{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `JamesIves/github-sponsors-readme-action` pinned to mutable ref `@v1`", "shortDescription": {"text": "Action `JamesIves/github-sponsors-readme-action` pinned to mutable ref `@v1`"}, "fullDescription": {"text": "`uses: JamesIves/github-sponsors-readme-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.AUTO_MERGE` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.AUTO_MERGE` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.AUTO_MERGE }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED125", "name": "GHA script injection via github.event.pull_request.body in run-step", "shortDescription": {"text": "GHA script injection via github.event.pull_request.body in run-step"}, "fullDescription": {"text": "Multi-line `run: |` block interpolates ${{ github.event.pull_request.body }} into shell. PR title/body/branch/comment fields are attacker-controllable."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/919"}, "properties": {"repository": "ChrisTitusTech/winutil", "repoUrl": "https://github.com/ChrisTitusTech/winutil", "branch": "main"}, "results": [{"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 86336, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `JamesIves/github-sponsors-readme-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 86364, "scanner": "repobility-supply-chain", "fingerprint": "2c27e8d749183d4523ed2bcfb2af3c2ee89465ea0d3edbfa696a314b306ad2ed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c27e8d749183d4523ed2bcfb2af3c2ee89465ea0d3edbfa696a314b306ad2ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sponsors.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86363, "scanner": "repobility-supply-chain", "fingerprint": "8135cea9a922581b5be4fe2c9fffec8085de4e1f9c74475cf47fb7fc477a1c76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8135cea9a922581b5be4fe2c9fffec8085de4e1f9c74475cf47fb7fc477a1c76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sponsors.yaml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86362, "scanner": "repobility-supply-chain", "fingerprint": "8722554c6e3de4c93879bb269d6d857d6837ca8b4e82b81765ca9460c803dc71", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8722554c6e3de4c93879bb269d6d857d6837ca8b4e82b81765ca9460c803dc71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/remove-winutil.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v9`"}, "properties": {"repobilityId": 86361, "scanner": "repobility-supply-chain", "fingerprint": "8e4556946a613333e2b44e501fb966969430f9dfbc98a0af40bdd3ae1e32bff7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e4556946a613333e2b44e501fb966969430f9dfbc98a0af40bdd3ae1e32bff7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issue-slash-commands.yaml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86358, "scanner": "repobility-supply-chain", "fingerprint": "ac6f51842ede9a7dd43f87a0f92bb28d4ba90979a5ce0ccc23eef750cdfc118e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac6f51842ede9a7dd43f87a0f92bb28d4ba90979a5ce0ccc23eef750cdfc118e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-merge-docs.yaml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v9`"}, "properties": {"repobilityId": 86357, "scanner": "repobility-supply-chain", "fingerprint": "8eabbfc71be8141df4e613b7f0850240c9c6cfc3e9f55bf573cd750c8514ec82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8eabbfc71be8141df4e613b7f0850240c9c6cfc3e9f55bf573cd750c8514ec82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/label-pr.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86355, "scanner": "repobility-supply-chain", "fingerprint": "04aa3d0c5f61eabc0b6472b36f6cb7e837b0dc23ebef40f6717095d749ca2dce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04aa3d0c5f61eabc0b6472b36f6cb7e837b0dc23ebef40f6717095d749ca2dce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close-discussion-on-pr.yaml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/deploy-pages` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 86354, "scanner": "repobility-supply-chain", "fingerprint": "2eb3e39ed41f9a76ae4194ae4692c08536d836485765a78522f561d7ab0e65a5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2eb3e39ed41f9a76ae4194ae4692c08536d836485765a78522f561d7ab0e65a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-pages-artifact` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 86353, "scanner": "repobility-supply-chain", "fingerprint": "492f6c49b8703250b3d92851bb670315e5deeeddca37478ca8fc4008145e3a15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|492f6c49b8703250b3d92851bb670315e5deeeddca37478ca8fc4008145e3a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 86352, "scanner": "repobility-supply-chain", "fingerprint": "ac452b9fea55b763f6e79ac7e0d13f905674a52beedd254cdfb3d279aa45abcc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac452b9fea55b763f6e79ac7e0d13f905674a52beedd254cdfb3d279aa45abcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 86351, "scanner": "repobility-supply-chain", "fingerprint": "8282b12dfcd62102b3781a920923653878de1d1622a0b0f68133d0fb53ebfb98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8282b12dfcd62102b3781a920923653878de1d1622a0b0f68133d0fb53ebfb98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-pull-request` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 86350, "scanner": "repobility-supply-chain", "fingerprint": "fccc60729459f48bd34ca568f79814806bdabb4f1b5d51b16c452c559e3e07b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fccc60729459f48bd34ca568f79814806bdabb4f1b5d51b16c452c559e3e07b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/configure-pages` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86349, "scanner": "repobility-supply-chain", "fingerprint": "689682c1a66242587178f7282c88c97bb73b6ba3a3cac1422279bb50b8a2ff0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|689682c1a66242587178f7282c88c97bb73b6ba3a3cac1422279bb50b8a2ff0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86348, "scanner": "repobility-supply-chain", "fingerprint": "ab4005141b4e6629839fdd53c4d98a218bcc2ee313247c8a1c99cf276b768634", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab4005141b4e6629839fdd53c4d98a218bcc2ee313247c8a1c99cf276b768634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 