{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `The agents connect to |mms| on port ``443``. Whether you provision` has no version pin: Un", "shortDescription": {"text": "[MINED124] requirements.txt: `The agents connect to |mms| on port ``443``. Whether you provision` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious"}, "fullDescription": {"text": "Replace `The agents connect to |mms| on port ``443``. Whether you provision` with `The agents connect to |mms| on port ``443``. Whether you provision==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `measure_latency_with_varying_topk` (list): `def measure_latency_with_varying_top", "shortDescription": {"text": "[MINED109] Mutable default argument in `measure_latency_with_varying_topk` (list): `def measure_latency_with_varying_topk(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all cal"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def measure_latency_with_varying_topk(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /ma"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /admin/."}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 21.9% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 21.9% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `convert` has cognitive complexity 25 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `convert` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 25."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED099", "name": "[MINED099] Hardcoded Secret (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED099] Hardcoded Secret (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Move the secret to an environment variable or secret manager. Rotate the exposed credential immediately \u2014 assume it is compromised."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `co", "shortDescription": {"text": "[MINED134] Binary file `content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (60,756 bytes) committed to a repo tha"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED121", "name": "[MINED121] requirements.txt installs from `http://<opsmanagerhost>:8090/health...` (git/URL): Pip requirement points to ", "shortDescription": {"text": "[MINED121] requirements.txt installs from `http://<opsmanagerhost>:8090/health...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `p"}, "fullDescription": {"text": "Publish to PyPI (private if needed) and reference by version. If that's not feasible, lock to a commit SHA via `package @ git+https://...@<sha>` and verify in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `node:12-slim` not pinned by digest: `FROM node:12-slim` resolves the tag at build time. The ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `node:12-slim` not pinned by digest: `FROM node:12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images shou"}, "fullDescription": {"text": "Replace with: `FROM node:12-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_with_unordered_sort_chained_with_ignored_fields: Test function `test_with_unorder", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_with_unordered_sort_chained_with_ignored_fields: Test function `test_with_unordered_sort_chained_with_ignored_fields` runs code but contains no assert / expect / should call \u2014 it passes regardless of b"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assertLess` used but never assigned in __init__: Method `test_large_dataset_operations` of class `Examp", "shortDescription": {"text": "[MINED108] `self.assertLess` used but never assigned in __init__: Method `test_large_dataset_operations` of class `ExamplePerformanceTests` reads `self.assertLess`, but no assignment to it exists in __init__ (and no class-level fallback). T"}, "fullDescription": {"text": "Initialize `self.assertLess = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC061", "name": "[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from", "shortDescription": {"text": "[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from gitleaks jwt (MIT)."}, "fullDescription": {"text": "If the JWT is live, invalidate by rotating the signing key. Move tokens out of source."}, "properties": {"scanner": "repobility-threat-engine", "category": "secret", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_reques", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate th"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This ra", "shortDescription": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import os` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1109"}, "properties": {"repository": "mongodb/docs", "repoUrl": "https://github.com/mongodb/docs", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `The agents connect to |mms| on port ``443``. Whether you provision` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109881, "scanner": "repobility-supply-chain", "fingerprint": "e153a15af875d3993f16d322a4d3930813a0d0580f0a95bb63f5092a94e602e4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e153a15af875d3993f16d322a4d3930813a0d0580f0a95bb63f5092a94e602e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/cloud-manager/source/includes/requirements-cloud-firewall-settings.rst"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Required Outbound Access` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109880, "scanner": "repobility-supply-chain", "fingerprint": "8b8b9d870ad0dd537a70c201207e50a90f8e3c61c27e7c920153a90c1d571285", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b8b9d870ad0dd537a70c201207e50a90f8e3c61c27e7c920153a90c1d571285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/cloud-manager/source/includes/requirements-cloud-firewall-settings.rst"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `|mms| requires access on the following IP address ranges and ports.` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109879, "scanner": "repobility-supply-chain", "fingerprint": "f0cd6ebe47e1d5dbbfaf5ece71b5026c0f75ed9635f990db2b42ff256f9beb5c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0cd6ebe47e1d5dbbfaf5ece71b5026c0f75ed9635f990db2b42ff256f9beb5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/cloud-manager/source/includes/requirements-cloud-firewall-settings.rst"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109878, "scanner": "repobility-supply-chain", "fingerprint": "e8c002084a01356aeb03a75e9e0cfecc68507b34a3ca32410d527a3c0980cff9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8c002084a01356aeb03a75e9e0cfecc68507b34a3ca32410d527a3c0980cff9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/cloud-manager/source/includes/requirements-cloud-firewall-settings.rst"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `Accessible Addresses and Ports` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109877, "scanner": "repobility-supply-chain", "fingerprint": "3d044e9f386b61129c5f1e4faca51ec9a93334eb7600fe77c6b2d2c17927842b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d044e9f386b61129c5f1e4faca51ec9a93334eb7600fe77c6b2d2c17927842b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/cloud-manager/source/includes/requirements-cloud-firewall-settings.rst"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109848, "scanner": "repobility-supply-chain", "fingerprint": "75cedd2a2c2bade2d939f0787af0eaab4492b59e9ba9146f8a208f43a3737737", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75cedd2a2c2bade2d939f0787af0eaab4492b59e9ba9146f8a208f43a3737737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `anthropic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109847, "scanner": "repobility-supply-chain", "fingerprint": "3473e62eb0bf843a08908b5c46d5f7cd846342a1396342ccccdfb3265f8d83f4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3473e62eb0bf843a08908b5c46d5f7cd846342a1396342ccccdfb3265f8d83f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `python-dotenv` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109846, "scanner": "repobility-supply-chain", "fingerprint": "6d199b243db876092bb23765d9d56c8f7aebaf09909353bc77cde870bac9aa92", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d199b243db876092bb23765d9d56c8f7aebaf09909353bc77cde870bac9aa92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pypdf` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109845, "scanner": "repobility-supply-chain", "fingerprint": "0f295e656dcc16b82fa12d1590d53a06d0e47c190069cecaa198149204d8847c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f295e656dcc16b82fa12d1590d53a06d0e47c190069cecaa198149204d8847c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-text