{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "TEST002", "name": "Function is stub-only (pass/raise NotImplementedError)", "shortDescription": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "fullDescription": {"text": "Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"scanner": "repobility", "category": "test_quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CONC002", "name": "Concurrency \u2014 TOCTOU race via os.path.exists+open", "shortDescription": {"text": "Concurrency \u2014 TOCTOU race via os.path.exists+open"}, "fullDescription": {"text": "if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"scanner": "repobility", "category": "race_condition", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CORS001", "name": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin", "shortDescription": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "fullDescription": {"text": "Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"scanner": "repobility", "category": "auth", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SUPC002", "name": "Supply chain \u2014 npm install without lockfile", "shortDescription": {"text": "Supply chain \u2014 npm install without lockfile"}, "fullDescription": {"text": "Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"scanner": "repobility", "category": "supply_chain", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "XSS001", "name": "Cross-site scripting \u2014 dangerouslySetInnerHTML", "shortDescription": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "fullDescription": {"text": "dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"scanner": "repobility", "category": "injection", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "QUAL004", "name": "Placeholder default username (admin/admin)", "shortDescription": {"text": "Placeholder default username (admin/admin)"}, "fullDescription": {"text": "foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "low", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a loopback host port", "shortDescription": {"text": "Database service publishes a loopback host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.58, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[SEC004] SQL Injection Risk (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Use parameterized queries: op.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 14 more): Same pattern found in 14 additional files. Review if ne", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "TEST001", "name": "Phantom test coverage \u2014 test files without real assertions", "shortDescription": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "fullDescription": {"text": "Test function that runs code but contains no assert/expect/should \u2014 passes regardless of behaviour."}, "properties": {"scanner": "repobility", "category": "test_quality", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERRH001", "name": "Bare except: pass \u2014 silent failure", "shortDescription": {"text": "Bare except: pass \u2014 silent failure"}, "fullDescription": {"text": "except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP006", "name": "Crypto \u2014 TLS verification disabled", "shortDescription": {"text": "Crypto \u2014 TLS verification disabled"}, "fullDescription": {"text": "verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CONC001", "name": "Concurrency \u2014 blocking call inside asyncio coroutine", "shortDescription": {"text": "Concurrency \u2014 blocking call inside asyncio coroutine"}, "fullDescription": {"text": "requests.get / time.sleep / open().read inside async def \u2014 blocks the event loop."}, "properties": {"scanner": "repobility", "category": "race_condition", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SQLI001", "name": "SQL Injection \u2014 string-concat or f-string into execute()", "shortDescription": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "fullDescription": {"text": "cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "properties": {"scanner": "repobility", "category": "injection", "severity": "critical", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/377"}, "properties": {"repository": "xr843/fojin", "repoUrl": "https://github.com/xr843/fojin.git", "branch": "master"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21925, "scanner": "repobility", "fingerprint": "7eb08e1d23d0ec2a6f01c5ebacd97f4c", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 0", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0059_add_sort_order_and_cleanup.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "TEST002", "level": "warning", "message": {"text": "Function is stub-only (pass/raise NotImplementedError)"}, "properties": {"repobilityId": 21424, "scanner": "repobility", "fingerprint": "71109562d3b0ffe0a82e74c84dd2f8ad", "category": "test_quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "def downgrade(...): pass", "aljefra_cwe": ["CWE-1188"], "aljefra_owasp": null, "aljefra_pattern_slug": "stub-only-function"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0079_normalize_language_codes.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "CONC002", "level": "warning", "message": {"text": "Concurrency \u2014 TOCTOU race via os.path.exists+open"}, "properties": {"repobilityId": 16274, "scanner": "repobility", "fingerprint": "590b3370ea6511cbca3f0ff9f1eaea4a", "category": "race_condition", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "if os.path.exists(catalog_file):\n        with open(", "aljefra_cwe": ["CWE-367"], "aljefra_owasp": null, "aljefra_pattern_slug": "toctou-os-path-exists"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/download_sc_data.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "CONC002", "level": "warning", "message": {"text": "Concurrency \u2014 TOCTOU race via os.path.exists+open"}, "properties": {"repobilityId": 16273, "scanner": "repobility", "fingerprint": "23b765d2e4f422bb9bf41af4b5cc2677", "category": "race_condition", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "if os.path.exists(CHECKPOINT_FILE):\n        with open(", "aljefra_cwe": ["CWE-367"], "aljefra_owasp": null, "aljefra_pattern_slug": "toctou-os-path-exists"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/download_sc_data.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "CONC002", "level": "warning", "message": {"text": "Concurrency \u2014 TOCTOU race via os.path.exists+open"}, "properties": {"repobilityId": 16272, "scanner": "repobility", "fingerprint": "2e05bf32d7ef934682f6de0bd07867fa", "category": "race_condition", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "if os.path.exists(CHECKPOINT_FILE):\n        with open(", "aljefra_cwe": ["CWE-367"], "aljefra_owasp": null, "aljefra_pattern_slug": "toctou-os-path-exists"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_content.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15804, "scanner": "repobility", "fingerprint": "3067f78d8cfcd7b1db9842cca2438088", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins,", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/main.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "CORS001", "level": "warning", "message": {"text": "CORS misconfiguration \u2014 wildcard Access-Control-Allow-Origin"}, "properties": {"repobilityId": 15803, "scanner": "repobility", "fingerprint": "286f557bd5f28d077b9a04da8e0c21e4", "category": "auth", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "cors_origins = os.environ.get(", "aljefra_cwe": ["CWE-942", "CWE-346"], "aljefra_owasp": "A05:2021", "aljefra_pattern_slug": "cors-wildcard"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/main.