo that otherwise has 3737 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 91002, "scanner": "repobility-supply-chain", "fingerprint": "1301a6b1fde0354288e248b61c70588aafb12848c45a2638048b86fdc463d0e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1301a6b1fde0354288e248b61c70588aafb12848c45a2638048b86fdc463d0e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/xgettext.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tools/msgfmt.exe` committed in source repo: `tools/msgfmt.exe` is a .exe binary (1,945,633 bytes) committed to a repo that otherwise has 3737 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 91001, "scanner": "repobility-supply-chain", "fingerprint": "b3a5537d436e2d3c400bac61794068c6eadb982ed20d75606b2bcf1b75fac25c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3a5537d436e2d3c400bac61794068c6eadb982ed20d75606b2bcf1b75fac25c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/msgfmt.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `tools/msgmerge.exe` committed in source repo: `tools/msgmerge.exe` is a .exe binary (2,354,301 bytes) committed to a repo that otherwise has 3737 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 91000, "scanner": "repobility-supply-chain", "fingerprint": "c47aeb850cc3004056ad350be4a7b15adf301963a1992b09ea3a128183c60018", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c47aeb850cc3004056ad350be4a7b15adf301963a1992b09ea3a128183c60018"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/msgmerge.exe"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `vedantmgoyal9/winget-releaser` pinned to mutable ref `@main`: `uses: vedantmgoyal9/winget-releaser@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90998, "scanner": "repobility-supply-chain", "fingerprint": "e375cf70532e70967a233184f42b50c72537fbba5f6bbefe5a5e10df051d4014", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e375cf70532e70967a233184f42b50c72537fbba5f6bbefe5a5e10df051d4014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/winget_updater.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90997, "scanner": "repobility-supply-chain", "fingerprint": "7bbcc320bfcbece4e71275d7c7bbf962ddd61dce5aae816a07ffb25d79a0e45f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bbcc320bfcbece4e71275d7c7bbf962ddd61dce5aae816a07ffb25d79a0e45f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check_profiles_comment.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `microsoft/setup-msbuild` pinned to mutable ref `@v3`: `uses: microsoft/setup-msbuild@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90996, "scanner": "repobility-supply-chain", "fingerprint": "107362a1ed88af6e45525be3c7d98012f7743a5c9e232f5662ae1927787a4f5a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|107362a1ed88af6e45525be3c7d98012f7743a5c9e232f5662ae1927787a4f5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deps.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `lukka/get-cmake` pinned to mutable ref `@latest`: `uses: lukka/get-cmake@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90995, "scanner": "repobility-supply-chain", "fingerprint": "9ab61d86e9131861eb18fde12235bd296d014cf56fa6501d5a3feab27e42c8cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ab61d86e9131861eb18fde12235bd296d014cf56fa6501d5a3feab27e42c8cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deps.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90994, "scanner": "repobility-supply-chain", "fingerprint": "62cbff5854910e846323441ac2604cfd0754ee7b8aa3ee8e85f2354014cdcab0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|62cbff5854910e846323441ac2604cfd0754ee7b8aa3ee8e85f2354014cdcab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deps.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90993, "scanner": "repobility-supply-chain", "fingerprint": "d1ab0c5a19e6f1368d7028224c0fd92a64a98d4d6e308eb405d4e788de561c3a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1ab0c5a19e6f1368d7028224c0fd92a64a98d4d6e308eb405d4e788de561c3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_deps.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `anthropics/claude-code-base-action` pinned to mutable ref `@beta`: `uses: anthropics/claude-code-base-action@beta` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90992, "scanner": "repobility-supply-chain", "fingerprint": "cbc2ee7a3969bf151379749cfeb1232ac27c49c5a1ebbcdc8c6186f566de8d06", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbc2ee7a3969bf151379749cfeb1232ac27c49c5a1ebbcdc8c6186f566de8d06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dedupe-issues.