86347, "scanner": "repobility-supply-chain", "fingerprint": "0aca1c9aa7fa1d6e4f1a3b2058b77a92f1e9c93e9a39fcd74201db88e110ad51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0aca1c9aa7fa1d6e4f1a3b2058b77a92f1e9c93e9a39fcd74201db88e110ad51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `release-drafter/release-drafter` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 86346, "scanner": "repobility-supply-chain", "fingerprint": "e55dd3cc51ffa24518d555dd0f4d8240eb3215b0f841ca757446b80996029238", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e55dd3cc51ffa24518d555dd0f4d8240eb3215b0f841ca757446b80996029238"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 86345, "scanner": "repobility-supply-chain", "fingerprint": "7243bfb51ff5089c4130b4320341e11de1a04eb87b6e92a40be554b527600c32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7243bfb51ff5089c4130b4320341e11de1a04eb87b6e92a40be554b527600c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 86344, "scanner": "repobility-supply-chain", "fingerprint": "c99ceb10865a8ecd20913709f39fa58c886df6cc61bb9940fe928d11d60da19c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c99ceb10865a8ecd20913709f39fa58c886df6cc61bb9940fe928d11d60da19c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-pull-request` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 86343, "scanner": "repobility-supply-chain", "fingerprint": "3be5124ac251f8939d63480701ef88110e20fe28c18a935b594850c33c828f8f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3be5124ac251f8939d63480701ef88110e20fe28c18a935b594850c33c828f8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86342, "scanner": "repobility-supply-chain", "fingerprint": "a94c1e7617b536442614d85300cd5fea4f322168b9293ace24cec2ca8c251d2c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a94c1e7617b536442614d85300cd5fea4f322168b9293ace24cec2ca8c251d2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-release.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86341, "scanner": "repobility-supply-chain", "fingerprint": "2e03f44caaededdc72581003aaa2e23755de5b5c37d8b805bd6089d68b99a4dd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2e03f44caaededdc72581003aaa2e23755de5b5c37d8b805bd6089d68b99a4dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittests.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `devblackops/github-action-psscriptanalyzer` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 86340, "scanner": "repobility-supply-chain", "fingerprint": "4af5f64aa43ea98a4ebdda577e9987ca77d9430d89c802f2f62b62180aad18f1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4af5f64aa43ea98a4ebdda577e9987ca77d9430d89c802f2f62b62180aad18f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittests.yaml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86339, "scanner": "repobility-supply-chain", "fingerprint": "bb2cc39b4aba3f803d8d027dea89ab75415373d33e36dc1263947d139c4e46ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb2cc39b4aba3f803d8d027dea89ab75415373d33e36dc1263947d139c4e46ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittests.yaml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 86338, "scanner": "repobility-supply-chain", "fingerprint": "f58517e85b8e2dea2471d9c0366f2f86a38700d34a12c1551abee1a9e107238b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f58517e85b8e2dea2471d9c0366f2f86a38700d34a12c1551abee1a9e107238b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close-old-issues.yaml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 86337, "scanner": "repobility-supply-chain", "fingerprint": "d46dd5ae72786b78f5461375902f93b4f69cf9478ead9c3774b08167a1c026f1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d46dd5ae72786b78f5461375902f93b4f69cf9478ead9c3774b08167a1c026f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/compile-check.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.AUTO_MERGE` on a `pull_request` trigger"}, "properties": {"repobilityId": 86360, "scanner": "repobility-supply-chain", "fingerprint": "d6767184e092613dd04baf0d565cf617999830e36fa26656289c9157b69e6a35", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6767184e092613dd04baf0d565cf617999830e36fa26656289c9157b69e6a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-merge-docs.yaml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.AUTO_MERGE` on a `pull_request` trigger"}, "properties": {"repobilityId": 86359, "scanner": "repobility-supply-chain", "fingerprint": "1767627fdd943333410e254e432c8520311610b43c4e3d08e57aab2076973e91", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1767627fdd943333410e254e432c8520311610b43c4e3d08e57aab2076973e91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto-merge-docs.yaml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED125", "level": "error", "message": {"text": "GHA script injection via github.event.pull_request.body in run-step"}, "properties": {"repobilityId": 86356, "scanner": "repobility-supply-chain", "fingerprint": "97be46c8e6412042f5ff363ad60219baf5bce863c2be22688c9ffdc2bef46eb5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-script-injection", "owasp": "A03:2021", "cwe_ids": ["CWE-78", "CWE-94"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97be46c8e6412042f5ff363ad60219baf5bce863c2be22688c9ffdc2bef46eb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close-discussion-on-pr.yaml"}, "region": {"startLine": 24}}}]}]}]}