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SUPC002", "level": "warning", "message": {"text": "Supply chain \u2014 npm install without lockfile"}, "properties": {"repobilityId": 15662, "scanner": "repobility", "fingerprint": "8d2cbf5a05149f8749f3a20885a7488f", "category": "supply_chain", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "RUN pip install", "aljefra_cwe": ["CWE-1357"], "aljefra_owasp": "A06:2021", "aljefra_pattern_slug": "npm-install-no-lockfile"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "SUPC002", "level": "warning", "message": {"text": "Supply chain \u2014 npm install without lockfile"}, "properties": {"repobilityId": 15661, "scanner": "repobility", "fingerprint": "15a221bbfa5b48457c11706981099170", "category": "supply_chain", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "RUN npm install", "aljefra_cwe": ["CWE-1357"], "aljefra_owasp": "A06:2021", "aljefra_pattern_slug": "npm-install-no-lockfile"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14169, "scanner": "repobility", "fingerprint": "7c5f55f966d254d9654fb0bce8550e73", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0058_expand_mainland_topic_buddhist_sources.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14168, "scanner": "repobility", "fingerprint": "442b1d1f406553ea0664e847d14396be", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0058_expand_mainland_topic_buddhist_sources.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14167, "scanner": "repobility", "fingerprint": "3aa483b6431026c678e637c70622d638", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0058_expand_mainland_topic_buddhist_sources.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14166, "scanner": "repobility", "fingerprint": "4b8cc29d93a39caf4052469af3ea09a2", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0057_add_mainland_buddhist_sources.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14165, "scanner": "repobility", "fingerprint": "ddb6d040fb80f3305778480687120119", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0057_add_mainland_buddhist_sources.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14164, "scanner": "repobility", "fingerprint": "81e5bf377fac58dbc4bd865070317c26", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0062_fix_canon_source_urls.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14163, "scanner": "repobility", "fingerprint": "4b8bbc9c128bb3d8620d53b6e6f3c933", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0062_fix_canon_source_urls.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14162, "scanner": "repobility", "fingerprint": "98be71ae320be650d6274ca0197d617d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0062_fix_canon_source_urls.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14161, "scanner": "repobility", "fingerprint": "ed3ca7aea367943d76d409e4a960ef6a", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0022_seed_research_sources.py"}, "region": {"startLine": 367}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14160, "scanner": "repobility", "fingerprint": "ec1d840b60ca71a9bd8570348b2f49b3", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0022_seed_research_sources.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14159, "scanner": "repobility", "fingerprint": "d24bedb3e3ae546701ef105587b21089", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0022_seed_research_sources.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14158, "scanner": "repobility", "fingerprint": "52e98f255bdb12e13762b57a7c79fd62", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0060_add_tripitaka_canon_sources.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14157, "scanner": "repobility", "fingerprint": "55753113865eb82946c3c7bfcf284e6d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0084_add_vietnam_southeast_asia_sources.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14156, "scanner": "repobility", "fingerprint": "4d6882c3656a79ae66a489fdb3e7110d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0047_fix_lancaster_catalog_url.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14155, "scanner": "repobility", "fingerprint": "28031774716cd50b6e6b94729632683f", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0049_fix_down_and_moved_source_urls.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14154, "scanner": "repobility", "fingerprint": "95aa6afd6506c207b824042f3a6d8337", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0049_fix_down_and_moved_source_urls.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14153, "scanner": "repobility", "fingerprint": "804eaa403754d190ef9b3541631804b7", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0092_fix_dharmamitra_conflict.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14152, "scanner": "repobility", "fingerprint": "abb6ddeca6e3addac80c0b438be2a24f", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14151, "scanner": "repobility", "fingerprint": "c8ff183a79ba73ee3da6b8012b12151d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14150, "scanner": "repobility", "fingerprint": "ce2f358b4d84ee80480e3bc164a6d966", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14149, "scanner": "repobility", "fingerprint": "2cec5a1bc18208ffa0115b6ff7f11884", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14148, "scanner": "repobility", "fingerprint": "9fc97f695d457703fb223025ffb98e54", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14147, "scanner": "repobility", "fingerprint": "89878035750b416c963c2be85dad7cdb", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14146, "scanner": "repobility", "fingerprint": "ed351a512dbab79141571b8a320fe220", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14145, "scanner": "repobility", "fingerprint": "a06b780afaeebafd4aa98177dd886d8b", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14144, "scanner": "repobility", "fingerprint": "26f165dcf70bf826c21b7f82d0b2d9a7", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14143, "scanner": "repobility", "fingerprint": "3d549e9ad3975531c1fec6fcdf667926", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0018_seed_global_sources.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14142, "scanner": "repobility", "fingerprint": "80a1e9897d0ffae38446b331d5ab334f", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14141, "scanner": "repobility", "fingerprint": "2a56eb6500f775befff9800d249572b7", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14140, "scanner": "repobility", "fingerprint": "d0e94101b355ba6b0bde277b2ecbe41a", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14139, "scanner": "repobility", "fingerprint": "35537bb79fa017141554ba678db87ecf", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14138, "scanner": "repobility", "fingerprint": "4eb427792ceed6692825dd41398ad431", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14137, "scanner": "repobility", "fingerprint": "bb303519dd5e5c61609cc19b050b372b", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14136, "scanner": "repobility", "fingerprint": "3fb8a546a3b9240130140b3192ced6a4", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14135, "scanner": "repobility", "fingerprint": "3d2835f2f683d355b5e0366f8f593368", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14134, "scanner": "repobility", "fingerprint": "885852f4205049fa805a20794378bc10", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14133, "scanner": "repobility", "fingerprint": "e243b1c8cce13098c0d08c162254b6c0", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0033_import_google_discovered_sources.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14132, "scanner": "repobility", "fingerprint": "964114ebabb4bb9f46e1ec34e698831c", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0033_import_google_discovered_sources.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14131, "scanner": "repobility", "fingerprint": "d59e66700e525cc91aceefab23cf6776", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0033_import_google_discovered_sources.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14130, "scanner": "repobility", "fingerprint": "183316f6524ea1f9f56e59f5b663fe5e", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0043_cleanup_candidate_sources.