{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `grafana` image uses the latest tag", "shortDescription": {"text": "Compose service `grafana` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 57 more): Same pattern found in 57 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4403", "name": "stdlib: GO-2026-4403", "shortDescription": {"text": "stdlib: GO-2026-4403"}, "fullDescription": {"text": "Improper access to parent directory of root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4342", "name": "stdlib: GO-2026-4342", "shortDescription": {"text": "stdlib: GO-2026-4342"}, "fullDescription": {"text": "Excessive CPU consumption when building archive index in archive/zip"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4341", "name": "stdlib: GO-2026-4341", "shortDescription": {"text": "stdlib: GO-2026-4341"}, "fullDescription": {"text": "Memory exhaustion in query parameter parsing in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4340", "name": "stdlib: GO-2026-4340", "shortDescription": {"text": "stdlib: GO-2026-4340"}, "fullDescription": {"text": "Handshake messages may be processed at the incorrect encryption level in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4337", "name": "stdlib: GO-2026-4337", "shortDescription": {"text": "stdlib: GO-2026-4337"}, "fullDescription": {"text": "Unexpected session resumption in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4175", "name": "stdlib: GO-2025-4175", "shortDescription": {"text": "stdlib: GO-2025-4175"}, "fullDescription": {"text": "Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4155", "name": "stdlib: GO-2025-4155", "shortDescription": {"text": "stdlib: GO-2025-4155"}, "fullDescription": {"text": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4015", "name": "stdlib: GO-2025-4015", "shortDescription": {"text": "stdlib: GO-2025-4015"}, "fullDescription": {"text": "Excessive CPU consumption in Reader.ReadResponse in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4014", "name": "stdlib: GO-2025-4014", "shortDescription": {"text": "stdlib: GO-2025-4014"}, "fullDescription": {"text": "Unbounded allocation when parsing GNU sparse map in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4013", "name": "stdlib: GO-2025-4013", "shortDescription": {"text": "stdlib: GO-2025-4013"}, "fullDescription": {"text": "Panic when validating certificates with DSA public keys in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4012", "name": "stdlib: GO-2025-4012", "shortDescription": {"text": "stdlib: GO-2025-4012"}, "fullDescription": {"text": "Lack of limit when parsing cookies can cause memory exhaustion in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4011", "name": "stdlib: GO-2025-4011", "shortDescription": {"text": "stdlib: GO-2025-4011"}, "fullDescription": {"text": "Parsing DER payload can cause memory exhaustion in encoding/asn1"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4010", "name": "stdlib: GO-2025-4010", "shortDescription": {"text": "stdlib: GO-2025-4010"}, "fullDescription": {"text": "Insufficient validation of bracketed IPv6 hostnames in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4009", "name": "stdlib: GO-2025-4009", "shortDescription": {"text": "stdlib: GO-2025-4009"}, "fullDescription": {"text": "Quadratic complexity when parsing some invalid inputs in encoding/pem"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4008", "name": "stdlib: GO-2025-4008", "shortDescription": {"text": "stdlib: GO-2025-4008"}, "fullDescription": {"text": "ALPN negotiation error contains attacker controlled information in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4007", "name": "stdlib: GO-2025-4007", "shortDescription": {"text": "stdlib: GO-2025-4007"}, "fullDescription": {"text": "Quadratic complexity when checking name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-4006", "name": "stdlib: GO-2025-4006", "shortDescription": {"text": "stdlib: GO-2025-4006"}, "fullDescription": {"text": "Excessive CPU consumption in ParseAddress in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3956", "name": "stdlib: GO-2025-3956", "shortDescription": {"text": "stdlib: GO-2025-3956"}, "fullDescription": {"text": "Unexpected paths returned from LookPath in os/exec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3849", "name": "stdlib: GO-2025-3849", "shortDescription": {"text": "stdlib: GO-2025-3849"}, "fullDescription": {"text": "Incorrect results returned from Rows.Scan in database/sql"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3751", "name": "stdlib: GO-2025-3751", "shortDescription": {"text": "stdlib: GO-2025-3751"}, "fullDescription": {"text": "Sensitive headers not cleared on cross-origin redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3750", "name": "stdlib: GO-2025-3750", "shortDescription": {"text": "stdlib: GO-2025-3750"}, "fullDescription": {"text": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3563", "name": "stdlib: GO-2025-3563", "shortDescription": {"text": "stdlib: GO-2025-3563"}, "fullDescription": {"text": "Request smuggling due to acceptance of invalid chunked data in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3503", "name": "stdlib: GO-2025-3503", "shortDescription": {"text": "stdlib: GO-2025-3503"}, "fullDescription": {"text": "HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3447", "name": "stdlib: GO-2025-3447", "shortDescription": {"text": "stdlib: GO-2025-3447"}, "fullDescription": {"text": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3420", "name": "stdlib: GO-2025-3420", "shortDescription": {"text": "stdlib: GO-2025-3420"}, "fullDescription": {"text": "Sensitive headers incorrectly sent after cross-domain redirect in net/http"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2025-3373", "name": "stdlib: GO-2025-3373", "shortDescription": {"text": "stdlib: GO-2025-3373"}, "fullDescription": {"text": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3107", "name": "stdlib: GO-2024-3107", "shortDescription": {"text": "stdlib: GO-2024-3107"}, "fullDescription": {"text": "Stack exhaustion in Parse in go/build/constraint"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3106", "name": "stdlib: GO-2024-3106", "shortDescription": {"text": "stdlib: GO-2024-3106"}, "fullDescription": {"text": "Stack exhaustion in Decoder.Decode in encoding/gob"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2024-3105", "name": "stdlib: GO-2024-3105", "shortDescription": {"text": "stdlib: GO-2024-3105"}, "fullDescription": {"text": "Stack exhaustion in all Parse functions in go/parser"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5033", "name": "golang.org/x/crypto: GO-2026-5033", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5033"}, "fullDescription": {"text": "Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5023", "name": "golang.org/x/crypto: GO-2026-5023", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5023"}, "fullDescription": {"text": "Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5021", "name": "golang.org/x/crypto: GO-2026-5021", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5021"}, "fullDescription": {"text": "Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5020", "name": "golang.org/x/crypto: GO-2026-5020", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5020"}, "fullDescription": {"text": "Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5019", "name": "golang.org/x/crypto: GO-2026-5019", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5019"}, "fullDescription": {"text": "Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5018", "name": "golang.org/x/crypto: GO-2026-5018", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5018"}, "fullDescription": {"text": "Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5017", "name": "golang.org/x/crypto: GO-2026-5017", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5017"}, "fullDescription": {"text": "Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5016", "name": "golang.org/x/crypto: GO-2026-5016", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5016"}, "fullDescription": {"text": "Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5015", "name": "golang.org/x/crypto: GO-2026-5015", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5015"}, "fullDescription": {"text": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5014", "name": "golang.org/x/crypto: GO-2026-5014", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5014"}, "fullDescription": {"text": "Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5013", "name": "golang.org/x/crypto: GO-2026-5013", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5013"}, "fullDescription": {"text": "Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5006", "name": "golang.org/x/crypto: GO-2026-5006", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5006"}, "fullDescription": {"text": "Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5005", "name": "golang.org/x/crypto: GO-2026-5005", "shortDescription": {"text": "golang.org/x/crypto: GO-2026-5005"}, "fullDescription": {"text": "Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command() \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command() \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `gcr.io/distroless/static-debian12:nonroot` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `gcr.io/distroless/static-debian12:nonroot` not pinned by digest"}, "fullDescription": {"text": "`FROM gcr.io/distroless/static-debian12:nonroot` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "kubernetes-secret-yaml", "name": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments", "shortDescription": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED133", "name": "Hardcoded Slack webhook URL in source", "shortDescription": {"text": "Hardcoded Slack webhook URL in source"}, "fullDescription": {"text": "File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.com/services/INVALID/WEBHOOK/URL...`. Webhook URLs are unauthenticated POST endpoints \u2014 anyone with the URL can send messages. They are also a common data-exfiltration channel for compromised packages (malicious post-install collects env vars + POSTs them)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1197"}, "properties": {"repository": "gma1k/podtrace", "repoUrl": "https://github.com/gma1k/podtrace", "branch": "main"}, "results": [{"ruleId": "DKC007", "level": "warning", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 120468, "scanner": "repobility-docker", "fingerprint": "1419e4eade2f191ad5ee7d37af5f89137a05d527aab6d859309166f60733103d", "category": "docker", "severity": "medium", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal, but this Compose file is under a test/example/local path and needs human confirmation before treating it as production exposure.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "grafana", "variable": "GF_SECURITY_ADMIN_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "reference_or_local", "correlation_key": "fp|1419e4eade2f191ad5ee7d37af5f89137a05d527aab6d859309166f60733103d", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `grafana` image uses the latest tag"}, "properties": {"repobilityId": 120466, "scanner": "repobility-docker", "fingerprint": "6a2d977fcbcccd4820e4239160b566f850f675df2b5be3085d1898ee54213420", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "grafana/grafana:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6a2d977fcbcccd4820e4239160b566f850f675df2b5be3085d1898ee54213420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `prometheus` image uses the latest tag"}, "properties": {"repobilityId": 120463, "scanner": "repobility-docker", "fingerprint": "6e752c5855e032bb0903a74a7c02d5f4d23265ebf5228cc0bad8881dcfeb98c4", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "prom/prometheus:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6e752c5855e032bb0903a74a7c02d5f4d23265ebf5228cc0bad8881dcfeb98c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 120462, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 120446, "scanner": "repobility-threat-engine", "fingerprint": "ac3cb92d962e1b77aa0fc8d081ad3238c700f4466a47089648510d838824816d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tHandler: mux,\n\t\tReadHeaderTimeout: 5 * time.Second,\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac3cb92d962e1b77aa0fc8d081ad3238c700f4466a47089648510d838824816d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agent/runtime.go"}, "region": {"startLine": 227}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 120445, "scanner": "repobility-threat-engine", "fingerprint": "d6765e02ac8ac7e7653a9c0edae202e0197f987d2a70360b686c9118fef5bcf2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tAddr: s.Addr,\n\t\tHandler: mux,\n\t\tReadHeaderTimeout: 5 * time.Se", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d6765e02ac8ac7e7653a9c0edae202e0197f987d2a70360b686c9118fef5bcf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agent/probes.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120469, "scanner": "repobility-docker", "fingerprint": "2b3b998fce56066d80ba123ea2723a559f5cb0506cc5958aa7b9b287aa100046", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2b3b998fce56066d80ba123ea2723a559f5cb0506cc5958aa7b9b287aa100046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120467, "scanner": "repobility-docker", "fingerprint": "c4e0b12d71dc550b71f840fb87c1a539eee01d24df1ebe1dfbae435178ae9017", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c4e0b12d71dc550b71f840fb87c1a539eee01d24df1ebe1dfbae435178ae9017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 120465, "scanner": "repobility-docker", "fingerprint": "0cf5186eeb3b7095ae88397563bec2a713e86428ee38c3fb64ddd0c11f41cf2c", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0cf5186eeb3b7095ae88397563bec2a713e86428ee38c3fb64ddd0c11f41cf2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 120464, "scanner": "repobility-docker", "fingerprint": "3ffc340bcea6a29c2357099482bfb740b4df22578373ab6e9001e542af9a7df8", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3ffc340bcea6a29c2357099482bfb740b4df22578373ab6e9001e542af9a7df8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 120442, "scanner": "repobility-threat-engine", "fingerprint": "6c363e3d42ee8c0aeb5164095ef176d1f8e05497a7aabdd0ed4dab7fb4bad64d", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.Warn(\n\t\t\"SELinux is in Enforcing mode (detected via \" + how + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6c363e3d42ee8c0aeb5164095ef176d1f8e05497a7aabdd0ed4dab7fb4bad64d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/system/checks.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 120441, "scanner": "repobility-threat-engine", "fingerprint": "0ff86cbe11984461bd3fc1c713d7c149e0545a55b4690313c3afd7b5cdd041e2", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Target an application by name; shorthand for --label \"+appNameLabel+\"=.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ff86cbe11984461bd3fc1c713d7c149e0545a55b4690313c3afd7b5cdd041e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/watch.go"}, "region": {"startLine": 46}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 120431, "scanner": "repobility-threat-engine", "fingerprint": "ac5f230ba7b5a3262922d5e5459542572dd448f89aeae4887c7434096964115f", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = fmt.Fprintf(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac5f230ba7b5a3262922d5e5459542572dd448f89aeae4887c7434096964115f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/watch.go"}, "region": {"startLine": 202}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 120430, "scanner": "repobility-threat-engine", "fingerprint": "9026a7db7b3ad5b12b9dae4cdf89afce462397be92e193aac44fd59f47b4b665", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = cmd.MarkFlagRequired(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9026a7db7b3ad5b12b9dae4cdf89afce462397be92e193aac44fd59f47b4b665"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/schedule.