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90991, "scanner": "repobility-supply-chain", "fingerprint": "2e537d2562dda63fefaff960f8c9fdee207666083d5b509d1c0e65f3c15a128e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2e537d2562dda63fefaff960f8c9fdee207666083d5b509d1c0e65f3c15a128e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dedupe-issues.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `qoomon/actions--create-commit` pinned to mutable ref `@v1`: `uses: qoomon/actions--create-commit@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90990, "scanner": "repobility-supply-chain", "fingerprint": "dbcaca52e3a4b11dba4867672ce3620656bbc565f31f2bcbdbbe44b99dd789f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dbcaca52e3a4b11dba4867672ce3620656bbc565f31f2bcbdbbe44b99dd789f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-translation.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90989, "scanner": "repobility-supply-chain", "fingerprint": "f78fff5aaeeaf7c6b27c4f66cc7830c2b83806271b31733a9a3e8f5cfe12e01c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f78fff5aaeeaf7c6b27c4f66cc7830c2b83806271b31733a9a3e8f5cfe12e01c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-translation.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90988, "scanner": "repobility-supply-chain", "fingerprint": "6cccc833d14edf989f81efab346fae535b834e9da8e906f5b5a6e8b8c9982831", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cccc833d14edf989f81efab346fae535b834e9da8e906f5b5a6e8b8c9982831"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-translation.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `ghcr.io/flathub-infra/flatpak-github-actions:gnome-50` unpinned: `container/services image: ghcr.io/flathub-infra/flatpak-github-actions:gnome-50` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 90987, "scanner": "repobility-supply-chain", "fingerprint": "925fa7a8ce7f2784efc8e3afcbcd94531a3f3681490994ffdfe2e20686d93295", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|925fa7a8ce7f2784efc8e3afcbcd94531a3f3681490994ffdfe2e20686d93295"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `WebFreak001/deploy-nightly` pinned to mutable ref `@v3.2.0`: `uses: WebFreak001/deploy-nightly@v3.2.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90986, "scanner": "repobility-supply-chain", "fingerprint": "afa2e45c369e07c8a8987bb8ecdd883dbbfec96ad3f96ca9315fe34a56045bcd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|afa2e45c369e07c8a8987bb8ecdd883dbbfec96ad3f96ca9315fe34a56045bcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90985, "scanner": "repobility-supply-chain", "fingerprint": "7498c46f55451668756b0ac2c368905eee52ea68127644561f189bc69ceb533b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7498c46f55451668756b0ac2c368905eee52ea68127644561f189bc69ceb533b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `flatpak/flatpak-github-actions/flatpak-builder` pinned to mutable ref `@master`: `uses: flatpak/flatpak-github-actions/flatpak-builder@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90984, "scanner": "repobility-supply-chain", "fingerprint": "437ed9a67a0ecaee0fb72ee09f31b3277f9946ef3843cdf06690eb84ea508014", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|437ed9a67a0ecaee0fb72ee09f31b3277f9946ef3843cdf06690eb84ea508014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90983, "scanner": "repobility-supply-chain", "fingerprint": "9b8f0767f35077f868af8fcf9b97c3c4113084626c67a7ab372b1b080b6b0250", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9b8f0767f35077f868af8fcf9b97c3c4113084626c67a7ab372b1b080b6b0250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache/restore` pinned to mutable ref `@v5`: `uses: actions/cache/restore@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90982, "scanner": "repobility-supply-chain", "fingerprint": "881b37ad4063dc94a66d37b07ef621b6c594e8503889432bf01fc4c5e19e75e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|881b37ad4063dc94a66d37b07ef621b6c594e8503889432bf01fc4c5e19e75e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90981, "scanner": "repobility-supply-chain", "fingerprint": "ab8678c066a523ea804e24b2fb6cab6ed2c0a7ee7e9e2aad1add14502a789fc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab8678c066a523ea804e24b2fb6cab6ed2c0a7ee7e9e2aad1add14502a789fc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `geekyeggo/delete-artifact` pinned to mutable ref `@v6`: `uses: geekyeggo/delete-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90980, "scanner": "repobility-supply-chain", "fingerprint": "cc4532c3e9e038d97409bc458f9aee4ebede554028a2c4940e10581059f0dc2c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc4532c3e9e038d97409bc458f9aee4ebede554028a2c4940e10581059f0dc2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `EnricoMi/publish-unit-test-result-action` pinned