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14129, "scanner": "repobility", "fingerprint": "850b34ffbb8e7d37524a57af9eb18e2d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14128, "scanner": "repobility", "fingerprint": "84093131ba1f01f36e66f40f999005f7", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14127, "scanner": "repobility", "fingerprint": "f16c1ebc806823a4f0bfbb7af0b3de48", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14126, "scanner": "repobility", "fingerprint": "662d878bd0cc9206ddbd8a3946ce6de2", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14125, "scanner": "repobility", "fingerprint": "1716f23dc31b36e31bf4ef86adf6ee03", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14124, "scanner": "repobility", "fingerprint": "c49160bd2657ced24e9a5c7509f522d3", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14123, "scanner": "repobility", "fingerprint": "19e6bfcf9a56f71e053edcf7f477d1f2", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14122, "scanner": "repobility", "fingerprint": "9f9dbd64e5e8e90dbe744162edbf18a0", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0016_seed_data_sources.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14121, "scanner": "repobility", "fingerprint": "ad6b3ecc32ae1dcf4bcdb2d681805b75", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 392}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14120, "scanner": "repobility", "fingerprint": "b784ce6b260073ce5433679ad13bacd2", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 336}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14119, "scanner": "repobility", "fingerprint": "c312837bc5662684f9e5906ad428a04d", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 318}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14118, "scanner": "repobility", "fingerprint": "10c8baf3f7808d606c22e9351a397967", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14117, "scanner": "repobility", "fingerprint": "e747bda7591e348e30946e51e749f0c9", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14116, "scanner": "repobility", "fingerprint": "dac00d06981039ec004b23acfc595dfb", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14115, "scanner": "repobility", "fingerprint": "a89bc772f0ce12c262bafd0e1ce9dbfc", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14114, "scanner": "repobility", "fingerprint": "9fbcb7253da1d9ab9f232ded2b06cbc9", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14113, "scanner": "repobility", "fingerprint": "39b3ba9d55520229032b256ee6ea0501", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0082_add_bookmark_sources_batch2.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14112, "scanner": "repobility", "fingerprint": "878fda5c9e90e49cd4769030d6615374", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0023_fix_urls_add_sources_upgrade_types.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14111, "scanner": "repobility", "fingerprint": "9daf128e58e66096e93978013551bff5", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0081_add_bookmark_sources.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14110, "scanner": "repobility", "fingerprint": "24b9688cacd29acff40f077890367b2b", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0081_add_bookmark_sources.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14109, "scanner": "repobility", "fingerprint": "e4b1a24a9779b3572fb385829ea3a9a3", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: migration script (typical placeholder values)]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0081_add_bookmark_sources.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14108, "scanner": "repobility", "fingerprint": "03443dc0ae5314cffdc95c9cf7a6dbde", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tests/conftest.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14107, "scanner": "repobility", "fingerprint": "b4fac3f7e1e748aaf80575ec362be4bf", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tests/test_kg.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14106, "scanner": "repobility", "fingerprint": "1e523e333e86281b7f6430414ab7ad80", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/extract_structured_kg.py"}, "region": {"startLine": 599}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14105, "scanner": "repobility", "fingerprint": "d8cbf561310936762cae878e5863af19", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_soothill.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14104, "scanner": "repobility", "fingerprint": "2a437004399e41231a67fc10a203b195", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_hopkins.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14103, "scanner": "repobility", "fingerprint": "efc9b3d5283c8479b008f3c8b74cd408", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_dila_dict.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14102, "scanner": "repobility", "fingerprint": "3025fe22fbca43ce09ea9cc56ca2f180", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_ddb.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14101, "scanner": "repobility", "fingerprint": "98820a3dd2c5aad878c6b010ede92c85", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_ddb.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14100, "scanner": "repobility", "fingerprint": "92158e8f8251e8549c713bc2a0f7ad33", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/core/xml_parser.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14099, "scanner": "repobility", "fingerprint": "efecaf29f4a1ea886ee0538b0feee166", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/core/xml_parser.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14098, "scanner": "repobility", "fingerprint": "0101c4b8007131a6fe260964a4f85244", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/core/tei_84000_parser.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14097, "scanner": "repobility", "fingerprint": "dc025db0fac2f2547c22aafda8a4aefb", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/core/tei_84000_parser.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14096, "scanner": "repobility", "fingerprint": "35f0d482499c005e668785c11f97f2c4", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/api/exports.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14095, "scanner": "repobility", "fingerprint": "32dde9eb6d7e99ef25168dc1e9021d75", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/api/exports.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14094, "scanner": "repobility", "fingerprint": "82131027532ed62f4ae91223fc312a4e", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/api/exports.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14093, "scanner": "repobility", "fingerprint": "5eff298e52e406cb248bf5f52ecb2278", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 121}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14092, "scanner": "repobility", "fingerprint": "f1d4a25ce3e49393404760003315ffb5", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 120}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14091, "scanner": "repobility", "fingerprint": "f34d50d5f7dc151a9c3992cd0a42944d", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 91}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14090, "scanner": "repobility", "fingerprint": "3a1aff26b0b96c72f8cebe4d6fb7e461", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 81}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14089, "scanner": "repobility", "fingerprint": "f4406122b08e1764dcff65477e6ce546", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 74}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14088, "scanner": "repobility", "fingerprint": "636917d6ec05d18d7c514074d9657d4a", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 65}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14087, "scanner": "repobility", "fingerprint": "670a61e28e239329ca7bc3b4c721014f", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 64}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14086, "scanner": "repobility", "fingerprint": "caa0980026f4846f23fd033cebe8a77f", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 