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 120429, "scanner": "repobility-threat-engine", "fingerprint": "c53827468896037d38ed13040ae1e1205cc142e03910ebd39549d4a73e00e664", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = r.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c53827468896037d38ed13040ae1e1205cc142e03910ebd39549d4a73e00e664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/diagnose_env.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8470a0ce0145d8012a0f802bce925b4373c355227c5b0e014708950525c59df", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|e8470a0ce0145d8012a0f802bce925b4373c355227c5b0e014708950525c59df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/podtraceschedule.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1e1d04976f502fad3387346b147d79c8591a83d6db5978ae5b86adcc4aad1a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfigspec.go", "duplicate_line": 2, "correlation_key": "fp|b1e1d04976f502fad3387346b147d79c8591a83d6db5978ae5b86adcc4aad1a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/podtracenodestatus.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5593d93aafd893e344e40b046bc932dc6d5188db82b36834ec5dc8c2481bfd1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|d5593d93aafd893e344e40b046bc932dc6d5188db82b36834ec5dc8c2481bfd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/podtracenodestatus.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39aeff8c2975015080a0224fdf5d0d1561c4987b43319b5c816d39d72959c9ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfig.go", "duplicate_line": 2, "correlation_key": "fp|39aeff8c2975015080a0224fdf5d0d1561c4987b43319b5c816d39d72959c9ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/podtrace.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf4218d75cec373f160393e41a5f52c97e442881cc169ec8b216e0e316c4be5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|bf4218d75cec373f160393e41a5f52c97e442881cc169ec8b216e0e316c4be5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/podtrace.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0d2efa0027cb5bee169de0ddbda05bbb9c98a37cb3890f36fd3956f330e69b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfigspec.go", "duplicate_line": 2, "correlation_key": "fp|a0d2efa0027cb5bee169de0ddbda05bbb9c98a37cb3890f36fd3956f330e69b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/otlpexporter.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f27c2904c2bf60e21088fca3417b1371162426f2bc01eb4722c2225617aedd6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|6f27c2904c2bf60e21088fca3417b1371162426f2bc01eb4722c2225617aedd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/otlpexporter.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52d594bc320dc509e28286ad090ef39a74b697d5e8de93bf19191f8b44cb184f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/client/applyconfiguration/api/v1alpha1/agentspec.go", "duplicate_line": 2, "correlation_key": "fp|52d594bc320dc509e28286ad090ef39a74b697d5e8de93bf19191f8b44cb184f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/objectstorereference.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eddb94dbeeef19256e1ac05e9c2053a4d782a66c021078f4ef00fc227d6f2366", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|eddb94dbeeef19256e1ac05e9c2053a4d782a66c021078f4ef00fc227d6f2366"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/objectstorereference.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbb9cae3287c5a18a1134f62b3a23b8e41ccd96948bd1b1631147eec61b5c7a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|cbb9cae3287c5a18a1134f62b3a23b8e41ccd96948bd1b1631147eec61b5c7a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfigstatus.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a137875f89b7994deb766b12d431e4c289f4c2aee500cffb13852db9ecc8c185", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|a137875f89b7994deb766b12d431e4c289f4c2aee500cffb13852db9ecc8c185"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfigspec.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bfcac7154e71f0eff4a69ac3ec2609f413c5b34029cc6e89e1d472fd0448ffe5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|bfcac7154e71f0eff4a69ac3ec2609f413c5b34029cc6e89e1d472fd0448ffe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfig.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7406cee8eae540697aa0db7c6926ca47ec39a905c59ddbbed8e132ef00b8db97", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/v1alpha1/zz_generated.deepcopy.go", "duplicate_line": 1, "correlation_key": "fp|7406cee8eae540697aa0db7c6926ca47ec39a905c59ddbbed8e132ef00b8db97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/agentspec.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b6bb7b7f4005a565af36fdc5d0648f74a2de44292a16ea702427f8a372ce1dc7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/tracing/exporter/jaeger.go", "duplicate_line": 133, "correlation_key": "fp|b6bb7b7f4005a565af36fdc5d0648f74a2de44292a16ea702427f8a372ce1dc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/zipkin.go"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b0b5d40d64a8ed64f4b6a713e957447c98f8a03f86898250e922361d5aa32d7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/tracing/exporter/datadog.go", "duplicate_line": 47, "correlation_key": "fp|8b0b5d40d64a8ed64f4b6a713e957447c98f8a03f86898250e922361d5aa32d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/zipkin.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8feea90db441115fc594514bafc13597e8a21f0757f3f79bb87dbfaa35441243", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/tracing/exporter/datadog.go", "duplicate_line": 47, "correlation_key": "fp|8feea90db441115fc594514bafc13597e8a21f0757f3f79bb87dbfaa35441243"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/splunk.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f21db6acc1f8ed1307bc483e1ff47d542162add0e2df0465ec3e928f153546a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/tracing/exporter/datadog.go", "duplicate_line": 47, "correlation_key": "fp|8f21db6acc1f8ed1307bc483e1ff47d542162add0e2df0465ec3e928f153546a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/jaeger.go"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c85cc1164d2b1e173f2ba92cbd28872778521d1977e6105a2b421276884fd41a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/ldsoconf/ldsoconf.go", "duplicate_line": 27, "correlation_key": "fp|c85cc1164d2b1e173f2ba92cbd28872778521d1977e6105a2b421276884fd41a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/procfs/procfs.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "837106b3c58f6f6bea146c0d2f715f37c0eb9852778a00787c00c6203e1bedeb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/kubernetes/pod.go", "duplicate_line": 95, "correlation_key": "fp|837106b3c58f6f6bea146c0d2f715f37c0eb9852778a00787c00c6203e1bedeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/kubernetes/target_registry.go"}, "region": {"startLine": 231}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b444c46d767ebabcc81c5516c1e77b45ad89d2d807621a78b49c926bfd1ac6cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/diagnose/detector/issues.go", "duplicate_line": 52, "correlation_key": "fp|b444c46d767ebabcc81c5516c1e77b45ad89d2d807621a78b49c926bfd1ac6cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/events/events.go"}, "region": {"startLine": 368}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ec541e1b42e5518363030edbce0488675c541e0bb83fc9fae618f4f86165575", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/diagnose/analyzer/dns.go", "duplicate_line": 24, "correlation_key": "fp|3ec541e1b42e5518363030edbce0488675c541e0bb83fc9fae618f4f86165575"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/diagnose/analyzer/tls.