to mutable ref `@v2`: `uses: EnricoMi/publish-unit-test-result-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90979, "scanner": "repobility-supply-chain", "fingerprint": "cc0b2e2def504d8ae7f41e623d65e42b397763173f6ed1e805b50af65f1ffd54", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc0b2e2def504d8ae7f41e623d65e42b397763173f6ed1e805b50af65f1ffd54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90978, "scanner": "repobility-supply-chain", "fingerprint": "5499b1b6723e68b97d7d8857c32bb310cf68d073ba0e8ab14eb84dc3d6ecc885", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5499b1b6723e68b97d7d8857c32bb310cf68d073ba0e8ab14eb84dc3d6ecc885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `lukka/get-cmake` pinned to mutable ref `@latest`: `uses: lukka/get-cmake@latest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90977, "scanner": "repobility-supply-chain", "fingerprint": "361ed5dc57427999cd373d3fdbefad0eb84a603750ddd992097e29ab36d56ae6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|361ed5dc57427999cd373d3fdbefad0eb84a603750ddd992097e29ab36d56ae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90976, "scanner": "repobility-supply-chain", "fingerprint": "45f428dc68dc688af483b093a695ed7aae8b88265f7b7d6d77006d8db4dfd587", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45f428dc68dc688af483b093a695ed7aae8b88265f7b7d6d77006d8db4dfd587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90975, "scanner": "repobility-supply-chain", "fingerprint": "6ca93fc8acb9b237625de37ea94e145cd80814882ddd7e494e09614afd3379a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ca93fc8acb9b237625de37ea94e145cd80814882ddd7e494e09614afd3379a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_all.yml"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90974, "scanner": "repobility-supply-chain", "fingerprint": "b94c0653445e8b26718ea92348ae688156b696fbea9d141443db36ae8dd912ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b94c0653445e8b26718ea92348ae688156b696fbea9d141443db36ae8dd912ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-close-duplicates.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 90973, "scanner": "repobility-supply-chain", "fingerprint": "e9f2f9a9d3f6711593897e712761748aecad74ac0f70d73a3c9ac589bd70cbda", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e9f2f9a9d3f6711593897e712761748aecad74ac0f70d73a3c9ac589bd70cbda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-close-duplicates.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `docker.io/ubuntu:24.04` not pinned by digest: `FROM docker.io/ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 90972, "scanner": "repobility-supply-chain", "fingerprint": "81e2695ca4c0f44a51a1a48a4d8947e1332011c51765b90707d1161d0efde941", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81e2695ca4c0f44a51a1a48a4d8947e1332011c51765b90707d1161d0efde941"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 90952, "scanner": "repobility-ast-engine", "fingerprint": "bd37f90bbe43a5d631f434e7a72e4bac4887b62696466a6e00d08753039643f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd37f90bbe43a5d631f434e7a72e4bac4887b62696466a6e00d08753039643f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_moonraker_lane_data.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 90902, "scanner": "repobility-threat-engine", "fingerprint": "856cbf344404869b7eacfda96e59fdc443b3d4ccfb49e3cb4438d3d4de52a5e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|856cbf344404869b7eacfda96e59fdc443b3d4ccfb49e3cb4438d3d4de52a5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/libslic3r/ProjectTask.hpp"}, "region": {"startLine": 233}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 90893, "scanner": "repobility-threat-engine", "fingerprint": "62f9071c53902520487794c1cc522868b7f7c8b022aa31bfc71d5a434ac20927", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "swiper.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|62f9071c53902520487794c1cc522868b7f7c8b022aa31bfc71d5a434ac20927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/swiper/modules/manipulation/methods/prependSlide.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 90892, "scanner": "repobility-threat-engine", "fingerprint": "0915371bccd9ea02de8cd88faeeb02370706290329c5497e4272b5b22036ddcb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "swiper.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0915371bccd9ea02de8cd88faeeb02370706290329c5497e4272b5b22036ddcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/swiper/modules/manipulation/methods/appendSlide.