36}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14085, "scanner": "repobility", "fingerprint": "c704dbc3c8461e7d0b5f67b21f0138de", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 34}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14084, "scanner": "repobility", "fingerprint": "896e0283a73090374b3861b6ab0172c7", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/config/searchPatterns.json"}, "region": {"startLine": 13}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14083, "scanner": "repobility", "fingerprint": "2696ce2230450c5369dad03dcd0e1eb5", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "XSS001", "level": "warning", "message": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "properties": {"repobilityId": 13439, "scanner": "repobility", "fingerprint": "ee2bae322d56468d2287854ccf919c1c", "category": "injection", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "dangerouslySetInnerHTML", "aljefra_cwe": ["CWE-79"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "react-dangerously-set-html"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/search/ContentCard.tsx"}, "region": {"startLine": 51}}}]}, {"ruleId": "XSS001", "level": "warning", "message": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "properties": {"repobilityId": 13438, "scanner": "repobility", "fingerprint": "5ece64b6f128d1fa6751a83498ddc58a", "category": "injection", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "dangerouslySetInnerHTML", "aljefra_cwe": ["CWE-79"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "react-dangerously-set-html"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/search/ContentCard.tsx"}, "region": {"startLine": 33}}}]}, {"ruleId": "XSS001", "level": "warning", "message": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "properties": {"repobilityId": 13437, "scanner": "repobility", "fingerprint": "268ffb2013b40ba36fc35be3e41e65ba", "category": "injection", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "dangerouslySetInnerHTML", "aljefra_cwe": ["CWE-79"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "react-dangerously-set-html"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/search/ResultCard.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "XSS001", "level": "warning", "message": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "properties": {"repobilityId": 13436, "scanner": "repobility", "fingerprint": "765992fe1a5925b6fad31ca183e2fb4d", "category": "injection", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "dangerouslySetInnerHTML", "aljefra_cwe": ["CWE-79"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "react-dangerously-set-html"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/search/ResultCard.tsx"}, "region": {"startLine": 19}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 12251, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 12237, "scanner": "repobility-docker", "fingerprint": "c003f244580783644217aa774a6cbf7b85a48e5d43b46df3bc52e2a55bc8ee6d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "docker.elastic.co/elasticsearch/elasticsearch:8.13.4", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|c003f244580783644217aa774a6cbf7b85a48e5d43b46df3bc52e2a55bc8ee6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "elasticsearch/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 12236, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 12230, "scanner": "repobility-threat-engine", "fingerprint": "ca5cce15256a03f89b5fadaf21046509096591739c048a152be8cf76c27e5d41", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|71|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/audit_sources.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 12229, "scanner": "repobility-threat-engine", "fingerprint": "e885b82ad380e1c69d27e12752b727af5b175e30890962440901cfc2d1f099fa", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|184|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_dpd.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12218, "scanner": "repobility-threat-engine", "fingerprint": "fc5746e5be783ebf0df131c37c1590239236843cdeab3cb1e49b345b555badb5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fc5746e5be783ebf0df131c37c1590239236843cdeab3cb1e49b345b555badb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/init_es_index.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12217, "scanner": "repobility-threat-engine", "fingerprint": "7d866b121f44d677a6f13409e6796f41c5181a3a663ff6ed4db151b4d381da5a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7d866b121f44d677a6f13409e6796f41c5181a3a663ff6ed4db151b4d381da5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_korean_hanja.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 12216, "scanner": "repobility-threat-engine", "fingerprint": "f3c1fcbf3e7182de95b4a88e6218504af31cfa10d9af84bc24b13f61ba85b689", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f3c1fcbf3e7182de95b4a88e6218504af31cfa10d9af84bc24b13f61ba85b689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/main.py"}, "region": {"startLine": 321}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12212, "scanner": "repobility-threat-engine", "fingerprint": "9130b3999260f5e7d068ddcdfe0db37993a1ebc464f715cb481e4c3428ec0aac", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9130b3999260f5e7d068ddcdfe0db37993a1ebc464f715cb481e4c3428ec0aac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/Layout.tsx"}, "region": {"startLine": 66}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12211, "scanner": "repobility-threat-engine", "fingerprint": "7a60d600dff4b9e7e8267beabad2b7665ffe6c63e0449cd42cbf804f44a9843f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a60d600dff4b9e7e8267beabad2b7665ffe6c63e0449cd42cbf804f44a9843f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/NotificationBell.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12210, "scanner": "repobility-threat-engine", "fingerprint": "c3bbacc5baa1b0680a1399e7e870eaddbb988d14a2a4840a336bf9861cdcb632", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3bbacc5baa1b0680a1399e7e870eaddbb988d14a2a4840a336bf9861cdcb632"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/pages/CollectionsPage.tsx"}, "region": {"startLine": 209}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12209, "scanner": "repobility-agent-runtime", "fingerprint": "f42e725e162d6946d6d6a1a443f0d170b70296bcd57910dedf0367876a34a99b", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|f42e725e162d6946d6d6a1a443f0d170b70296bcd57910dedf0367876a34a99b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/pages/TextReaderPage.tsx"}, "region": {"startLine": 599}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12208, "scanner": "repobility-agent-runtime", "fingerprint": "03ee268bd100b0f71601ae83b48e8c1c74746aae27cf6993ec43d11790019578", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|03ee268bd100b0f71601ae83b48e8c1c74746aae27cf6993ec43d11790019578"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/pages/ChatPage.tsx"}, "region": {"startLine": 267}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 12207, "scanner": "repobility-agent-runtime", "fingerprint": "74561c45d69d97c214d655de2bd12713e45338229b270056309cd731add454b9", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|74561c45d69d97c214d655de2bd12713e45338229b270056309cd731add454b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/entrypoint.sh"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12205, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42a10a308929c8a71de9896ddb2098251754c3f6ffd6301ec2232fcb5693274e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0052_add_specialized_buddhist_text_sources.py", "duplicate_line": 312, "correlation_key": "fp|42a10a308929c8a71de9896ddb2098251754c3f6ffd6301ec2232fcb5693274e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0054_ensure_openpecha_source_exists.