{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `leyu-frontend` image is selected through a build variable", "shortDescription": {"text": "Compose service `leyu-frontend` image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/449"}, "properties": {"repository": "leyu-data-collection-platform/leyu-frontend", "repoUrl": "https://github.com/leyu-data-collection-platform/leyu-frontend.git", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 23376, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 23375, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 23362, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 23356, "scanner": "repobility-docker", "fingerprint": "33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|33a0700307fec6dd1b5a5b444d0bf37638020b02b69a9403ab5f2cbaa0deb29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 23355, "scanner": "repobility-docker", "fingerprint": "dcd881fbfd04209a8c387b317094aa3e6a413e2ad81c1011bc2bccf1fe80aa6b", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|dcd881fbfd04209a8c387b317094aa3e6a413e2ad81c1011bc2bccf1fe80aa6b", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 23347, "scanner": "repobility-threat-engine", "fingerprint": "9eb3bd3752166ac956b2e1e83d4b39d87e2966fb4984317cec34145933371ece", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9eb3bd3752166ac956b2e1e83d4b39d87e2966fb4984317cec34145933371ece"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/baseData/basedataUpdateModal.tsx"}, "region": {"startLine": 65}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 23346, "scanner": "repobility-threat-engine", "fingerprint": "1ba4b18697f93333394ef6ede29c9fff62cd8021d9085fffcb65325ff6449e5c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {\n      \n      }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1ba4b18697f93333394ef6ede29c9fff62cd8021d9085fffcb65325ff6449e5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/api/auth/[...nextauth]/route.ts"}, "region": {"startLine": 185}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 23345, "scanner": "repobility-threat-engine", "fingerprint": "8e136bf22a9a320213a615f06e847170c3464893c5293bdb1e0bb6664573d519", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8e136bf22a9a320213a615f06e847170c3464893c5293bdb1e0bb6664573d519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/setting/page.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 23374, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 23373, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 23372, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 23371, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 23363, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 23361, "scanner": "repobility-docker", "fingerprint": "49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "leyu-frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|49a734132a17ba8b6533a048b485a56c4be0178dae5527cdd48a6ea9abc84b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 23359, "scanner": "repobility-docker", "fingerprint": "8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "leyu-frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 23357, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23344, "scanner": "repobility-ai-code-hygiene", "fingerprint": "336f4d7f05d52fad725e52de3cea385e90a4a094abf541bbba7e853b3a51336f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(public)/linkForm/contributor/[invitation_link_id]/page.tsx", "duplicate_line": 5, "correlation_key": "fp|336f4d7f05d52fad725e52de3cea385e90a4a094abf541bbba7e853b3a51336f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(public)/linkForm/facilitator/[invitation_link_id]/page.tsx"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23343, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7dd4351b42208182d96cb2195c9d11fcd09c3dfc85af4144becf94ed3d7ef9b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(auth)/login/page.tsx", "duplicate_line": 182, "correlation_key": "fp|7dd4351b42208182d96cb2195c9d11fcd09c3dfc85af4144becf94ed3d7ef9b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(public)/linkForm/contributor/[invitation_link_id]/page.tsx"}, "region": {"startLine": 228}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23342, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff4cf5cd19d3504970343de1257305afd665120482152d51a33668148dbc4028", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|ff4cf5cd19d3504970343de1257305afd665120482152d51a33668148dbc4028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/users/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23341, "scanner": "repobility-ai-code-hygiene", "fingerprint": "440e904ba4b7656d35ba484bb05d3d11fe0a5bf4591c5cb32a1b0f753ce89fa0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/superadmin/tasks/[id]/page.tsx", "duplicate_line": 456, "correlation_key": "fp|440e904ba4b7656d35ba484bb05d3d11fe0a5bf4591c5cb32a1b0f753ce89fa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/userLog/[user_id]/page.tsx"}, "region": {"startLine": 184}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23340, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f253689c162bacdfae041bb2fc1e1496249f671da6cf7e6f4d77dc6f5566a25c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|f253689c162bacdfae041bb2fc1e1496249f671da6cf7e6f4d77dc6f5566a25c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/setting/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23339, "scanner": "repobility-ai-code-hygiene", "fingerprint": "56983f5012954475e4720faff92ef3212474723aa6f264b7dc6c6b8c202b1d2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/projectmanager/projectDetail/[id]/page.tsx", "duplicate_line": 30, "correlation_key": "fp|56983f5012954475e4720faff92ef3212474723aa6f264b7dc6c6b8c202b1d2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/projectDetail/[id]/page.