-splitters` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109844, "scanner": "repobility-supply-chain", "fingerprint": "914d0da50d7af018eff016b6bcaf097a10863e8f57555266d9150c628c88eed1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|914d0da50d7af018eff016b6bcaf097a10863e8f57555266d9150c628c88eed1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-community` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109843, "scanner": "repobility-supply-chain", "fingerprint": "38385fd7ba0e2a70f2413a59a2ca0de279f89bd02955f20341afc5e04dab7130", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|38385fd7ba0e2a70f2413a59a2ca0de279f89bd02955f20341afc5e04dab7130"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109842, "scanner": "repobility-supply-chain", "fingerprint": "185afe7e1ff2bad01963eb7715e42aa59e36d20d3e60b2a940cc603f223ad2ac", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|185afe7e1ff2bad01963eb7715e42aa59e36d20d3e60b2a940cc603f223ad2ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `voyageai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109841, "scanner": "repobility-supply-chain", "fingerprint": "343db2593b4bde3d21930e1ba9c2a65ece04c60b760ca22d2aa0b6d856b3cbf5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|343db2593b4bde3d21930e1ba9c2a65ece04c60b760ca22d2aa0b6d856b3cbf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-in-memory/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109840, "scanner": "repobility-supply-chain", "fingerprint": "e84eb350b1ab6f0f54738fa267953af56d7ae60c9562c1af43cd52af79cbceac", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e84eb350b1ab6f0f54738fa267953af56d7ae60c9562c1af43cd52af79cbceac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `anthropic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109839, "scanner": "repobility-supply-chain", "fingerprint": "bcf177eb27dfd3d306bee417cf7a04397872109882739818e9c7f0ec8cdc9b81", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bcf177eb27dfd3d306bee417cf7a04397872109882739818e9c7f0ec8cdc9b81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `python-dotenv` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109838, "scanner": "repobility-supply-chain", "fingerprint": "6a457a3fafc01c4c90ade79203d6c016bdb1423e9dcd9e5618782a4939576e3c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6a457a3fafc01c4c90ade79203d6c016bdb1423e9dcd9e5618782a4939576e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pypdf` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109837, "scanner": "repobility-supply-chain", "fingerprint": "852462affcf7aedbef3fd1e85b728402adc0d31700666a03d084968e2379e7b1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|852462affcf7aedbef3fd1e85b728402adc0d31700666a03d084968e2379e7b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-text-splitters` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109836, "scanner": "repobility-supply-chain", "fingerprint": "3e4efc8e709645df2a24c21a624937d36cca1253f37731fcaabf40e45c0a2867", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e4efc8e709645df2a24c21a624937d36cca1253f37731fcaabf40e45c0a2867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-community` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109835, "scanner": "repobility-supply-chain", "fingerprint": "cf26ca1e2412525da8a8df9616a55c5b09d4a9b368509437d527a8b1280ea07e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf26ca1e2412525da8a8df9616a55c5b09d4a9b368509437d527a8b1280ea07e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pymongo` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109834, "scanner": "repobility-supply-chain", "fingerprint": "fbefaded250303ce813c22780caa816c14ee72f398c0817ef2e464a2cb207af8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fbefaded250303ce813c22780caa816c14ee72f398c0817ef2e464a2cb207af8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109833, "scanner": "repobility-supply-chain", "fingerprint": "54b922d2c48ebdb3888946fa0c1555c92116d360ccffedea747fcd90c851bdc3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54b922d2c48ebdb3888946fa0c1555c92116d360ccffedea747fcd90c851bdc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `voyageai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109832, "scanner": "repobility-supply-chain", "fingerprint": "1d34c2c9ceeac06d41ad1898f512601392328b6de0fa2515b4de82d3d191e269", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1d34c2c9ceeac06d41ad1898f512601392328b6de0fa2515b4de82d3d191e269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ext-source/docs-notebooks/voyageai/apps/rag-with-mongodb/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `typing_extensions` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109831, "scanner": "repobility-supply-chain", "fingerprint": "acf13ff34deaf33046576e78deb4c8c3f6647179b56e2df4f38e7e6a3f6abb6c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|acf13ff34deaf33046576e78deb4c8c3f6647179b56e2df4f38e7e6a3f6abb6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pygithub` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109830, "scanner": "repobility-supply-chain", "fingerprint": "0ab80c2ce08dcb7c76d248c4be919c3979bab174252ac3b8f3de3fb432f56853", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ab80c2ce08dcb7c76d248c4be919c3979bab174252ac3b8f3de3fb432f56853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `typer` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 109829, "scanner": "repobility-supply-chain", "fingerprint": "bb751e8fcc955ef90d1fded0fc10dbd9fc100d8f69316a136aca2f243bc510b2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb751e8fcc955ef90d1fded0fc10dbd9fc100d8f69316a136aca2f243bc510b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `measure_latency_with_varying_topk` (list): `def measure_latency_with_varying_topk(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 109812, "scanner": "repobility-ast-engine", "fingerprint": "51d8a90fee11a5972e79ca1c6b9e1439a2acd66d49f75e0aad6f6c9f342b8c63", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51d8a90fee11a5972e79ca1c6b9e1439a2acd66d49f75e0aad6f6c9f342b8c63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/vector-search/source/includes/auto-quantization-tutorial/code-snippets/latency-function.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109811, "scanner": "repobility-ast-engine", "fingerprint": "9305fc0115c05435dc31271d0ea9fb801e7d0c1f48d012f342a0b22dedc149e0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9305fc0115c05435dc31271d0ea9fb801e7d0c1f48d012f342a0b22dedc149e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas/source/includes/fts/tutorials/synonyms/transport_synonyms.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109810, "scanner": "repobility-ast-engine", "fingerprint": "6f352ab0e838b5f053fdb444e8cfc871342d655a42f9ad90ac71884315a3275b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f352ab0e838b5f053fdb444e8cfc871342d655a42f9ad90ac71884315a3275b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas/source/includes/ai-integrations/langgraph/python/agent.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109809, "scanner": "repobility-ast-engine", "fingerprint": "ad9300a6246ce70c63d72f187be5369c6ce71aaf539996bc180248d5a2d225be", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad9300a6246ce70c63d72f187be5369c6ce71aaf539996bc180248d5a2d225be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas/source/includes/ai-integrations/langgraph/python/config.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109808, "scanner": "repobility-ast-engine", "fingerprint": "4a6419eedbe5de9ec2f888970a65bb8121412952b431a965a797d9bc700889b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a6419eedbe5de9ec2f888970a65bb8121412952b431a965a797d9bc700889b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas/source/includes/ai-integrations/langgraph/python/config.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109807, "scanner": "repobility-ast-engine", "fingerprint": "c210a64ff02c30906716e369e7f709738c6759aca1808e14439c53e7bb458857", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c210a64ff02c30906716e369e7f709738c6759aca1808e14439c53e7bb458857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas/source/includes/ai-integrations/vertex-ai/main.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109802, "scanner": "repobility-ast-engine", "fingerprint": "718a9aa2764a125fc72b8f61348ecbb365d0a66674a78e93478b6337662eda65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|718a9aa2764a125fc72b8f61348ecbb365d0a66674a78e93478b6337662eda65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/compass/conf.