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1db8332a8c2813b2eabad9cf3608e0103d92fec126f733b27b8414427f54c0ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/diagnose/analyzer/network.go", "duplicate_line": 55, "correlation_key": "fp|1db8332a8c2813b2eabad9cf3608e0103d92fec126f733b27b8414427f54c0ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/diagnose/analyzer/tls.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0b44f9aa388b7f600de5997f42b75e74ec8e526ce4740cc1f8c4f75159ee84d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/diagnose/analyzer/dns.go", "duplicate_line": 24, "correlation_key": "fp|f0b44f9aa388b7f600de5997f42b75e74ec8e526ce4740cc1f8c4f75159ee84d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/diagnose/analyzer/network.go"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120401, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72d16714c363423b3fe1ff2424715cedb4c96aa85762dc985b9f7425aa839959", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/alerting/splunk.go", "duplicate_line": 99, "correlation_key": "fp|72d16714c363423b3fe1ff2424715cedb4c96aa85762dc985b9f7425aa839959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/webhook.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33585f6eff3b395499c218424fc3d3847401897d9187eb4689cdcceff530e413", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/alerting/slack.go", "duplicate_line": 1, "correlation_key": "fp|33585f6eff3b395499c218424fc3d3847401897d9187eb4689cdcceff530e413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/webhook.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97ed502812b67999268ad104a4ce08c744055e9a6ae29e8602a19c5591862588", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/alerting/slack.go", "duplicate_line": 1, "correlation_key": "fp|97ed502812b67999268ad104a4ce08c744055e9a6ae29e8602a19c5591862588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/splunk.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1dab284d1baae84de56c6bbbd01b8346d9af4992d899b3ae10774855efb3a74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/podtrace/schedule.go", "duplicate_line": 82, "correlation_key": "fp|f1dab284d1baae84de56c6bbbd01b8346d9af4992d899b3ae10774855efb3a74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/watch.go"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77e2b164ae67ae5e7bf4e5e8547a96a760683ce337f34c56dcbc5bc445e4461c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bpf/filesystem.c", "duplicate_line": 159, "correlation_key": "fp|77e2b164ae67ae5e7bf4e5e8547a96a760683ce337f34c56dcbc5bc445e4461c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bpf/syscalls.c"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25a888f68fb0ccc2e4e60f03e3bf2172eb02ec48843cc7da445ad675e1bb5971", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bpf/filesystem.c", "duplicate_line": 45, "correlation_key": "fp|25a888f68fb0ccc2e4e60f03e3bf2172eb02ec48843cc7da445ad675e1bb5971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bpf/network.c"}, "region": {"startLine": 196}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 120395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e34f467576aed1b080d76f285d578b4d6c0178a1e56a83b43c7e5b31b455c86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bpf/cpu.c", "duplicate_line": 86, "correlation_key": "fp|9e34f467576aed1b080d76f285d578b4d6c0178a1e56a83b43c7e5b31b455c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bpf/filesystem.c"}, "region": {"startLine": 35}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 120460, "scanner": "repobility-docker", "fingerprint": "d355741b966c29a9572db460c7a44d9ce42742963f36da7c68bcca8a65d629b7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "golang:${GO_VERSION}-${DEBIAN_RELEASE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d355741b966c29a9572db460c7a44d9ce42742963f36da7c68bcca8a65d629b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 120458, "scanner": "repobility-threat-engine", "fingerprint": "1973f3d1afc5767a8ea0f3c424f96099b15a3a0f79f86c59045ae57fdde455b5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1973f3d1afc5767a8ea0f3c424f96099b15a3a0f79f86c59045ae57fdde455b5", "aggregated_count": 14}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 120457, "scanner": "repobility-threat-engine", "fingerprint": "e1dd4d8dd69b73e38528f90c39851a56002a35df16e928aa907d0638ec83f758", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1dd4d8dd69b73e38528f90c39851a56002a35df16e928aa907d0638ec83f758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/otlpexporter.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 120456, "scanner": "repobility-threat-engine", "fingerprint": "e7c45984a863ecee770a4c20bcc46e0e5d314d6a171dd366a1ffdfcbdbcecb3c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7c45984a863ecee770a4c20bcc46e0e5d314d6a171dd366a1ffdfcbdbcecb3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfigstatus.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 120455, "scanner": "repobility-threat-engine", "fingerprint": "193e573e3f894905baec0964d024822294939284b141042e8151300e7ab6e9ca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|193e573e3f894905baec0964d024822294939284b141042e8151300e7ab6e9ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/exporterconfig.go"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "properties": {"repobilityId": 120453, "scanner": "repobility-threat-engine", "fingerprint": "340fd33ba7ca6f1877768089794cd94f3caa95698e6ea94e3fc0a7cb06b8e7c9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|340fd33ba7ca6f1877768089794cd94f3caa95698e6ea94e3fc0a7cb06b8e7c9", "aggregated_count": 57}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120452, "scanner": "repobility-threat-engine", "fingerprint": "8205cf029c0ff556f72fa7b922b222cc15db625666ad9e5e63ec7a52b4d2c2be", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8205cf029c0ff556f72fa7b922b222cc15db625666ad9e5e63ec7a52b4d2c2be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/client/applyconfiguration/api/v1alpha1/agentspec.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120451, "scanner": "repobility-threat-engine", "fingerprint": "b3e715e58d67e5527797c7981bd6762671a6617f9c1e2f3eae4abfa87dba654f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3e715e58d67e5527797c7981bd6762671a6617f9c1e2f3eae4abfa87dba654f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/otlp.go"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 120450, "scanner": "repobility-threat-engine", "fingerprint": "ae9e20a3e4025c07d6d29209579b7fb948d76b5e31efbcaac91a568a0724ff10", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae9e20a3e4025c07d6d29209579b7fb948d76b5e31efbcaac91a568a0724ff10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/profiling/profiler.go"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 120440, "scanner": "repobility-threat-engine", "fingerprint": "eaf9bb4351ef42bcd10cae28e6daf443fbfc30cca2c911de2dcf0dc7abc9c3ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eaf9bb4351ef42bcd10cae28e6daf443fbfc30cca2c911de2dcf0dc7abc9c3ca", "aggregated_count": 10}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 120436, "scanner": "repobility-threat-engine", "fingerprint": "467445591c904ea508a5f3125ae98022a143d2e40e6a0577ec8189604731b64b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|467445591c904ea508a5f3125ae98022a143d2e40e6a0577ec8189604731b64b", "aggregated_count": 13}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 120435, "scanner": "repobility-threat-engine", "fingerprint": "f4ef37dd98d75f0285d9b6b96a914a24b32e48bc4b46dfa906ac686a3171e4ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4ef37dd98d75f0285d9b6b96a914a24b32e48bc4b46dfa906ac686a3171e4ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/agent/otlp_event_exporter.