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12204, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25287259e123daab3888026cf3fe6de70e0aed46cb1749d173e114cad6c08c97", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0031_add_source_distributions_and_priority_sources.py", "duplicate_line": 177, "correlation_key": "fp|25287259e123daab3888026cf3fe6de70e0aed46cb1749d173e114cad6c08c97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0054_ensure_openpecha_source_exists.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12203, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88a5de641219b1b820b3eab14fc102880b4441a4f281f0d0eb7c7241181adaf9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0052_add_specialized_buddhist_text_sources.py", "duplicate_line": 312, "correlation_key": "fp|88a5de641219b1b820b3eab14fc102880b4441a4f281f0d0eb7c7241181adaf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0053_add_more_specialized_buddhist_sources.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "294ac50aeeff67f12f19f0b85883a2b59a736da1d80f5a1dd739d4b4152be021", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0031_add_source_distributions_and_priority_sources.py", "duplicate_line": 174, "correlation_key": "fp|294ac50aeeff67f12f19f0b85883a2b59a736da1d80f5a1dd739d4b4152be021"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0053_add_more_specialized_buddhist_sources.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3db9fc273a827e7b69cbdb1b63d7265be73e9ff7caba995e4aa8c12166c52186", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0031_add_source_distributions_and_priority_sources.py", "duplicate_line": 174, "correlation_key": "fp|3db9fc273a827e7b69cbdb1b63d7265be73e9ff7caba995e4aa8c12166c52186"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0052_add_specialized_buddhist_text_sources.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d573a3ac473390f1184f15ce616865c52921951efa401a6e285589c5510e9bc", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py", "duplicate_line": 179, "correlation_key": "fp|9d573a3ac473390f1184f15ce616865c52921951efa401a6e285589c5510e9bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0046_audit_cleanup_and_new_entries.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2db08f7d67628eab073773c7406bc273c812bfc88c2bbeff5f028ce0af35302c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0033_import_google_discovered_sources.py", "duplicate_line": 287, "correlation_key": "fp|2db08f7d67628eab073773c7406bc273c812bfc88c2bbeff5f028ce0af35302c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0034_import_comprehensive_global_sources.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aced13a48848226e2dbf4aa207e501dea4b799f74d36aeb5e15cf55b4f36b06a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0009_add_ocr_pipeline.py", "duplicate_line": 32, "correlation_key": "fp|aced13a48848226e2dbf4aa207e501dea4b799f74d36aeb5e15cf55b4f36b06a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0013_add_research_notes.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cf47df4e1c139d8de3c43f224254a30ce1f4da2fabb3f150130978cf0dd2430", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0003_add_users.py", "duplicate_line": 22, "correlation_key": "fp|2cf47df4e1c139d8de3c43f224254a30ce1f4da2fabb3f150130978cf0dd2430"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0013_add_research_notes.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12196, "scanner": "repobility-ai-code-hygiene", "fingerprint": "22df408b5b0879b5bd57d1294f0e2278224ba1c4f1f463a9033a29f60a56f9f0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0009_add_ocr_pipeline.py", "duplicate_line": 32, "correlation_key": "fp|22df408b5b0879b5bd57d1294f0e2278224ba1c4f1f463a9033a29f60a56f9f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0012_add_annotations.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12195, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f57f45eb6df9c270d2d2cbed39a925f4e2cd6bec3ab2fb7da995e578828f8b8f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0003_add_users.py", "duplicate_line": 22, "correlation_key": "fp|f57f45eb6df9c270d2d2cbed39a925f4e2cd6bec3ab2fb7da995e578828f8b8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0012_add_annotations.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12194, "scanner": "repobility-ai-code-hygiene", "fingerprint": "843051cd0113c6e9d84e1f321b802d4481d3a718fc4b5ad1ae77cef59c355da3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "backend/alembic/versions/0003_add_users.py", "duplicate_line": 22, "correlation_key": "fp|843051cd0113c6e9d84e1f321b802d4481d3a718fc4b5ad1ae77cef59c355da3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0009_add_ocr_pipeline.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12193, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e1c8727c09dc43b7dd535b1539354a840afe2200c956cbfe1bb025957f4de8b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1e1c8727c09dc43b7dd535b1539354a840afe2200c956cbfe1bb025957f4de8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/validate_persons_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12192, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6ad4783d500175e26b01c90c76ee846f940748bf7380ec3d11f1bfbf991c55fa", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v3", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6ad4783d500175e26b01c90c76ee846f940748bf7380ec3d11f1bfbf991c55fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_amap_temples_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12191, "scanner": "repobility-ai-code-hygiene", "fingerprint": "92ccccf09e2f7c75b9416c450195b5cb46209e94b57e6a290bc2027682d4bd7f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v3", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|92ccccf09e2f7c75b9416c450195b5cb46209e94b57e6a290bc2027682d4bd7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_amap_temples_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12190, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ae9a655adf050388dea7501abc4b17359d57ab36d59d6035ec32aee978cee53", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3ae9a655adf050388dea7501abc4b17359d57ab36d59d6035ec32aee978cee53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_amap_temples_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12189, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60a154fd800cd88248f8a6fa865b30f176715a8444c333e84943373180170647", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|60a154fd800cd88248f8a6fa865b30f176715a8444c333e84943373180170647"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/enrich_dynasty_coords_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12188, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df32504eb7d1e085a8cca824c43366870c54c46a542efd620245226e0aa56e1f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|df32504eb7d1e085a8cca824c43366870c54c46a542efd620245226e0aa56e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/cleanup_noise_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 12187, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72325529b65fc14746f3c3030a29a2e3c3333386752e558a214eb652b9692136", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|72325529b65fc14746f3c3030a29a2e3c3333386752e558a214eb652b9692136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/backfill_person_coords_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12185, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c598e8397c23854b04d584fb2135890b222ec8cdab7c054c7ba6459383eea814", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v3", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "backend/scripts/import_amap_temples.py", "correlation_key": "fp|c598e8397c23854b04d584fb2135890b222ec8cdab7c054c7ba6459383eea814"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_amap_temples_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12184, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e818509631c959038abc1d20b3188b3c4a288e6cdf217fadce693dfd671fa62", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v3", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "backend/scripts/fetch_amap_temples.py", "correlation_key": "fp|4e818509631c959038abc1d20b3188b3c4a288e6cdf217fadce693dfd671fa62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_amap_temples_v3.