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109801, "scanner": "repobility-ast-engine", "fingerprint": "f2b4c7c675973b975b1959dcb7211dd6a00493b77bf71a1a0d496995d73d1558", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2b4c7c675973b975b1959dcb7211dd6a00493b77bf71a1a0d496995d73d1558"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_real_file_integration.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109800, "scanner": "repobility-ast-engine", "fingerprint": "0fbb084524b7fbcc6997601f3763c499a0196f811b2f46362c5546207d062f5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fbb084524b7fbcc6997601f3763c499a0196f811b2f46362c5546207d062f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_real_file_integration.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109799, "scanner": "repobility-ast-engine", "fingerprint": "530676fec851c89a194f1ad6fd8f991f9d200b5a2d53b25b6025fc1be05bdab0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|530676fec851c89a194f1ad6fd8f991f9d200b5a2d53b25b6025fc1be05bdab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_real_file_integration.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109798, "scanner": "repobility-ast-engine", "fingerprint": "af099d784aca2beaaa3340e384b80f382c3d63910ad5efc30fbe995320adeab7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af099d784aca2beaaa3340e384b80f382c3d63910ad5efc30fbe995320adeab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_error_messages.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109797, "scanner": "repobility-ast-engine", "fingerprint": "dc9e00877e86a982e1b77d9f6151a4d280a6a0108f89a959d7fd47ec38f84eeb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc9e00877e86a982e1b77d9f6151a4d280a6a0108f89a959d7fd47ec38f84eeb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_error_messages.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109796, "scanner": "repobility-ast-engine", "fingerprint": "37b687d220aaadf0a92dadc01c6302820991919d6de4c113cebf261399c5c95a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37b687d220aaadf0a92dadc01c6302820991919d6de4c113cebf261399c5c95a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_comprehensive.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109774, "scanner": "repobility-ast-engine", "fingerprint": "8d8099325927ba155e12f0185963a589be35f36a68af88a8c99dc5f292442c80", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d8099325927ba155e12f0185963a589be35f36a68af88a8c99dc5f292442c80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_cache.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109746, "scanner": "repobility-ast-engine", "fingerprint": "d0ab731d49233bf88247fb15f679846fe72d58d56b936e3f117a0b9a83f90e40", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0ab731d49233bf88247fb15f679846fe72d58d56b936e3f117a0b9a83f90e40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/checker.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109745, "scanner": "repobility-ast-engine", "fingerprint": "a5b8cf004c28d622ff0b893b97d4bd486dff31462c9394d452b9a6a85d5b8485", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5b8cf004c28d622ff0b893b97d4bd486dff31462c9394d452b9a6a85d5b8485"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/checker.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109744, "scanner": "repobility-ast-engine", "fingerprint": "eee755e2ab30868832db2a4262bb819bdd5f7be0879f7a59e833ef7d36281c6e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eee755e2ab30868832db2a4262bb819bdd5f7be0879f7a59e833ef7d36281c6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/comparison.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109743, "scanner": "repobility-ast-engine", "fingerprint": "cc04169ef7aef995561709216493b0abadc7e4e3838e5cfcc7760c3407312be1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc04169ef7aef995561709216493b0abadc7e4e3838e5cfcc7760c3407312be1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/comparison.py"}, "region": {"startLine": 465}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109742, "scanner": "repobility-ast-engine", "fingerprint": "e0b98c1acc2594c2c6014e0e890d2bf0ba4332457dbbc3b1229576573abce9af", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0b98c1acc2594c2c6014e0e890d2bf0ba4332457dbbc3b1229576573abce9af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/arrays.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109741, "scanner": "repobility-ast-engine", "fingerprint": "a37779f9a27945de0cea293e6c552b84c7b8e7296562b3753433b205c1e0a093", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a37779f9a27945de0cea293e6c552b84c7b8e7296562b3753433b205c1e0a093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/expect.py"}, "region": {"startLine": 647}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109740, "scanner": "repobility-ast-engine", "fingerprint": "07d7835622c4d01b93877ce6d0e65450c830bcb6afed07504d472f9badf0e3a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07d7835622c4d01b93877ce6d0e65450c830bcb6afed07504d472f9badf0e3a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/expect.py"}, "region": {"startLine": 823}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109739, "scanner": "repobility-ast-engine", "fingerprint": "c41edb23e6b77adb0f46fbac85c87950529214b95d3b30502d5d554afe8c86ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c41edb23e6b77adb0f46fbac85c87950529214b95d3b30502d5d554afe8c86ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/expect.py"}, "region": {"startLine": 753}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109738, "scanner": "repobility-ast-engine", "fingerprint": "57337f7d7738747393d4abe8bd64c663d57be54f2c695552d85c42734f5625f2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57337f7d7738747393d4abe8bd64c663d57be54f2c695552d85c42734f5625f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/normalize.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109736, "scanner": "repobility-ast-engine", "fingerprint": "c6bf7be347482c6c7e09a2943d8e9ea93586d5c3caaa18fc91805e95f448cce1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6bf7be347482c6c7e09a2943d8e9ea93586d5c3caaa18fc91805e95f448cce1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/parser.py"}, "region": {"startLine": 803}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109735, "scanner": "repobility-ast-engine", "fingerprint": "be0bce79d4b97608891a1e424e1f9690bbc8f8f7bfc8169c727639941b648887", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be0bce79d4b97608891a1e424e1f9690bbc8f8f7bfc8169c727639941b648887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/parser.py"}, "region": {"startLine": 909}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 109734, "scanner": "repobility-ast-engine", "fingerprint": "01f8f7856a14654f19edee7b89f9c769fec4877d15ddae2d0ec6561d0572f4c9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01f8f7856a14654f19edee7b89f9c769fec4877d15ddae2d0ec6561d0572f4c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/parser.py"}, "region": {"startLine": 796}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 109732, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109730, "scanner": "repobility-journey-contract", "fingerprint": "28516ececf2a87a7db4b25ce6fb68cdc55bc8813f838d7289722692e60ae41e6", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/trpc", "correlation_key": "fp|28516ececf2a87a7db4b25ce6fb68cdc55bc8813f838d7289722692e60ae41e6", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/nextjs-extension/src/ui/App.tsx"}, "region": {"startLine": 17}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109729, "scanner": "repobility-journey-contract", "fingerprint": "d0d0233d3372cc1f69a89aaafef3c43031ca6add32855aa3e46c9e1cf68c414e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/trpc", "correlation_key": "fp|d0d0233d3372cc1f69a89aaafef3c43031ca6add32855aa3e46c9e1cf68c414e", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/nextjs-extension/src/endpoints/trpc.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109728, "scanner": "repobility-journey-contract", "fingerprint": "02bcf23c58f9850316415c1bd2efdeca68a0a73521ed6dc92a16b36d50307a87", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/client/v2.0", "correlation_key": "fp|02bcf23c58f9850316415c1bd2efdeca68a0a73521ed6dc92a16b36d50307a87", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/landing/static/css/landing.min.