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23338, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2018bdad82289db42456a68548a3e879b8c31af55e258a95f69949bdae12162", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|d2018bdad82289db42456a68548a3e879b8c31af55e258a95f69949bdae12162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/projectArchive/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23337, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f4a1cbd6a5a1b6bdc95e9c5acedaea324a6a9c663385181b3fcf206a634f28e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|7f4a1cbd6a5a1b6bdc95e9c5acedaea324a6a9c663385181b3fcf206a634f28e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/project/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23336, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d9c9f98fcb8e9caafffc43047b08c53eff506f11daea4a410e98d887f824cba0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/projectmanager/page.tsx", "duplicate_line": 66, "correlation_key": "fp|d9c9f98fcb8e9caafffc43047b08c53eff506f11daea4a410e98d887f824cba0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/page.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23335, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f03859cae104c38077751f3ce23053044cc4af2f0e04eabeca28147b4e8e7441", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|f03859cae104c38077751f3ce23053044cc4af2f0e04eabeca28147b4e8e7441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/log/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23334, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9124df0306f16bfdcdcffeb6b3759c66318acb06576bc7fedbbec45fbbf160b2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|9124df0306f16bfdcdcffeb6b3759c66318acb06576bc7fedbbec45fbbf160b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/zone/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23333, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9200e20f198293e33074e743009584a5e91a6ec75293c010f242e481bf6f8a82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|9200e20f198293e33074e743009584a5e91a6ec75293c010f242e481bf6f8a82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/sector/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23332, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a70891ce8eddd730ce15c4724813ba1b123825e4a8625d2f7a5c64789f67a9df", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|a70891ce8eddd730ce15c4724813ba1b123825e4a8625d2f7a5c64789f67a9df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/rejectionType/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23331, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39b2ecca639a0ff2f6af9821e31c932e21d945de856a25b0456aa808dfa3da33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|39b2ecca639a0ff2f6af9821e31c932e21d945de856a25b0456aa808dfa3da33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/region/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23330, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a930921f924ea933cd456efbd80b74850de3524821bb13b717d8a67920286fe6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|a930921f924ea933cd456efbd80b74850de3524821bb13b717d8a67920286fe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/organization/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23329, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6c21f68412be348cffa31187edbce521acd2b102a1c721f1de186cded5e4969", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|c6c21f68412be348cffa31187edbce521acd2b102a1c721f1de186cded5e4969"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/language/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23328, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1eed5caef6e0a447f86e12b8ede92c5b4474e76d9469fd04683e897b78b63fe9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|1eed5caef6e0a447f86e12b8ede92c5b4474e76d9469fd04683e897b78b63fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/flagType/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23327, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa732d18393f6f91192b5740c5ac7c5a4a885041e1b7f5db229b1a53d64f695b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|aa732d18393f6f91192b5740c5ac7c5a4a885041e1b7f5db229b1a53d64f695b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/dialect/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23326, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2baa594bad65b22719fc24db5c6758efe13be0967184917b775d0b96809ca904", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|2baa594bad65b22719fc24db5c6758efe13be0967184917b775d0b96809ca904"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/country/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