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12183, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d70560f0f03cb0447dbfaf0647b838c992bbcaf555b64a58c5eba00cb4a1f0f6", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "backend/scripts/fetch_amap_temples.py", "correlation_key": "fp|d70560f0f03cb0447dbfaf0647b838c992bbcaf555b64a58c5eba00cb4a1f0f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_amap_temples_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12182, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bab861ee87ebb28cec278009e30f27c4eb32f7a923f26af63809023a721fd70", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "backend/scripts/enrich_dynasty_coords.py", "correlation_key": "fp|7bab861ee87ebb28cec278009e30f27c4eb32f7a923f26af63809023a721fd70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/enrich_dynasty_coords_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 12179, "scanner": "repobility-ai-code-hygiene", "fingerprint": "723dca7b0305cda266120b825145239831b378306120933816803363f8b8d012", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "backend/scripts/backfill_person_coords.py", "correlation_key": "fp|723dca7b0305cda266120b825145239831b378306120933816803363f8b8d012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/backfill_person_coords_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "QUAL004", "level": "note", "message": {"text": "Placeholder default username (admin/admin)"}, "properties": {"repobilityId": 22069, "scanner": "repobility", "fingerprint": "09fb93b2a63826f9f1688387ead6cb1e", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "changeme", "aljefra_cwe": ["CWE-1392", "CWE-798"], "aljefra_owasp": null, "aljefra_pattern_slug": "placeholder-default-username"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 12250, "scanner": "repobility-docker", "fingerprint": "07b8244fb5a8cb7e8160eb94dfb77af02a473f9ba5fab317704715c28d44e987", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|07b8244fb5a8cb7e8160eb94dfb77af02a473f9ba5fab317704715c28d44e987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 12249, "scanner": "repobility-docker", "fingerprint": "1f758fcf1374dfe22f59ec0a481393e7d811993ab32dcbd63f3d0fbea91490c4", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "frontend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1f758fcf1374dfe22f59ec0a481393e7d811993ab32dcbd63f3d0fbea91490c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "DKC011", "level": "note", "message": {"text": "Database service publishes a loopback host port"}, "properties": {"repobilityId": 12247, "scanner": "repobility-docker", "fingerprint": "da9dab8af3c1ca0ecea3729f2179cabcfac37c1fb6d4960824a5ea57d606b3c5", "category": "docker", "severity": "low", "confidence": 0.58, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Database-like image publishes only loopback host ports.", "evidence": {"ports": [{"raw": "127.0.0.1:3001:3000", "target": "3000", "host_ip": "127.0.0.1", "published": "3001"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "umami", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "loopback", "correlation_key": "fp|da9dab8af3c1ca0ecea3729f2179cabcfac37c1fb6d4960824a5ea57d606b3c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 12245, "scanner": "repobility-docker", "fingerprint": "6bc12399bd75d492670aacaff5354e37bd7fe7154f5bc0b346be77235110e630", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "backend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6bc12399bd75d492670aacaff5354e37bd7fe7154f5bc0b346be77235110e630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 12243, "scanner": "repobility-docker", "fingerprint": "6389576e6e1bd5075a7d97f8f80036b7333a19f097aeb7525370edd46faaa72b", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "backend", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6389576e6e1bd5075a7d97f8f80036b7333a19f097aeb7525370edd46faaa72b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 12241, "scanner": "repobility-docker", "fingerprint": "f34f9d0e67b38513ceb678b214c4eafb7d729620eb38f727fb19fd3e0df1bfbc", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "elasticsearch", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f34f9d0e67b38513ceb678b214c4eafb7d729620eb38f727fb19fd3e0df1bfbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 12239, "scanner": "repobility-docker", "fingerprint": "6965f855fcbb620cbe2686e36eb4193991616aa5f6ed8417393932358b090574", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "postgres", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6965f855fcbb620cbe2686e36eb4193991616aa5f6ed8417393932358b090574"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 12213, "scanner": "repobility-threat-engine", "fingerprint": "eb45729a3a6cc7e2b003dfc530ddb0e43e03d4327dbf2de07148e1276ecea42b", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|117|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/src/components/ForceGraph.tsx"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 12206, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cbed75e4563ed249b6d19f10c4c1ac5a4aed77fa8ac21cb70c6c062a547f1c6", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "_transform_lat", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "backend/scripts/backfill_address_regeo.py", "correlation_key": "fp|9cbed75e4563ed249b6d19f10c4c1ac5a4aed77fa8ac21cb70c6c062a547f1c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/fetch_amap_temples_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12186, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbaff93797b152cf4849ddc1e80786a51f7c48097576d4a2e3c6384cd16e1abd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|fbaff93797b152cf4849ddc1e80786a51f7c48097576d4a2e3c6384cd16e1abd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/validate_persons_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12181, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f616472baa65be9a5bac907449e89da6197b7edf5a843b44448f8ca815f95d8e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f616472baa65be9a5bac907449e89da6197b7edf5a843b44448f8ca815f95d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/cleanup_noise_v2.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12180, "scanner": "repobility-ai-code-hygiene", "fingerprint": "742f6fea91e4968141d7ec5a85ec8d0a31397bdc0320159ea34003e2884a649e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "final", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|742f6fea91e4968141d7ec5a85ec8d0a31397bdc0320159ea34003e2884a649e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/cleanup_final.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC004", "level": "none", "message": {"text": "[SEC004] SQL Injection Risk (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 12234, "scanner": "repobility-threat-engine", "fingerprint": "cc4d26928b4752f348020455c904b41b0906ced1eb18e460e9bf6ee1ce19f3c4", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|cc4d26928b4752f348020455c904b41b0906ced1eb18e460e9bf6ee1ce19f3c4"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12225, "scanner": "repobility-threat-engine", "fingerprint": "0e31f3d43da0e7af3a886bfa3d002f5646e24a93d8cc533228e9e832e4900c70", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|158|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/enrich_dynasty_coords_v2.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12224, "scanner": "repobility-threat-engine", "fingerprint": "3fed8774b359cf8b2718e506096753b6837268582890c4dbc24ca63901f9a145", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "random.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|112|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/enrich_dynasty_coords.