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109727, "scanner": "repobility-journey-contract", "fingerprint": "6ecdb6f47b8abdec92cbb2005f63b69df6c4b8f4b3681ab40073c1668c40bfd5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/restaurants/browse", "correlation_key": "fp|6ecdb6f47b8abdec92cbb2005f63b69df6c4b8f4b3681ab40073c1668c40bfd5", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/drivers/source/includes/node-frameworks/nuxt-vue/RestaurantList.vue"}, "region": {"startLine": 23}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109726, "scanner": "repobility-journey-contract", "fingerprint": "ae4f086ed45150f6b58ffbc4904b6a8ac91853939f99244c8bbce51033c46d2d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/restaurants", "correlation_key": "fp|ae4f086ed45150f6b58ffbc4904b6a8ac91853939f99244c8bbce51033c46d2d", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/drivers/source/includes/node-frameworks/next/page.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 109725, "scanner": "repobility-journey-contract", "fingerprint": "94b1f316b754cd1e8567d4575916b6a38adde7e6768c64053045fb0ef39fa06a", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/browse", "correlation_key": "fp|94b1f316b754cd1e8567d4575916b6a38adde7e6768c64053045fb0ef39fa06a", "backend_endpoint_count": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/drivers/source/includes/node-frameworks/next/browse-page.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /markdown/:...path/route."}, "properties": {"repobilityId": 109724, "scanner": "repobility-access-control", "fingerprint": "db5ce7d8a73a360071ab167318ab682692d7182e1f8a70efa066485a15486424", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/markdown/:...path/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / ...path /route.ts|19|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/markdown/[...path]/route.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /inventory/:...path/route."}, "properties": {"repobilityId": 109723, "scanner": "repobility-access-control", "fingerprint": "7e9c1ab8b321955b7bd50708c5812f12bb9cd9cbd94e71f6c3a5732e6323e1f2", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/inventory/:...path/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / ...path /route.ts|7|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/inventory/[...path]/route.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /banners/route."}, "properties": {"repobilityId": 109722, "scanner": "repobility-access-control", "fingerprint": "4a90921e568e6f5a34f78984bcf5f18df2a62b142e8d14fae36852b110bd2169", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/banners/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|21|auc009", "duplicate_count": 1, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["4a90921e568e6f5a34f78984bcf5f18df2a62b142e8d14fae36852b110bd2169", "efcca68776ba4ceae858ca0af3c2ba133a9550c4846d90182432e7dde58d8f09"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/banners/route.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /search-mapping/route."}, "properties": {"repobilityId": 109721, "scanner": "repobility-access-control", "fingerprint": "9173305afd9f3b4a6183c2f436a91f5c5630f9c22e0408ee3f933f8fb237510d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/search-mapping/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|17|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/search-mapping/route.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /feedback-interaction/route."}, "properties": {"repobilityId": 109720, "scanner": "repobility-access-control", "fingerprint": "0c2805410b73469b745acc336ccb4e47036ee12ab840b6f15f3a8932542cad0a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/feedback-interaction/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|42|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/feedback-interaction/route.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /offline-download/route."}, "properties": {"repobilityId": 109719, "scanner": "repobility-access-control", "fingerprint": "b010f00c6457f56aa91ee1e76fcfb6475b61ee32827b14ce4ab2dd8e8a32a4c4", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/offline-download/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|6|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/offline-download/route.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /documents/route."}, "properties": {"repobilityId": 109718, "scanner": "repobility-access-control", "fingerprint": "f2da64ad02925dc0e5e17d09b92849f12c0351123ff44204c97f80ceb738b370", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/documents/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|10|auc009", "duplicate_count": 1, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["f2da64ad02925dc0e5e17d09b92849f12c0351123ff44204c97f80ceb738b370", "fa74cd0ef068b9f5116b0cb2d8a3d4234c52d9a874234557a1273e379649754e"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/documents/route.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /products/route."}, "properties": {"repobilityId": 109717, "scanner": "repobility-access-control", "fingerprint": "fb1700d72afbcf203061af16c6088dfb2ed2e27e0bc33aa3aa4e65be517a8abb", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/products/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|16|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/src/app/api/products/route.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /admin/."}, "properties": {"repobilityId": 109716, "scanner": "repobility-access-control", "fingerprint": "91647ffd84671a60969d8fe86326ac25d4945f086ebe4ed83ef847e72a8bebf4", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/admin/", "method": "ANY", "scanner": "repobility-access-control", "framework": "Django", "correlation_key": "code|auth|token|21|auc004", "duplicate_count": 1, "identity_targets": ["unknown", "admin"], "duplicate_rule_ids": ["AUC004"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["91647ffd84671a60969d8fe86326ac25d4945f086ebe4ed83ef847e72a8bebf4", "bf34dab304147ff9bc2d06476d097d3ebe63782eeb6076c5b0d70d11578e3293"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/django-mongodb/upcoming/source/includes/qe/django_qe/django_qe/urls.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /blog/."}, "properties": {"repobilityId": 109715, "scanner": "repobility-access-control", "fingerprint": "a1191aa349ad5125484e2b148cfc124cdae2497f554383becc6dbd6f9acb05f6", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/blog/", "method": "ANY", "scanner": "repobility-access-control", "framework": "Django", "correlation_key": "code|auth|token|15|auc004", "duplicate_count": 1, "identity_targets": ["unknown", "admin"], "duplicate_rule_ids": ["AUC004"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["971d94ac1b2793fe4946dd94e95645e63fe5ffa1b69fc12843b9f67353cabc72", "a1191aa349ad5125484e2b148cfc124cdae2497f554383becc6dbd6f9acb05f6"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/django-mongodb/upcoming/source/includes/qe/django_qe/django_qe/urls.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 21.9% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 109714, "scanner": "repobility-access-control", "fingerprint": "4e31f288c488b401e9349599934ff217449c2d842ba87316e1aa916cca52401c", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 32, "correlation_key": "fp|4e31f288c488b401e9349599934ff217449c2d842ba87316e1aa916cca52401c", "auth_visible_percent": 21.9}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 109713, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 109712, "scanner": "repobility-docker", "fingerprint": "acacecc1de28ee7a301b2b752119289df946fac6c0c1aa21c8fe198b806732cd", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|acacecc1de28ee7a301b2b752119289df946fac6c0c1aa21c8fe198b806732cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/tools/cdnLogParser/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 109710, "scanner": "repobility-docker", "fingerprint": "62909ac55c863d4d5d01001a36441e5b4a1fbfcd0d9ccf5a4094aca925bc75a0", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|62909ac55c863d4d5d01001a36441e5b4a1fbfcd0d9ccf5a4094aca925bc75a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/realm/.github/actions/push-to-artifact-repo/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 109707, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 109705, "scanner": "repobility-agent-runtime", "fingerprint": "0ec6b01ed7c86ba6b9da6499b7fc6b698438a2f36234df901e5022d5db2b0904", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0ec6b01ed7c86ba6b9da6499b7fc6b698438a2f36234df901e5022d5db2b0904"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/README.md"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 