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 120434, "scanner": "repobility-threat-engine", "fingerprint": "a9613906c7f92e931f2a3151bf3b675bc9d82dedd9b92cd381ca3e81fd98536a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9613906c7f92e931f2a3151bf3b675bc9d82dedd9b92cd381ca3e81fd98536a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/watch.go"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 120433, "scanner": "repobility-threat-engine", "fingerprint": "6fc16f7d4b842ccb0a1de8020ab86dcf5c6bf6539329e128e557d89a5d69bb2c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6fc16f7d4b842ccb0a1de8020ab86dcf5c6bf6539329e128e557d89a5d69bb2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/report_uploader.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "properties": {"repobilityId": 120432, "scanner": "repobility-threat-engine", "fingerprint": "70dec6414c7f912580368fbc1234024431e06a0c1827adee21b56950a8a05fa1", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|70dec6414c7f912580368fbc1234024431e06a0c1827adee21b56950a8a05fa1"}}}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 120533, "scanner": "osv-scanner", "fingerprint": "7ecb831438c65961b56d89306ca4167282ce2e85bd3004a237d7cf1a2885c79d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42507", "CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 120532, "scanner": "osv-scanner", "fingerprint": "5e9d791b7a067a2592b01042e7e72643c4bcfa781427bddea270d07d8b9a97d1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42504", "CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 120531, "scanner": "osv-scanner", "fingerprint": "1e72faf101b40c03ce3bee666285bcc0c9c2e164b772dee71aaecd84df6e2c45", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27145", "CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 120530, "scanner": "osv-scanner", "fingerprint": "4baf1bd86e6b3759078bf0cac33ff9fd939e8043c831cde6ac92ff62196b1f5e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 120529, "scanner": "osv-scanner", "fingerprint": "19dd3b9cf5c8402b5442861f2a9579b516fb3c2dd926091e3ff7081598a091f7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 120528, "scanner": "osv-scanner", "fingerprint": "3af96e6cd3d2e02586d3f066d465bacf57dd7b16ec7e441a0561e2631c786209", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 120527, "scanner": "osv-scanner", "fingerprint": "f7c24f3fcb7c2846a2ead50e4662d65a6db3b876ea828d5aa24ff81ded0647f0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 120526, "scanner": "osv-scanner", "fingerprint": "2d8c25f7e7ea31c0ee3e8e208d036b7b1822cfe52e9aed215bf37875c7475275", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 120525, "scanner": "osv-scanner", "fingerprint": "ceb129aa9eaa919418532157945832adeef153e3a6edf8e07bed5061e57fe1ef", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 120524, "scanner": "osv-scanner", "fingerprint": "2b1bfebffe2ab2777cd29b2889522275c8381b574b1a01019f5e21a804fa2c54", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 120523, "scanner": "osv-scanner", "fingerprint": "f359645f7340e870f060c218bac0e671f589739b36fb7952690c80ebfac60715", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 120522, "scanner": "osv-scanner", "fingerprint": "80918f535cc807ba8488d4d0834833c95755d51d1057138c4c9b5f39a228020f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 120521, "scanner": "osv-scanner", "fingerprint": "189b59361e62b8c6a45b7ae8bfac367b34a33ad24942b34f7d4e061e19ba8b4e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 120520, "scanner": "osv-scanner", "fingerprint": "5112ba9383e559f608f0212ed7993b26789687ae531b14cb70869356f5e2357a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 120519, "scanner": "osv-scanner", "fingerprint": "683797df0b10623c43ae292597c26f61bf06d03c383be9e2d36e06a1ab756f71", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 120518, "scanner": "osv-scanner", "fingerprint": "43116ace5e508a1c6f5423d144efce4b2c744d9db8196fff3d257917a98d9a66", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 120517, "scanner": "osv-scanner", "fingerprint": "ba28ed9e1faeca5e9ab247097ac9ee1f0f51c661e068e4775ccacc54f1a8d016", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 120516, "scanner": "osv-scanner", "fingerprint": "b8efb381cfeeae9b96d4929ac9d80eef13e9fcc6131e6c7d58f7be0f17a5799e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 120515, "scanner": "osv-scanner", "fingerprint": "4f6dfcd05c353b8ea952ba95973113d6c78e08c5dcde799e6088ae6d65ee1a58", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 120514, "scanner": "osv-scanner", "fingerprint": "8a0661baced3f5ca05dea1d33140d55b9e95c5cb1d18f2693c1dd793a09ebe3a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4403", "level": "error", "message": {"text": "stdlib: GO-2026-4403"}, "properties": {"repobilityId": 120513, "scanner": "osv-scanner", "fingerprint": "0dfefa269c9ad95825a392051f27ee6d5d3d1b0d47e125259a17bed055b36929", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22873", "CVE-2025-22873"], "package": "stdlib", "rule_id": "GO-2026-4403", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22873|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4342", "level": "error", "message": {"text": "stdlib: GO-2026-4342"}, "properties": {"repobilityId": 120512, "scanner": "osv-scanner", "fingerprint": "e5229cc7f08c9823f0af390952a213ca51d09215ae8926ad879cecc4d5ad868d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61728", "CVE-2025-61728"], "package": "stdlib", "rule_id": "GO-2026-4342", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61728|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4341", "level": "error", "message": {"text": "stdlib: GO-2026-4341"}, "properties": {"repobilityId": 120511, "scanner": "osv-scanner", "fingerprint": "b4061ff301e1952a20bf0ffbb493f4a6e3e86d9d84706514be271c2216882a49", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61726", "CVE-2025-61726"], "package": "stdlib", "rule_id": "GO-2026-4341", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61726|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4340", "level": "error", "message": {"text": "stdlib: GO-2026-4340"}, "properties": {"repobilityId": 120510, "scanner": "osv-scanner", "fingerprint": "e9adc9a995bf7ab31f1641c92a76ba6526c80effc4c023988a9078740fd7808a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61730", "CVE-2025-61730"], "package": "stdlib", "rule_id": "GO-2026-4340", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61730|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4337", "level": "error", "message": {"text": "stdlib: GO-2026-4337"}, "properties": {"repobilityId": 120509, "scanner": "osv-scanner", "fingerprint": "06748af08073b7f347fa38bd1f6e7ce3e0b093e8a48a5976f830b31ec6f8d771", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-68121", "CVE-2025-68121"], "package": "stdlib", "rule_id": "GO-2026-4337", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-68121|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4175", "level": "error", "message": {"text": "stdlib: GO-2025-4175"}, "properties": {"repobilityId": 120508, "scanner": "osv-scanner", "fingerprint": "9c28904285da2c8e8b37af03a27dad21d82e930154ef472f5de84f16f7cec923", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61727", "CVE-2025-61727"], "package": "stdlib", "rule_id": "GO-2025-4175", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61727|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4155", "level": "error", "message": {"text": "stdlib: GO-2025-4155"}, "properties": {"repobilityId": 120507, "scanner": "osv-scanner", "fingerprint": "1f68fb5b3b59e768cc74ef79bafa4193127159549efbdc6be159d183979d4507", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61729", "CVE-2025-61729"], "package": "stdlib", "rule_id": "GO-2025-4155", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61729|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4015", "level": "error", "message": {"text": "stdlib: GO-2025-4015"}, "properties": {"repobilityId": 120506, "scanner": "osv-scanner", "fingerprint": "69fbd8f99abdc746eafe26d9b713aadaa0d04858e383870c83dd782725fbe469", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61724", "CVE-2025-61724"], "package": "stdlib", "rule_id": "GO-2025-4015", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61724|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4014", "level": "error", "message": {"text": "stdlib: GO-2025-4014"}, "properties": {"repobilityId": 120505, "scanner": "osv-scanner", "fingerprint": "a8d18f6c0d20cd64ed1c1708e4733b9cffd8b065bb0a29949ac4e361d94fa20a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58183", "CVE-2025-58183"], "package": "stdlib", "rule_id": "GO-2025-4014", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58183|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4013", "level": "error", "message": {"text": "stdlib: GO-2025-4013"}, "properties": {"repobilityId": 120504, "scanner": "osv-scanner", "fingerprint": "9e3d94931240a84c3a0b7d3c131d337ae037f4ad77d639c914f3e9ec03032691", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58188", "CVE-2025-58188"], "package": "stdlib", "rule_id": "GO-2025-4013", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58188|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4012", "level": "error", "message": {"text": "stdlib: GO-2025-4012"}, "properties": {"repobilityId": 120503, "scanner": "osv-scanner", "fingerprint": "66206a86bdbb865dfafecc6619cd63ed8ed606beb8986d7a241b05f1b2cbc21c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58186", "CVE-2025-58186"], "package": "stdlib", "rule_id": "GO-2025-4012", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58186|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4011", "level": "error", "message": {"text": "stdlib: GO-2025-4011"}, "properties": {"repobilityId": 120502, "scanner": "osv-scanner", "fingerprint": "a29161a031523974232e7def27c7a4691b55093a337616fff6b27c1666cbbd87", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58185", "CVE-2025-58185"], "package": "stdlib", "rule_id": "GO-2025-4011", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58185|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4010", "level": "error", "message": {"text": "stdlib: GO-2025-4010"}, "properties": {"repobilityId": 120501, "scanner": "osv-scanner", "fingerprint": "c5b797b623f4141ba8ac8df05e15a895a39c4d389e60cd12d9d7bfeda442a652", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47912", "CVE-2025-47912"], "package": "stdlib", "rule_id": "GO-2025-4010", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47912|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4009", "level": "error", "message": {"text": "stdlib: GO-2025-4009"}, "properties": {"repobilityId": 120500, "scanner": "osv-scanner", "fingerprint": "b0f386e182278fba7b1fdf77a9f1e9c469d3099733282017edbda675727066c3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61723", "CVE-2025-61723"], "package": "stdlib", "rule_id": "GO-2025-4009", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61723|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4008", "level": "error", "message": {"text": "stdlib: GO-2025-4008"}, "properties": {"repobilityId": 120499, "scanner": "osv-scanner", "fingerprint": "7b1902429a225a79b6deee5e717d50158efcebc1bc8f216c6f3bad442dc01660", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58189", "CVE-2025-58189"], "package": "stdlib", "rule_id": "GO-2025-4008", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58189|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4007", "level": "error", "message": {"text": "stdlib: GO-2025-4007"}, "properties": {"repobilityId": 120498, "scanner": "osv-scanner", "fingerprint": "0437a06a074b114d7272b00877a010db2ec1c20d33f35d46406f2ff5c20e79c1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-58187", "CVE-2025-58187"], "package": "stdlib", "rule_id": "GO-2025-4007", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-58187|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-4006", "level": "error", "message": {"text": "stdlib: GO-2025-4006"}, "properties": {"repobilityId": 120497, "scanner": "osv-scanner", "fingerprint": "de1af5cde7597228ee1f4515c872a6d8845cb245b0f93904c748f2a0fef0973a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-61725", "CVE-2025-61725"], "package": "stdlib", "rule_id": "GO-2025-4006", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-61725|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3956", "level": "error", "message": {"text": "stdlib: GO-2025-3956"}, "properties": {"repobilityId": 120496, "scanner": "osv-scanner", "fingerprint": "992380027ab2ed60e8e3cb4df96175efef6c44e0e3b693a58f0f4d224f847768", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47906", "CVE-2025-47906"], "package": "stdlib", "rule_id": "GO-2025-3956", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47906|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3849", "level": "error", "message": {"text": "stdlib: GO-2025-3849"}, "properties": {"repobilityId": 120495, "scanner": "osv-scanner", "fingerprint": "4ecad80fb2c4f146fc7894741486bd075dcf723ffd88bdb22f2a4c22a4d0829e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-47907", "CVE-2025-47907"], "package": "stdlib", "rule_id": "GO-2025-3849", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-47907|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3751", "level": "error", "message": {"text": "stdlib: GO-2025-3751"}, "properties": {"repobilityId": 120494, "scanner": "osv-scanner", "fingerprint": "7d66000535aa2a94c56c208963ab6ab8270219809a746e2951481e514f6c3ff3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-4673", "CVE-2025-4673"], "package": "stdlib", "rule_id": "GO-2025-3751", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-4673|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3750", "level": "error", "message": {"text": "stdlib: GO-2025-3750"}, "properties": {"repobilityId": 120493, "scanner": "osv-scanner", "fingerprint": "515a9a3e44d86bbb3a802a7d4aa686bc1d0cc2b5aa4890686aaeaf3b4220c98a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-0913", "CVE-2025-0913"], "package": "stdlib", "rule_id": "GO-2025-3750", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-0913|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3563", "level": "error", "message": {"text": "stdlib: GO-2025-3563"}, "properties": {"repobilityId": 120492, "scanner": "osv-scanner", "fingerprint": "829b35fd13384e2a45c0765f3b464f92be5918ce97d3e5604d883e5819104b92", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22871", "CVE-2025-22871", "GHSA-g9pc-8g42-g6vq"], "package": "stdlib", "rule_id": "GO-2025-3563", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22871|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3503", "level": "error", "message": {"text": "stdlib: GO-2025-3503"}, "properties": {"repobilityId": 120491, "scanner": "osv-scanner", "fingerprint": "e37a52fc1baf0bf9c4aa869319a3e4991520e8490804bf97f7fbfa7339768f47", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2025-22870", "GHSA-qxp5-gwg8-xv66"], "package": "stdlib", "rule_id": "GO-2025-3503", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22870|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3447", "level": "error", "message": {"text": "stdlib: GO-2025-3447"}, "properties": {"repobilityId": 120490, "scanner": "osv-scanner", "fingerprint": "c476891fbc1332698f21c8fd1d977b872a4df4597fce7e47affcede73f26008d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2025-22866", "CVE-2025-22866"], "package": "stdlib", "rule_id": "GO-2025-3447", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2025-22866|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3420", "level": "error", "message": {"text": "stdlib: GO-2025-3420"}, "properties": {"repobilityId": 120489, "scanner": "osv-scanner", "fingerprint": "20a2c5cb5256823959d79f66ccba00e31c91dbb6926fb4077c6c525fdfc3b325", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45336", "CVE-2024-45336"], "package": "stdlib", "rule_id": "GO-2025-3420", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45336|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2025-3373", "level": "error", "message": {"text": "stdlib: GO-2025-3373"}, "properties": {"repobilityId": 