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 12223, "scanner": "repobility-threat-engine", "fingerprint": "1db70d35f2245c91df24ed998f751d3d2406175919efdc55dbecce40654fb9ba", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1db70d35f2245c91df24ed998f751d3d2406175919efdc55dbecce40654fb9ba"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 12219, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12215, "scanner": "repobility-threat-engine", "fingerprint": "f3d00c538fec6c41b8f72c93bdf693154a219441b679bd51e0485df0a0212bf8", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "print(\"  DDB_USERNAME and DDB_PASSWORD not configured in .env\")", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|print ddb_username and ddb_password not configured in .env"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_ddb.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12214, "scanner": "repobility-threat-engine", "fingerprint": "a69431bfb5872abfde99cad28bf75ac90a840b28b9a7f60d8e57a425cf74c435", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"Model: {settings.llm_model or 'auto-detect'}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|backend/eval/run_eval.py|23|print f model: settings.llm_model or auto-detect"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/eval/run_eval.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "TEST001", "level": "error", "message": {"text": "Phantom test coverage \u2014 test files without real assertions"}, "properties": {"repobilityId": 19870, "scanner": "repobility", "fingerprint": "d2a11a884d6a7a6c9fc48bce48719ee8", "category": "test_quality", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "test_* without asserts: test_development_warns_on_default", "aljefra_cwe": ["CWE-1126"], "aljefra_owasp": null, "aljefra_pattern_slug": "phantom-test-coverage"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/tests/test_config.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17876, "scanner": "repobility", "fingerprint": "c9956d6d76aa98f5b14ee42c6fc3afbf", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/init_es_index.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "ERRH001", "level": "error", "message": {"text": "Bare except: pass \u2014 silent failure"}, "properties": {"repobilityId": 17875, "scanner": "repobility", "fingerprint": "17d9d28a065ea94af695ce1cea6bf7bc", "category": "error_handling", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "except: pass", "aljefra_cwe": ["CWE-755"], "aljefra_owasp": null, "aljefra_pattern_slug": "bare-except-pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/base_importer.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "CRYP006", "level": "error", "message": {"text": "Crypto \u2014 TLS verification disabled"}, "properties": {"repobilityId": 16239, "scanner": "repobility", "fingerprint": "4bf55546104ceade12b4e05f9968e53c", "category": "crypto", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "verify=False", "aljefra_cwe": ["CWE-295"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "disabled-tls-verify"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/audit_sources.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "CONC001", "level": "error", "message": {"text": "Concurrency \u2014 blocking call inside asyncio coroutine"}, "properties": {"repobilityId": 15750, "scanner": "repobility", "fingerprint": "a58c0ea151d6a1f1bdb9a6654d1b744f", "category": "race_condition", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "blocking urllib.* in async dify_dataset_search", "aljefra_cwe": ["CWE-833"], "aljefra_owasp": null, "aljefra_pattern_slug": "asyncio-blocking-call"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/app/services/dify_retrieval.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 12248, "scanner": "repobility-docker", "fingerprint": "9424187c12ef4e33a793be8b2e4cfcb3d93cb35916e60e440b7ebf39291e8e3a", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "umami", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|9424187c12ef4e33a793be8b2e4cfcb3d93cb35916e60e440b7ebf39291e8e3a", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 12242, "scanner": "repobility-docker", "fingerprint": "895295767f6d911f8479ee2637581dffa5ee5c414cae8838ae5e8d63066d74d7", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "127.0.0.1:${REDIS_PORT:-6379}:6379", "target": "6379", "host_ip": "${REDIS_PORT", "published": "-6379}"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "redis", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|895295767f6d911f8479ee2637581dffa5ee5c414cae8838ae5e8d63066d74d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 12238, "scanner": "repobility-docker", "fingerprint": "eea107239565bcc3fda3501c1875cbdc973a6531c99ca26a4cfe9ce8623e4f3a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|eea107239565bcc3fda3501c1875cbdc973a6531c99ca26a4cfe9ce8623e4f3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frontend/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 12235, "scanner": "repobility-docker", "fingerprint": "ef81dcc65263f22bc846722735dc318d3353c08dc5c2717a31e82ae3e27de93b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ef81dcc65263f22bc846722735dc318d3353c08dc5c2717a31e82ae3e27de93b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 12233, "scanner": "repobility-threat-engine", "fingerprint": "4d8b0fa62aeca87d0111876628144755caf163b4afca067e9240853b83ecff0e", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n            f\"INSERT", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|159|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0045_add_new_sources_tier1_tier2.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 12232, "scanner": "repobility-threat-engine", "fingerprint": "f2ea0c817bd0b6ea022361f1be69e056bf713a38c2b18e7b17ab256a648c531e", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n        f\"UPDATE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|119|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0043_cleanup_candidate_sources.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 12231, "scanner": "repobility-threat-engine", "fingerprint": "7f37854fa72d3ca7431d5f31a648985a956b4544bccd1ad104d43ab97e1b4a69", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".execute(\n            f\"UPDATE", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|39|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 12222, "scanner": "repobility-threat-engine", "fingerprint": "9301062349dc4358aa38ac9f2765fd0ad5752161791ada0cc75851544b66ad9e", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(args.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|66|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_suttacentral_places.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 12221, "scanner": "repobility-threat-engine", "fingerprint": "c2f9f3a34431abe3e057d0aaf243fca311172a0281b26cc8c8d05c66777ef8cf", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(INPUT", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|185|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/enrich_active_in_places.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 12220, "scanner": "repobility-threat-engine", "fingerprint": "da800a113aa6f5c45d21632aa064db6ead11acc28d6c9d70c965e37ee257ca41", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(INPUT", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|38|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_east_asian_temples.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13352, "scanner": "repobility", "fingerprint": "1597ba4a10055b834931821ac412794f", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET region = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0041_reassign_international_source_regions.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13351, "scanner": "repobility", "fingerprint": "0b963604266c8d62342cc4f1b4cf9d98", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0030_deactivate_unreachable_sources.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13350, "scanner": "repobility", "fingerprint": "7eb4c749b3eb5c7b1736a70075a979fe", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0030_deactivate_unreachable_sources.