109674, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf454da1e9e1f811183deb1c68a3f9ff0837fa2d5d93dbd2d07e0f64aff08c0d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|bf454da1e9e1f811183deb1c68a3f9ff0837fa2d5d93dbd2d07e0f64aff08c0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/vector-search/source/includes/quick-start/code-snippets/vector/nodejs/create-embeddings-new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 109673, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7239e1b6e329bb55812d1b5b45a00a5c50abfa990626c21d8415ba5d21340c9", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b7239e1b6e329bb55812d1b5b45a00a5c50abfa990626c21d8415ba5d21340c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/vector-search/source/includes/crud-embeddings/manual/code-snippets/python/query_embeddings_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 109668, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d64f4942af748977a4bf2b90d1b895dca0e8b274ac44176f211567729fa8e2e", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "temp", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "content/code-examples/tested/csharp/driver/TimeSeries/SecondaryIndexes.snippet.create-geospatial-index.cs", "correlation_key": "fp|7d64f4942af748977a4bf2b90d1b895dca0e8b274ac44176f211567729fa8e2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/code-examples/tested/csharp/driver/TimeSeries/SecondaryIndexes.snippet.create-geospatial-index-temp.cs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 109665, "scanner": "repobility-threat-engine", "fingerprint": "a8d8b3cdb4f51e4c72c5be39457e17c18cbcb7978ed71082486d73121d2000de", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path] Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "password = \"<redacted> password>\"", "reason": "Low entropy value (3.6 bits) \u2014 may be placeholder or common string | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|16|password redacted password", "duplicate_count": 2, "duplicate_rule_ids": ["SEC001"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["077eaf53c0c0b0e8cdd34ae379059e374e3c0d717249c19f9d44c3ac16a8a7a3", "653bf26a19d56d6ee7d0e8d83958efd9b233474652ef8f7df58508fddd27fd3e", "a8d8b3cdb4f51e4c72c5be39457e17c18cbcb7978ed71082486d73121d2000de"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/current/source/includes/examples/tf-dev-test-complete/main.tf"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 109659, "scanner": "repobility-threat-engine", "fingerprint": "39135a423f7afbbb1e4739f9798ff87074c5a159e123fab5f4759860a7413682", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def make_cache_key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|182|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/cache.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 109656, "scanner": "repobility-threat-engine", "fingerprint": "f9feaa2b745d49d1dfc6e29423b9602bb2ab96ade106d54886339930d29956f9", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except:\n        pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|f9feaa2b745d49d1dfc6e29423b9602bb2ab96ade106d54886339930d29956f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/limitations.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 109655, "scanner": "repobility-threat-engine", "fingerprint": "796ed6a05982fb7eae74e6ecb9e528eb9cec809ba73a8e70e455b44ee4badf1d", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|796ed6a05982fb7eae74e6ecb9e528eb9cec809ba73a8e70e455b44ee4badf1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/auto_removal.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 109654, "scanner": "repobility-threat-engine", "fingerprint": "3c46f8335a7c5be915247758c556e786dfe5666e6369eb62dee9756584a25f90", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3c46f8335a7c5be915247758c556e786dfe5666e6369eb62dee9756584a25f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/content_analyzer.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 109626, "scanner": "repobility-threat-engine", "fingerprint": "6511a95f0db700a0cf2021e1aede852e55ffd73ca5734ffaea114a5a15902103", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|63|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/driver-sync/snip.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 109625, "scanner": "repobility-threat-engine", "fingerprint": "e072ee1b5c419c121b1e598815ec917ec76bf797f7d8bddc89a1ae0fa12252c1", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|62|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/driver/snip.js"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 109624, "scanner": "repobility-threat-engine", "fingerprint": "97f1a69f7d5e67049094289d43ab163dd0cd8b82666d6568259d478882a528d8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|81|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/snip.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 109623, "scanner": "repobility-threat-engine", "fingerprint": "10ecd12aea297485b5fd04234f56d516a9d14689fbf75cffac31915577454635", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|10ecd12aea297485b5fd04234f56d516a9d14689fbf75cffac31915577454635"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/source/authentication/custom-function/the-authentication-function.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 109622, "scanner": "repobility-threat-engine", "fingerprint": "b51fdf435f0fedc0c4b65ea5cb6ed8bf7a3a146b3e00229c0c931120b9057ec4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b51fdf435f0fedc0c4b65ea5cb6ed8bf7a3a146b3e00229c0c931120b9057ec4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/Utilities/Comparison.Tests/JsonEllipsisIntegrationTests.cs"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 109621, "scanner": "repobility-threat-engine", "fingerprint": "d7a074d62cd781f6a83cd839dba7051d0418e10e53b1de484d6509be2a4ee3d6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d7a074d62cd781f6a83cd839dba7051d0418e10e53b1de484d6509be2a4ee3d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/Examples/EfCore/Configure/Configure.cs"}, "region": {"startLine": 67}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `convert` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=3, else=2, for=3, if=6, nested_bonus=10, while=1."}, "properties": {"repobilityId": 109592, "scanner": "repobility-threat-engine", "fingerprint": "782dc58fd9ed55c6b1758904397a2261dc5820f23d925e0ba6de76c46b1b5fce", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 25 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "convert", "breakdown": {"if": 6, "for": 3, "else": 2, "while": 1, "continue": 3, "nested_bonus": 10}, "complexity": 25, "correlation_key": "fp|782dc58fd9ed55c6b1758904397a2261dc5820f23d925e0ba6de76c46b1b5fce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/skills/language-tabs-to-composable-scripted/assets/convert.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 109709, "scanner": "repobility-docker", "fingerprint": "d3aa5afcc0153eaa95f33375fa9839f7f248a74f5508205e3956e3bbc8c3f795", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d3aa5afcc0153eaa95f33375fa9839f7f248a74f5508205e3956e3bbc8c3f795"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/realm/.github/actions/push-to-artifact-repo/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 109708, "scanner": "repobility-docker", "fingerprint": "2eb39ccb25fa9346dd2639347d5c80c67d2d81de8971d71002ffc8292f98fd6c", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|2eb39ccb25fa9346dd2639347d5c80c67d2d81de8971d71002ffc8292f98fd6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/realm/.github/actions/push-to-artifact-repo/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed2260440f6dc774297bd2d362097cc375402575605d87d536795cdceb50d3c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/go/driver/snip.js", "duplicate_line": 10, "correlation_key": "fp|ed2260440f6dc774297bd2d362097cc375402575605d87d536795cdceb50d3c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/snip.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c287bca05876e3aefc66eb82c335eefa3f566b1adfc8a5e3c20af764de523f14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/csharp/driver/snip.js", "duplicate_line": 15, "correlation_key": "fp|c287bca05876e3aefc66eb82c335eefa3f566b1adfc8a5e3c20af764de523f14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/snip.