120488, "scanner": "osv-scanner", "fingerprint": "457f34f7ae0ab4c091d266168312cfda6fc2914d36fbbe93b8cfc578f638e752", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-45341", "CVE-2024-45341"], "package": "stdlib", "rule_id": "GO-2025-3373", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-45341|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3107", "level": "error", "message": {"text": "stdlib: GO-2024-3107"}, "properties": {"repobilityId": 120487, "scanner": "osv-scanner", "fingerprint": "47557a0d94a380071ee690a51ee892b8a4a72c48dffd274c6a26022ed8d962fe", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34158", "CVE-2024-34158"], "package": "stdlib", "rule_id": "GO-2024-3107", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34158|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3106", "level": "error", "message": {"text": "stdlib: GO-2024-3106"}, "properties": {"repobilityId": 120486, "scanner": "osv-scanner", "fingerprint": "897a0bec27070b7e32401744a14e5c3640e26690afd56cace3c2e8502a719868", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34156", "CVE-2024-34156"], "package": "stdlib", "rule_id": "GO-2024-3106", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34156|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2024-3105", "level": "error", "message": {"text": "stdlib: GO-2024-3105"}, "properties": {"repobilityId": 120485, "scanner": "osv-scanner", "fingerprint": "2afcb4bfe6b7fc1cc82fec7a8eed27b54aa22b5c6c7b19a7a8bdcf5a60e57a4b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2024-34155", "CVE-2024-34155"], "package": "stdlib", "rule_id": "GO-2024-3105", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2024-34155|test/pool-test/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/pool-test/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5033", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5033"}, "properties": {"repobilityId": 120484, "scanner": "osv-scanner", "fingerprint": "ad1d47a6aef958448f22a42c2d60392dc7008e25932b619f84e66221eb131e95", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46598"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5033", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46598|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5023", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5023"}, "properties": {"repobilityId": 120483, "scanner": "osv-scanner", "fingerprint": "2d612844c17f0f3569717978b60331059540fefc1c2346e38678f12228b2ebdb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46595"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5023", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46595|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5021", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5021"}, "properties": {"repobilityId": 120482, "scanner": "osv-scanner", "fingerprint": "9cfea8adee448a2428e663f481c352e77e2cd449655562d5b118efedfb7da4f8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42508"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5021", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-42508|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5020", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5020"}, "properties": {"repobilityId": 120481, "scanner": "osv-scanner", "fingerprint": "93b646b3920c3a2193a1efdebfdfa5196ce3475c1dc5bae6355a6e1f9cbf460a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39834"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5020", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39834|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5019", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5019"}, "properties": {"repobilityId": 120480, "scanner": "osv-scanner", "fingerprint": "345537a037a5b3177ae140a9e9c405ec64da8434ead8931918ec7573a6ce20b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39831"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5019", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39831|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5018", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5018"}, "properties": {"repobilityId": 120479, "scanner": "osv-scanner", "fingerprint": "949f77a9611832376c508d55bf01659a712274ac105d24e504e15dd5e1dbf16f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39829"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5018", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39829|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5017", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5017"}, "properties": {"repobilityId": 120478, "scanner": "osv-scanner", "fingerprint": "2930f2404722144c851cb9051c8ebf92002718de31c8d9fd7a648ca0f2ef6ada", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39830"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5017", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39830|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5016", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5016"}, "properties": {"repobilityId": 120477, "scanner": "osv-scanner", "fingerprint": "ac67bbb6c13f69fe38c8bbe16cf8fe7e2ed0ab66e0c5b15dba53f20834fe3d86", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39827"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5016", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39827|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5015", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5015"}, "properties": {"repobilityId": 120476, "scanner": "osv-scanner", "fingerprint": "2e502398ad2ca483c07bc43556f4c4eb205c7761c2c9cd89d2d1aee4f087438f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39835"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5015", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39835|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5014", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5014"}, "properties": {"repobilityId": 120475, "scanner": "osv-scanner", "fingerprint": "8daae6fef532b43e67fa01a55acbd01bab03899e2f5d4ad247bee8e8442024dd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39828"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5014", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39828|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5013", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5013"}, "properties": {"repobilityId": 120474, "scanner": "osv-scanner", "fingerprint": "ccaa102abe73278dc6503207bd926859d7ba8955ec415d747a72b6b58b6a3dc3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-46597"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5013", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-46597|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5006", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5006"}, "properties": {"repobilityId": 120473, "scanner": "osv-scanner", "fingerprint": "8b88451b530e190692c439835073029a47d5722b48b6a00ddb5e3369824775a2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39832"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5006", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39832|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5005", "level": "error", "message": {"text": "golang.org/x/crypto: GO-2026-5005"}, "properties": {"repobilityId": 120472, "scanner": "osv-scanner", "fingerprint": "ae98cdae0aac80f7b5a30a91f9180936ed79f348030d056d429d20e8b082f033", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39833"], "package": "golang.org/x/crypto", "rule_id": "GO-2026-5005", "scanner": "osv-scanner", "correlation_key": "vuln|golang.org/x/crypto|CVE-2026-39833|go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 120461, "scanner": "repobility-docker", "fingerprint": "d94709b20b721552d8b3a9802747b9ff2d4d6bcaa24aa5e48e40cf9cd625d585", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d94709b20b721552d8b3a9802747b9ff2d4d6bcaa24aa5e48e40cf9cd625d585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 120454, "scanner": "repobility-threat-engine", "fingerprint": "baa2aca36006a42da7fdf3eb79b32d1b3b0651e9b4752993accd6df494569bd8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|baa2aca36006a42da7fdf3eb79b32d1b3b0651e9b4752993accd6df494569bd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/tracing/exporter/otlp.go"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120449, "scanner": "repobility-threat-engine", "fingerprint": "3e4db0d947fe26c9a0534d5ac3981ccb253bf179748598b9a9aabdc6e1f709e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sr.endpointCache.Delete(cacheKey)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e4db0d947fe26c9a0534d5ac3981ccb253bf179748598b9a9aabdc6e1f709e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/kubernetes/service_resolver.