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13349, "scanner": "repobility", "fingerprint": "2d73acff2728dfb8ffcd364e69c83350", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n        sa_text(\"\"\"\n            UPDATE data_sources\n            SET region = substring(description from '^(.+?)", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0019_add_source_access_type.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13348, "scanner": "repobility", "fingerprint": "19f0213863fc3cec92273c1e7b9fba21", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n        sa_text(\n            \"UPDATE data_sources SET sort_order = sort_order + 1 \"\n            \"WHERE region = :region AND sort_order >= 0 AND code != :code\"\n        )", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0074_deactivate_jbf_and_reorder_zojoji.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13347, "scanner": "repobility", "fingerprint": "f12b404f87356884158840bd10f0892c", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{old}' WHERE code = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0049_fix_down_and_moved_source_urls.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13346, "scanner": "repobility", "fingerprint": "1234ae3fe7a7dd7653a87bbf6419d587", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{new}' WHERE code = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0049_fix_down_and_moved_source_urls.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13345, "scanner": "repobility", "fingerprint": "346035450e2f0701db62351cbe3522ef", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET region = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13344, "scanner": "repobility", "fingerprint": "7d61155e7a60a8ceee02e95f0a40b513", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET languages = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13343, "scanner": "repobility", "fingerprint": "ef6f4688808c4a26a74d18977929a96b", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13342, "scanner": "repobility", "fingerprint": "e657a6e8913d952148efb4804db5a81f", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13341, "scanner": "repobility", "fingerprint": "cec3fd2355586db8466a9052d6e460e6", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET languages = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13340, "scanner": "repobility", "fingerprint": "f59083183bc1ca1db52cc51ac45873b0", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET region = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13339, "scanner": "repobility", "fingerprint": "0207f9f578caab227c5ac04fcddb937d", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(f\"DELETE FROM data_sources WHERE code IN ({", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0044_deduplicate_and_fix_data_quality.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13338, "scanner": "repobility", "fingerprint": "2c0f038db4753e7287c094164ea2b3f4", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(f\"DELETE FROM data_sources WHERE code IN ({", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0043_cleanup_candidate_sources.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13337, "scanner": "repobility", "fingerprint": "2e7c20b3c12eae1a299d6e89bcd855f9", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0043_cleanup_candidate_sources.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13336, "scanner": "repobility", "fingerprint": "bb17a3ab372e013f81f29ff63891c249", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0046_audit_cleanup_and_new_entries.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13335, "scanner": "repobility", "fingerprint": "173afc1c597b6050ba8c4cf697a0875a", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0046_audit_cleanup_and_new_entries.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13334, "scanner": "repobility", "fingerprint": "3ac7c5533f022d0d3812d0b59bc6d51a", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(f\"DELETE FROM data_sources WHERE code IN ({", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0046_audit_cleanup_and_new_entries.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13333, "scanner": "repobility", "fingerprint": "4e66ef69280c04b844ef470ace9d79a3", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{old}' WHERE code = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13332, "scanner": "repobility", "fingerprint": "4782465b148bb0b6c171f4993659a03c", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET base_url = '{new}' WHERE code = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0048_fix_https_only_and_stale_urls.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13331, "scanner": "repobility", "fingerprint": "fab11bc590c4d4639a42efc9dd7a090c", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n        f\"UPDATE data_sources SET region = NULL WHERE code IN ({", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0042_set_null_region_sources.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "SQLI001", "level": "error", "message": {"text": "SQL Injection \u2014 string-concat or f-string into execute()"}, "properties": {"repobilityId": 13330, "scanner": "repobility", "fingerprint": "c99c39e7ffef517ae7ba73ef3c4d1808", "category": "injection", "severity": "critical", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "execute(\n            f\"UPDATE data_sources SET region = '{", "aljefra_cwe": ["CWE-89"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "sql-string-concat"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/alembic/versions/0042_set_null_region_sources.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 12246, "scanner": "repobility-docker", "fingerprint": "f22c00a4df9838e0eddf919d01cc36f517e8228bec9dbd0758b35c99ff8ddbc5", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "umami", "variable": "APP_SECRET", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|f22c00a4df9838e0eddf919d01cc36f517e8228bec9dbd0758b35c99ff8ddbc5", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 12244, "scanner": "repobility-docker", "fingerprint": "28fb11164cf540bc04f2be7d6d92340f4e7ba08b18f6466eedde92e5451f1dc2", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "backend", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|28fb11164cf540bc04f2be7d6d92340f4e7ba08b18f6466eedde92e5451f1dc2", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 12240, "scanner": "repobility-docker", "fingerprint": "3d0c1455c7a8c1fa9c5d483e5c796cb7744751a6acb761b11ce29f64931780e3", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|3d0c1455c7a8c1fa9c5d483e5c796cb7744751a6acb761b11ce29f64931780e3", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12228, "scanner": "repobility-threat-engine", "fingerprint": "c6f850e5d645f794ff8bf82df6b24527e87d7413e79fc225672ebe85c50593b8", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://fojin:FoJ1n_Pr0d_2026!sEcUrE@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|22|token secure"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/convert_korean_strict.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12227, "scanner": "repobility-threat-engine", "fingerprint": "9717c0f6d66f818153232d483f8227d72101fc5ab48c612a2754a3ba6ed187c9", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://fojin:FoJ1n_Pr0d_2026!sEcUrE@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|11|token secure"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/backfill_person_coords_v2.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 12226, "scanner": "repobility-threat-engine", "fingerprint": "9241284501ede3dfd0e7e6674b4e0eefa83aba0b96eae1f1475bc2e481127ad3", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://fojin:FoJ1n_Pr0d_2026!sEcUrE@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|token secure"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/scripts/import_amap_temples_v3.py"}, "region": {"startLine": 7}}}]}]}]}