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "817d8e6654e8d54c64c75fa412c201dcce04451f6642436917d152c8b8deb587", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/sampleDataChecker.js", "duplicate_line": 1, "correlation_key": "fp|817d8e6654e8d54c64c75fa412c201dcce04451f6642436917d152c8b8deb587"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/sampleDataChecker.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9524e2d1dd70193f820a57f6254be02838996dcb550adcd2fef764bbb464013", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/unorderedArrayAnalysis.js", "duplicate_line": 2, "correlation_key": "fp|f9524e2d1dd70193f820a57f6254be02838996dcb550adcd2fef764bbb464013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/unorderedArrayAnalysis.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "696e81889b87ecffd2c145530c1a5224cf93a5ec983ed77d944094c27d67f7b8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/primitiveComparison.js", "duplicate_line": 1, "correlation_key": "fp|696e81889b87ecffd2c145530c1a5224cf93a5ec983ed77d944094c27d67f7b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/primitiveComparison.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bf9f7c0e19cf9a965621698c8b12e6a7669511c7719bf2814bf49e9b48e4080", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/objectComparison.js", "duplicate_line": 12, "correlation_key": "fp|0bf9f7c0e19cf9a965621698c8b12e6a7669511c7719bf2814bf49e9b48e4080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/objectComparison.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109698, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97b0b934adb60ecf80d2b59d691a9c7dd98fddccac2672d657e7c572c0814cf3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/MongoshOutputParser.js", "duplicate_line": 352, "correlation_key": "fp|97b0b934adb60ecf80d2b59d691a9c7dd98fddccac2672d657e7c572c0814cf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/normalize.js"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109697, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2eec216c39be8b6df0cfcd35f3d9651b50512b1c081c7f24f671b9ccd89cc1a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/mongoshNormalize.js", "duplicate_line": 51, "correlation_key": "fp|c2eec216c39be8b6df0cfcd35f3d9651b50512b1c081c7f24f671b9ccd89cc1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/normalize.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109696, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a69e1529aa9bd93adf3321409e4b41d396e22b3d80056bf5014ddab6c828756", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/normalize.js", "duplicate_line": 2, "correlation_key": "fp|6a69e1529aa9bd93adf3321409e4b41d396e22b3d80056bf5014ddab6c828756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/normalize.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109695, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b34a0af76f98397f57619eadaf0eca3b02cf084e18853d52c46b11c94632bf6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/MongoshOutputParser.js", "duplicate_line": 31, "correlation_key": "fp|0b34a0af76f98397f57619eadaf0eca3b02cf084e18853d52c46b11c94632bf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/fileParser.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109694, "scanner": "repobility-ai-code-hygiene", "fingerprint": "149e216dd4665f5ed409670760503cd5b70d0bb66d28674988248390f5b55198", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/errorReporting.js", "duplicate_line": 1, "correlation_key": "fp|149e216dd4665f5ed409670760503cd5b70d0bb66d28674988248390f5b55198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/errorReporting.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109693, "scanner": "repobility-ai-code-hygiene", "fingerprint": "117f118448bfab0c897891fa1eb0a1628eb83c201d3dac4c6992c3405f2f81a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/ellipsisHandlers.js", "duplicate_line": 2, "correlation_key": "fp|117f118448bfab0c897891fa1eb0a1628eb83c201d3dac4c6992c3405f2f81a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/ellipsisHandlers.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109692, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0acc0fe82c5c1f30168e9440f0ddb6b0e4ce7e8d5b4d93c418141bd2efca759", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/ellipsis.js", "duplicate_line": 1, "correlation_key": "fp|e0acc0fe82c5c1f30168e9440f0ddb6b0e4ce7e8d5b4d93c418141bd2efca759"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/ellipsis.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109691, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc9762ea960f0d4db215ef3a000df3657d4cf95daff671a3b05976f89605e3db", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/detailedComparison.js", "duplicate_line": 22, "correlation_key": "fp|bc9762ea960f0d4db215ef3a000df3657d4cf95daff671a3b05976f89605e3db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/detailedComparison.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109690, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5afcd50a7f211ba94ab760e3229c1e4eab8df92a5d5194768aa4c66ab41792ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/MongoshComparisonEngine.js", "duplicate_line": 29, "correlation_key": "fp|5afcd50a7f211ba94ab760e3229c1e4eab8df92a5d5194768aa4c66ab41792ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/comparisonEngine.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109689, "scanner": "repobility-ai-code-hygiene", "fingerprint": "007c5fba7df781d10f0b21a1bb7d6cfcecf66903ae99050093016719c9282be9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/arrayComparison.js", "duplicate_line": 2, "correlation_key": "fp|007c5fba7df781d10f0b21a1bb7d6cfcecf66903ae99050093016719c9282be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/arrayComparison.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109688, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00337413848dc2791d6b2e83901047af7e37160e2943946a438754edddf3e197", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/areObjectsEqual.js", "duplicate_line": 17, "correlation_key": "fp|00337413848dc2791d6b2e83901047af7e37160e2943946a438754edddf3e197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/areObjectsEqual.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109687, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc16d4da922f9d54bec9d6062ba892202e00d7c2db5524aaedf7f6b3c01e1755", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/ContentAnalyzer.js", "duplicate_line": 17, "correlation_key": "fp|dc16d4da922f9d54bec9d6062ba892202e00d7c2db5524aaedf7f6b3c01e1755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/ContentAnalyzer.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109686, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a7f8e8c25a68a8d7165ecbd2777f3ab9c402f48808be6d57248600dde3fff06", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/go/driver/snip.js", "duplicate_line": 14, "correlation_key": "fp|8a7f8e8c25a68a8d7165ecbd2777f3ab9c402f48808be6d57248600dde3fff06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/snip.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109685, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fba0c66c5d707aac6ef679e16469c111dc94585f0b3c6f22fe9d68de3743dad9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/MongoTypeNormalizer.java", "duplicate_line": 74, "correlation_key": "fp|fba0c66c5d707aac6ef679e16469c111dc94585f0b3c6f22fe9d68de3743dad9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/internal/ValueNormalizer.java"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109684, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1acc2b373d87a023ba469845d354a9cc8358268c6cae8691e10fd2b847f07913", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/internal/ObjectComparator.java", "duplicate_line": 434, "correlation_key": "fp|1acc2b373d87a023ba469845d354a9cc8358268c6cae8691e10fd2b847f07913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/internal/PrimitiveComparator.java"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109683, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2dab437e4b497a5582bf65e56badb9032721d6eb93035ea730666c92f805000c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/ContentAnalyzer.java", "duplicate_line": 199, "correlation_key": "fp|2dab437e4b497a5582bf65e56badb9032721d6eb93035ea730666c92f805000c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/utilities/comparison-library/src/main/java/mongodb/comparison/StructuralComparisonStrategy.