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 120448, "scanner": "repobility-threat-engine", "fingerprint": "5297e42d0d8fc35746899b6093951f70fc0b0b9af2c961d3243c44d41fa59e4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ce.podCache.Delete(ip)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5297e42d0d8fc35746899b6093951f70fc0b0b9af2c961d3243c44d41fa59e4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/kubernetes/enricher.go"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command() \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 120447, "scanner": "repobility-threat-engine", "fingerprint": "7b36b78a0fac0e5bccb4e2d3e66bfb8950811efcd276304f91cae6bf3228a745", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(timeoutCtx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b36b78a0fac0e5bccb4e2d3e66bfb8950811efcd276304f91cae6bf3228a745"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/diagnose/stacktrace/stacktrace.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 120444, "scanner": "repobility-threat-engine", "fingerprint": "fbab362bf30f1d9335404aa9574eb89043983c8585e10e71b49f8cd05331fb92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fbab362bf30f1d9335404aa9574eb89043983c8585e10e71b49f8cd05331fb92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/inject-crd-annotations.sh"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 120443, "scanner": "repobility-threat-engine", "fingerprint": "5d4b6928049fc3881fe216f496a98b3e8bb4080689f043cecf5837c59bce6ed1", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(\n r\"^(\\s+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|99|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hack/inject-crd-annotations.sh"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 120439, "scanner": "repobility-threat-engine", "fingerprint": "9025a09c3599a0b26128af8e7ea4a8b3b6b6eb7674d96fc1a697cd791c4e0839", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9025a09c3599a0b26128af8e7ea4a8b3b6b6eb7674d96fc1a697cd791c4e0839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/watch.go"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 120438, "scanner": "repobility-threat-engine", "fingerprint": "a40dcd128dcf1cbf3dd069f51c65032f839fdf5d049f2d1d7859d26878d2b467", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a40dcd128dcf1cbf3dd069f51c65032f839fdf5d049f2d1d7859d26878d2b467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/session_sink.go"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 120437, "scanner": "repobility-threat-engine", "fingerprint": "455138ff05e071115bdf7ef804fb2c2910bdbd654f947b1b0cec748904e15173", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|455138ff05e071115bdf7ef804fb2c2910bdbd654f947b1b0cec748904e15173"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/podtrace/schedule.go"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `gcr.io/distroless/static-debian12:nonroot` not pinned by digest"}, "properties": {"repobilityId": 120425, "scanner": "repobility-supply-chain", "fingerprint": "8e38f09c08cff34665b6a14e8bb54097eab6973cf4312154b932686b54c016a1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e38f09c08cff34665b6a14e8bb54097eab6973cf4312154b932686b54c016a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 67}}}]}, {"ruleId": "kubernetes-secret-yaml", "level": "error", "message": {"text": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"}, "properties": {"repobilityId": 120471, "scanner": "gitleaks", "fingerprint": "fff0ad1222fce6f306ac0c48cc5780c501c127b0d9b7752f67fd6cf09478d2a9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "kind: Secret\nmetadata:\n namespace: podtrace-system\n labels:\n podtrace.io/managed-by: podtrace-operator\n podtrace.io/component: exporter-bundle\n podtrace.io/exporter-config: rotation-dd\ndata:\n # base64(\"rotated-key\")\n REDACTED", "rule_id": "kubernetes-secret-yaml", "scanner": "gitleaks", "detector": "kubernetes-secret-yaml", "correlation_key": "secret|token|1|kind: secret metadata: namespace: podtrace-system labels: podtrace.io/managed-by: podtrace-operator podtrace.io/componen", "duplicate_count": 1, "duplicate_rule_ids": ["kubernetes-secret-yaml"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["cfb11f38fe7a04f249954f1cd4005d51b76a072e7034625f06d1a399b0ea02a7", "fff0ad1222fce6f306ac0c48cc5780c501c127b0d9b7752f67fd6cf09478d2a9"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/chainsaw/tests/exporter-credential-rotation/assert-rotated-credential.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 120470, "scanner": "gitleaks", "fingerprint": "08a208cb6373a0223c2596f36cd874c5f6d2cc585f14b1e2de34786fa3ba5798", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "credential: REDACTED", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|credential: redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["08a208cb6373a0223c2596f36cd874c5f6d2cc585f14b1e2de34786fa3ba5798", "17b581ddae8fd3e3edba791778c2e7e1091c69f1fac70b78beea98df12f4406e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/chainsaw/tests/exporter-credential-rotation/assert-rotated-credential.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 120459, "scanner": "repobility-threat-engine", "fingerprint": "b03361d603959e1668cb44f87a9d6b5a438de2d15cefc9e6f7dfe54e2f4db032", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b03361d603959e1668cb44f87a9d6b5a438de2d15cefc9e6f7dfe54e2f4db032"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/submit-olm-bundle.sh"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED133", "level": "error", "message": {"text": "Hardcoded Slack webhook URL in source"}, "properties": {"repobilityId": 120428, "scanner": "repobility-supply-chain", "fingerprint": "db1ff8a7722e1a872528861363193c0f4e938b39f3f41aedfe04e38680816f7b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "exfil-webhook-url", "owasp": null, "cwe_ids": ["CWE-200", "CWE-540"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|db1ff8a7722e1a872528861363193c0f4e938b39f3f41aedfe04e38680816f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/slack_test.go"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED133", "level": "error", "message": {"text": "Hardcoded Slack webhook URL in source"}, "properties": {"repobilityId": 120427, "scanner": "repobility-supply-chain", "fingerprint": "017a140b5595b3c6649d2a98107e36171c8d32c36b7028312e1635e5e51a5e61", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "exfil-webhook-url", "owasp": null, "cwe_ids": ["CWE-200", "CWE-540"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|017a140b5595b3c6649d2a98107e36171c8d32c36b7028312e1635e5e51a5e61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/slack_test.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED133", "level": "error", "message": {"text": "Hardcoded Slack webhook URL in source"}, "properties": {"repobilityId": 120426, "scanner": "repobility-supply-chain", "fingerprint": "50383424625d04be0b392e4a1eeeb284e9f349e160ce2607554f57bb2252e107", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "exfil-webhook-url", "owasp": null, "cwe_ids": ["CWE-200", "CWE-540"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|50383424625d04be0b392e4a1eeeb284e9f349e160ce2607554f57bb2252e107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/alerting/slack_test.go"}, "region": {"startLine": 23}}}]}]}]}