23325, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0f67c170a9cd3a405f8493ede681014ec7cd70674606898e23dde9d8ef4d006", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|b0f67c170a9cd3a405f8493ede681014ec7cd70674606898e23dde9d8ef4d006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/annotationType/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23324, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e03ac7dfe6a0679636fa487ef8bbf2c292328ae4b2df61368d19bb3cd4ecc874", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|e03ac7dfe6a0679636fa487ef8bbf2c292328ae4b2df61368d19bb3cd4ecc874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/superadmin/basedata/annotation/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23323, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f1e09d1e2ec210d9329c9b3903197bbfc4f1b52fc50c2c8f720ac0c1c875230", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|6f1e09d1e2ec210d9329c9b3903197bbfc4f1b52fc50c2c8f720ac0c1c875230"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/reviewer/tasks/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23322, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b828ecc5b72e36da2bcd3482e1808e00665194557d2609a83f01728606c6058", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/qualityAssurance/tasks/[taskId]/review/page.tsx", "duplicate_line": 30, "correlation_key": "fp|9b828ecc5b72e36da2bcd3482e1808e00665194557d2609a83f01728606c6058"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/reviewer/tasks/[taskId]/review/page.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23321, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f7ecde47d11b96e6e5de406664535dcadeb6515109b992a84e33898813fb067", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|4f7ecde47d11b96e6e5de406664535dcadeb6515109b992a84e33898813fb067"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/reviewer/submissions/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23320, "scanner": "repobility-ai-code-hygiene", "fingerprint": "934d55d93ef701d2d96230566274ed493db3e1faef4f16af182abd2d827fe235", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|934d55d93ef701d2d96230566274ed493db3e1faef4f16af182abd2d827fe235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/reviewer/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23319, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3e5da7fde58674b65e6d973ead4bb012b779eb919a29e135dc3879c88c5f08a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|b3e5da7fde58674b65e6d973ead4bb012b779eb919a29e135dc3879c88c5f08a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/qualityAssurance/tasks/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23318, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f54c5fd41132b68432a85d68f47893a044083bccfa8b7fb267bdf758a95fa6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|8f54c5fd41132b68432a85d68f47893a044083bccfa8b7fb267bdf758a95fa6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/qualityAssurance/submissions/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23317, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0bce2c888ff7fac8ec885d55cb6a2491c01bc4dfe9fe3a9499dffc62979be6b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|a0bce2c888ff7fac8ec885d55cb6a2491c01bc4dfe9fe3a9499dffc62979be6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/qualityAssurance/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23316, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88926fd0ae0af7b246343f4f6924c6a1ea4b81f36bb5a763f620a51644cadb4d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/tasks/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|88926fd0ae0af7b246343f4f6924c6a1ea4b81f36bb5a763f620a51644cadb4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/projectmanager/project/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23315, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8929fec31e4b21a77b8502bcdc3c6886be8a74b70502cfc3d957bd98aff1250d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/app/(dashboard)/facilitator/layout.tsx", "duplicate_line": 1, "correlation_key": "fp|8929fec31e4b21a77b8502bcdc3c6886be8a74b70502cfc3d957bd98aff1250d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(dashboard)/projectmanager/layout.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Compose service `leyu-frontend` image is selected through a build variable"}, "properties": {"repobilityId": 23358, "scanner": "repobility-docker", "fingerprint": "42ef6df9b5e9cecc0e0a42505408bf77653e4fa2f40d9319a61ad88a75113f47", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${DOCKER_IMAGE_NAME:-leyu-frontend}:${DOCKER_IMAGE_TAG:-latest}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|42ef6df9b5e9cecc0e0a42505408bf77653e4fa2f40d9319a61ad88a75113f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23354, "scanner": "repobility-threat-engine", "fingerprint": "015c63674ffef35da98d861c15df25f3b8ed2b2e7c6a8cecb9ebfd749efa1618", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "console.log(\"Session data missing - token likely expired\")", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|console.log session data missing - token likely expired"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/hooks/useSessionExpiry.