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109682, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aeca057c9cf47cc75493156690ccc7a376ab3e927be7266620ecec8a4aec51d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/csharp/driver/snip.js", "duplicate_line": 15, "correlation_key": "fp|aeca057c9cf47cc75493156690ccc7a376ab3e927be7266620ecec8a4aec51d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/driver-sync/snip.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109681, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44eeeb6540a5b639458268f670a58b7608f4501a6ffb2ec4e4fbb6d07e9104d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/csharp/driver/snip.js", "duplicate_line": 15, "correlation_key": "fp|44eeeb6540a5b639458268f670a58b7608f4501a6ffb2ec4e4fbb6d07e9104d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/driver/snip.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109680, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b48a7f0f2738ca33b38c6967706e220004c29715ebf54611da9d8e7298df2cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/MongoshOutputParser.js", "duplicate_line": 351, "correlation_key": "fp|0b48a7f0f2738ca33b38c6967706e220004c29715ebf54611da9d8e7298df2cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/utils/comparison/normalize.js"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109679, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cffcb1e3ff819827a2ecc61c9ba81cbad48c819b2067dbbf6d311da881873260", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "code-example-tests/command-line/mongosh/utils/comparison/mongoshNormalize.js", "duplicate_line": 51, "correlation_key": "fp|cffcb1e3ff819827a2ecc61c9ba81cbad48c819b2067dbbf6d311da881873260"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/utils/comparison/normalize.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109678, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e980e911ce5d9c905a7fee9fc4c3150a3d5b00d6677d28497603bb006a0cacfa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/lint-docs/findability-lint-cli.ts", "duplicate_line": 70, "correlation_key": "fp|e980e911ce5d9c905a7fee9fc4c3150a3d5b00d6677d28497603bb006a0cacfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/seo-lint-cli.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109677, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ea29219ed2c6e93bdd37eb2cb34c94f29fa489cab4d645cd15b68b3c3b6ab2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/lint-docs/404-lint-cli.ts", "duplicate_line": 5, "correlation_key": "fp|1ea29219ed2c6e93bdd37eb2cb34c94f29fa489cab4d645cd15b68b3c3b6ab2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/seo-lint-cli.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109676, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6bc67b5a7fef54a2f9a29bc1987a080fcdbdf73e1e0cbba10b349ef765f5d6c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/lint-docs/findability-lint-cli.ts", "duplicate_line": 70, "correlation_key": "fp|6bc67b5a7fef54a2f9a29bc1987a080fcdbdf73e1e0cbba10b349ef765f5d6c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/redirect-lint-cli.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 109675, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ace6a2ad2c9e3dd30946b29c27f7292e7568d1bc7c4085c301bac5897449088", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/lint-docs/findability-lint-cli.ts", "duplicate_line": 70, "correlation_key": "fp|1ace6a2ad2c9e3dd30946b29c27f7292e7568d1bc7c4085c301bac5897449088"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/nested-components-lint-cli.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 109672, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d417b29ef6824169a0873054d6c9098edc0e311578361956a313f56a8e491e15", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d417b29ef6824169a0873054d6c9098edc0e311578361956a313f56a8e491e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/docs-nextjs/scripts/offline-ui/code-copy.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 109671, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4632d9f982570d5e3c3b9c34df53d65e0f9168562225e82e9ad80e1625281a15", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4632d9f982570d5e3c3b9c34df53d65e0f9168562225e82e9ad80e1625281a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/vector-search/source/includes/quick-start/code-snippets/vector/nodejs/create-embeddings-new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 109670, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdbded39b8e808d7cad235ce2530905d43d1dad088a8f5453163b1ba72898210", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cdbded39b8e808d7cad235ce2530905d43d1dad088a8f5453163b1ba72898210"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/vector-search/source/includes/crud-embeddings/manual/code-snippets/python/query_embeddings_new.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 109669, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82658082543df17c10bf7d47348148db307585bc1a31347d59d0121f920a68d7", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "updated", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|82658082543df17c10bf7d47348148db307585bc1a31347d59d0121f920a68d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/table-of-contents/docset-data/drivers/versions/cpp-updated.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 109667, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3473bdc06ade2fda935a829633ea9f8482a088ee15fba460aa6fe7b3abfad1b9", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3473bdc06ade2fda935a829633ea9f8482a088ee15fba460aa6fe7b3abfad1b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/code-examples/tested/command-line/mongosh/database-commands/update/bulk-update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 109643, "scanner": "repobility-threat-engine", "fingerprint": "90f2d71339e861b6fe15aeb9295d7460e885f805f7d8c663713954d2e63af614", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"The following task has been added to a to-do list: \" + summary +\n        \". You'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|90f2d71339e861b6fe15aeb9295d7460e885f805f7d8c663713954d2e63af614"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/source/tutorial/backend-examples/sendAlerts.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 109642, "scanner": "repobility-threat-engine", "fingerprint": "c7a6d8da52bca2c73d4ec19daa80df5c28e17556b3d5e699cc715750d9ca3d0f", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"isAvailable=\" + isAvailable +\n                \", missingDatabases=\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c7a6d8da52bca2c73d4ec19daa80df5c28e17556b3d5e699cc715750d9ca3d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/java/utilities/sample-data/src/main/java/sampledatautil/SampleDataAvailability.java"}, "region": {"startLine": 50}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 109634, "scanner": "repobility-threat-engine", "fingerprint": "0a0d93116727fca9f9b552aeddbef0c99dde168a80df15b1449c72c17c85d1df", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = client.Disconnect(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0a0d93116727fca9f9b552aeddbef0c99dde168a80df15b1449c72c17c85d1df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/driver/examples/aggregation/pipelines/filter/run_pipeline.go"}, "region": {"startLine": 26}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 109633, "scanner": "repobility-threat-engine", "fingerprint": "307d4ea1168b9d6d021b3984f0d92c434da56cee32f7cd3b2d863d4a9d896880", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = client.Disconnect(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|307d4ea1168b9d6d021b3984f0d92c434da56cee32f7cd3b2d863d4a9d896880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/driver/examples/aggregation/pipelines/filter/load_data.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 109632, "scanner": "repobility-threat-engine", "fingerprint": "3a176896b4a5d2418268d8862b50b15d7c209d419e3070d68f1c427ad35c89a7", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = client.Disconnect(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3a176896b4a5d2418268d8862b50b15d7c209d419e3070d68f1c427ad35c89a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/archive/analyze.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `composable_selections` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=3."}, "properties": {"repobilityId": 109594, "scanner": "repobility-threat-engine", "fingerprint": "083cc347f7234407a88c6e537acffb9f3e8193bb4df2b12e20a3fdc5628d4c0d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "composable_selections", "breakdown": {"if": 6, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|083cc347f7234407a88c6e537acffb9f3e8193bb4df2b12e20a3fdc5628d4c0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/skills/language-tabs-to-composable-scripted/assets/convert.