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 90891, "scanner": "repobility-threat-engine", "fingerprint": "6e8c2e7523c081fa2060ae1e2c1bda649873139eecd819227b04f93c1563a59d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "swiper.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6e8c2e7523c081fa2060ae1e2c1bda649873139eecd819227b04f93c1563a59d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/swiper/modules/manipulation/methods/addSlide.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 90890, "scanner": "repobility-threat-engine", "fingerprint": "a5bc2fd9e939899dd4d6b806eda24032a44ecb04f79a9f77d832601c25b9f0d3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a5bc2fd9e939899dd4d6b806eda24032a44ecb04f79a9f77d832601c25b9f0d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/include/swiper/modules/history/history.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 90889, "scanner": "repobility-threat-engine", "fingerprint": "7b93712cad3d9a6036458cec4d97d47fa3eae8b86c7162d9e3469065253f8882", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b93712cad3d9a6036458cec4d97d47fa3eae8b86c7162d9e3469065253f8882"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/swiper/modules/history/history.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 90866, "scanner": "repobility-threat-engine", "fingerprint": "f8e559e1f29a50065af2a3616d47d699fe6f5f857911b290a610ce81dcdeb289", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8e559e1f29a50065af2a3616d47d699fe6f5f857911b290a610ce81dcdeb289"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/launch_medit.cpp"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 90999, "scanner": "repobility-supply-chain", "fingerprint": "294d08ec5d8d091b584594e7b0778bd54498a480118a9ead69ce45c18a1eaa2d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|resources/tooltip/main.js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/tooltip/main.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 90957, "scanner": "repobility-ast-engine", "fingerprint": "7ef470daa5f24c60d0e519fc3fe81523231321917f25f0cd3cb7cae45ee48afb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ef470daa5f24c60d0e519fc3fe81523231321917f25f0cd3cb7cae45ee48afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/orca_filament_lib.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 90885, "scanner": "repobility-threat-engine", "fingerprint": "5f04c7c34a8b0907f6ffb252fb3b807fe5df5b5fdfbda0c944102356aeadf64f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f04c7c34a8b0907f6ffb252fb3b807fe5df5b5fdfbda0c944102356aeadf64f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/homepage/js/json2.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 90884, "scanner": "repobility-threat-engine", "fingerprint": "3669a913fcdf236c0060358e5eb4ce4adf13d8452ba9a828332daf344c51984a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3669a913fcdf236c0060358e5eb4ce4adf13d8452ba9a828332daf344c51984a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/guide/js/json2.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 90883, "scanner": "repobility-threat-engine", "fingerprint": "715af1ecdedc1ab8545fabc78754d3311f80e77e09f23dd3fb39dd481983e6d7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|715af1ecdedc1ab8545fabc78754d3311f80e77e09f23dd3fb39dd481983e6d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "resources/web/dialog/js/json2.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 90864, "scanner": "repobility-threat-engine", "fingerprint": "03050d3d9a6a3e744d33f647c8f7d614194aab9f074550a7857d8fcbcbdabe0e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|03050d3d9a6a3e744d33f647c8f7d614194aab9f074550a7857d8fcbcbdabe0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libnest2d/tools/svgtools.hpp"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 90863, "scanner": "repobility-threat-engine", "fingerprint": "b4986ef4a0a1f378710c986479f3da94a1ea9bfd0b3a794a23ec3940838a5519", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4986ef4a0a1f378710c986479f3da94a1ea9bfd0b3a794a23ec3940838a5519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/copyleft/tetgen/tetrahedralize.cpp"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 90862, "scanner": "repobility-threat-engine", "fingerprint": "154bc4905ce7828ab9389e9e47b6d4726b9a1a3d1ffd23c342556943e1171165", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|154bc4905ce7828ab9389e9e47b6d4726b9a1a3d1ffd23c342556943e1171165"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deps_src/libigl/igl/copyleft/opengl2/texture_from_tga.cpp"}, "region": {"startLine": 29}}}]}]}]}