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23353, "scanner": "repobility-threat-engine", "fingerprint": "2abddf25790b6f13262c6b1ad0c78538ec3e4498e67a4b891c09a6e1bc0e4ecd", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "console.log(\"TopBar - Environment:\", process.env.NODE_ENV)", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|28|console.log topbar - environment: process.env.node_env"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/layout/TopBar.tsx"}, "region": {"startLine": 282}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 23352, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 23348, "scanner": "repobility-threat-engine", "fingerprint": "055b128e54917333871f45ce83794a8adcd0bcced4122364ec765924b53569e5", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|055b128e54917333871f45ce83794a8adcd0bcced4122364ec765924b53569e5"}}}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23370, "scanner": "repobility-journey-contract", "fingerprint": "7314c081466e0d3618578d19ad06c49911904dfc62c3cbf5d043a847da653b2d", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|164|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/usersProject/updateUserForm.tsx"}, "region": {"startLine": 164}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23369, "scanner": "repobility-journey-contract", "fingerprint": "56d0cd9ab63bacd6355629ecc8bfec0389c2dc31994ae6442570b54a1bc9b9aa", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|136|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/usersProject/addUserForm.tsx"}, "region": {"startLine": 136}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23368, "scanner": "repobility-journey-contract", "fingerprint": "01e2d57ec07f07aa7639ff3560b1a316a570470ed464f9ba74bc7e0be3527cf9", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|165|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/users/updateUserForm.tsx"}, "region": {"startLine": 165}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23367, "scanner": "repobility-journey-contract", "fingerprint": "9358b938d458ffffb7bcdfc3ad916859bb41002fca9e05d6810f36a6f7bee27b", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|352|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/users/addUserForm.tsx"}, "region": {"startLine": 352}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23366, "scanner": "repobility-journey-contract", "fingerprint": "63424aaae0f11760c3c7f16d0f1cd83f3de6773fa42d6e9a60d55cab992d2f33", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/app/ public /linkform/reviewer/ invitation_link_id /page.tsx|344|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(public)/linkForm/reviewer/[invitation_link_id]/page.tsx"}, "region": {"startLine": 344}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23365, "scanner": "repobility-journey-contract", "fingerprint": "803c76deef131b7d2330e73defd639ba4df6fd0272651b003d005df7512d168d", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/app/ public /linkform/facilitator/ invitation_link_id /page.tsx|344|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(public)/linkForm/facilitator/[invitation_link_id]/page.tsx"}, "region": {"startLine": 344}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 23364, "scanner": "repobility-journey-contract", "fingerprint": "dac7e3565cb22ebb59f6b48e5652f8a824abdd48adfef68e4ccbfc7882bcb3e2", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/app/ public /linkform/contributor/ invitation_link_id /page.tsx|345|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/(public)/linkForm/contributor/[invitation_link_id]/page.tsx"}, "region": {"startLine": 345}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23351, "scanner": "repobility-threat-engine", "fingerprint": "0f5f11e54bfc80bbb52739af03884197088602ef51a07b0a6f9771d0ac9c3fc6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0f5f11e54bfc80bbb52739af03884197088602ef51a07b0a6f9771d0ac9c3fc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/project/updateProjectModal.tsx"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23350, "scanner": "repobility-threat-engine", "fingerprint": "77683aff49195c0fd979a52fe76114afa6865287893ec49d715f8c731771a3f8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|77683aff49195c0fd979a52fe76114afa6865287893ec49d715f8c731771a3f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/components/project/addProjectModal.tsx"}, "region": {"startLine": 334}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23349, "scanner": "repobility-threat-engine", "fingerprint": "906e2833839fa298d76cc3f90102e8231e328920c0b4c03f5d657ba59501d211", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|906e2833839fa298d76cc3f90102e8231e328920c0b4c03f5d657ba59501d211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/app/api/auth/[...nextauth]/route.ts"}, "region": {"startLine": 177}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 23314, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 23360, "scanner": "repobility-docker", "fingerprint": "2a6608f39d04c4c39bf66fc97ccb5980b067c76ef8f8667ae5bc945202db0e89", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "leyu-frontend", "variable": "NEXTAUTH_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|2a6608f39d04c4c39bf66fc97ccb5980b067c76ef8f8667ae5bc945202db0e89", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}]}]}