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=9, nested_bonus=3."}, "properties": {"repobilityId": 109593, "scanner": "repobility-threat-engine", "fingerprint": "377403fb91003abf0fe44f5db7ccfdb89b5d817273dbd6b66a9053fd5d4f6857", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 9, "for": 1, "else": 1, "nested_bonus": 3}, "complexity": 14, "correlation_key": "fp|377403fb91003abf0fe44f5db7ccfdb89b5d817273dbd6b66a9053fd5d4f6857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/skills/language-tabs-to-composable-scripted/assets/convert.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 109591, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 109666, "scanner": "repobility-threat-engine", "fingerprint": "224bdaf44e007e0b9c892e9f51a6afadee49a837e1b72825485f31ff4e500147", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|224bdaf44e007e0b9c892e9f51a6afadee49a837e1b72825485f31ff4e500147"}}}, {"ruleId": "MINED099", "level": "none", "message": {"text": "[MINED099] Hardcoded Secret (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 109664, "scanner": "repobility-threat-engine", "fingerprint": "98b913518758f75eed5c6b8f950982e4fb2b1060e986683f899444f94d37730d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|98b913518758f75eed5c6b8f950982e4fb2b1060e986683f899444f94d37730d", "aggregated_count": 5}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 109658, "scanner": "repobility-threat-engine", "fingerprint": "7ceffcf891194474ec231053d368043fb1f029980fce162bd6f5e6f91d283a2e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7ceffcf891194474ec231053d368043fb1f029980fce162bd6f5e6f91d283a2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/content_analyzer.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 109657, "scanner": "repobility-threat-engine", "fingerprint": "93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|93b9da83522ef7033c1689b56fc2639ef703f7cce5574751f2046196162761e3"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 109653, "scanner": "repobility-threat-engine", "fingerprint": "65bcd7f326bc59f8b4437e46d4ab6a55a7a5b15fd03b0952dee24ac035ca5b3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|65bcd7f326bc59f8b4437e46d4ab6a55a7a5b15fd03b0952dee24ac035ca5b3d", "aggregated_count": 5}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109652, "scanner": "repobility-threat-engine", "fingerprint": "722e6cefe917435310fa33a3f6f396e68779892543b5eec0d6bcbdd6b7309e6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|722e6cefe917435310fa33a3f6f396e68779892543b5eec0d6bcbdd6b7309e6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/secondary_indexes.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109651, "scanner": "repobility-threat-engine", "fingerprint": "65686307b08a0c4e3afae8b04dbad7ca566ce7e7f172ccd012e4f84c3d270508", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65686307b08a0c4e3afae8b04dbad7ca566ce7e7f172ccd012e4f84c3d270508"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/limitations.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 109650, "scanner": "repobility-threat-engine", "fingerprint": "31631a8c3e5602969ebe4edf6cf0d4804add0b6e3f344c1832d7510613ab0125", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|31631a8c3e5602969ebe4edf6cf0d4804add0b6e3f344c1832d7510613ab0125"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/auto_removal.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 109649, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 109639, "scanner": "repobility-threat-engine", "fingerprint": "d6f8d5f377e4c3dbd05d51925f647bbfd47b40822b8d5e5bc4fb8c1b1c73b82c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d6f8d5f377e4c3dbd05d51925f647bbfd47b40822b8d5e5bc4fb8c1b1c73b82c", "aggregated_count": 8}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 109635, "scanner": "repobility-threat-engine", "fingerprint": "6e40b6343873d3595f7600f6938ec9b4c2657113171b3b084a8e397dd3a7aac6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6e40b6343873d3595f7600f6938ec9b4c2657113171b3b084a8e397dd3a7aac6"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 109631, "scanner": "repobility-threat-engine", "fingerprint": "f1fc3641eda91975143de8c7fe6c0a14225358556f7c291734ff43c937338e6d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f1fc3641eda91975143de8c7fe6c0a14225358556f7c291734ff43c937338e6d", "aggregated_count": 52}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 109630, "scanner": "repobility-threat-engine", "fingerprint": "4f81e0e1086548768160af3bbf9330400fff7baec7f3122d18405e64969b2786", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f81e0e1086548768160af3bbf9330400fff7baec7f3122d18405e64969b2786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/examples/billing/linked_orgs/main.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 109629, "scanner": "repobility-threat-engine", "fingerprint": "561ad119057b9e5118527d6f6282ee7b6b6835a93737a3762bc726d367d2d78f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|561ad119057b9e5118527d6f6282ee7b6b6835a93737a3762bc726d367d2d78f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/examples/billing/line_items/main.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 109628, "scanner": "repobility-threat-engine", "fingerprint": "64606237a85b86fe7a6e3c39cea72fc7bbbf799d9efe9c6622e3930c3e16a6a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64606237a85b86fe7a6e3c39cea72fc7bbbf799d9efe9c6622e3930c3e16a6a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/examples/billing/historical/main.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 109627, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 109620, "scanner": "repobility-threat-engine", "fingerprint": "51ecbc736da0388a13a521143db0689f02938d5d6f7939d60f1e0d433e57f9cd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|51ecbc736da0388a13a521143db0689f02938d5d6f7939d60f1e0d433e57f9cd", "aggregated_count": 5}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 109619, "scanner": "repobility-threat-engine", "fingerprint": "022a24f637bc9d32f4c4c0717dd88ae4f3da60a3cac1668e67127fcfd9c18994", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|022a24f637bc9d32f4c4c0717dd88ae4f3da60a3cac1668e67127fcfd9c18994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/Examples/EfCore/WriteData/WriteData.cs"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 109618, "scanner": "repobility-threat-engine", "fingerprint": "118dd4efdab9ca9cb6f65f16c154973735e20aa69c4ba1c0f67bdf003e2dc0d7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|118dd4efdab9ca9cb6f65f16c154973735e20aa69c4ba1c0f67bdf003e2dc0d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/Examples/EfCore/Relationships/Relationships.cs"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 109617, "scanner": "repobility-threat-engine", "fingerprint": "1733ad430fae322cb503290efdcf05cba43e1ca4ab34ff2e16de6579424de18c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1733ad430fae322cb503290efdcf05cba43e1ca4ab34ff2e16de6579424de18c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/Examples/Aggregation/Builders/Project.cs"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 109616, "scanner": "repobility-threat-engine", "fingerprint": "f1c2c4035cdd6e0916d588faf9becbbbd5dd61a9e4a7efb0017757e4e82f5c05", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f1c2c4035cdd6e0916d588faf9becbbbd5dd61a9e4a7efb0017757e4e82f5c05"}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 109612, "scanner": "repobility-threat-engine", "fingerprint": "83c834c81b7f766f4f566e4ec1f48f9439a0562269037b43653f93c21c9c5815", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|83c834c81b7f766f4f566e4ec1f48f9439a0562269037b43653f93c21c9c5815", "aggregated_count": 2}}}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 109611, "scanner": "repobility-threat-engine", "fingerprint": "7b05d9dd5421e36f708a91d8486d0836a741c9a34f58c6ca93db5bd73be90028", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b05d9dd5421e36f708a91d8486d0836a741c9a34f58c6ca93db5bd73be90028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/upcoming/source/includes/examples/tf-staging-prod-complete/main.tf"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 109610, "scanner": "repobility-threat-engine", "fingerprint": "bb3e6d1639f57c640102bc642e332338faa26780d1b7a02b840e2bae66638171", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb3e6d1639f57c640102bc642e332338faa26780d1b7a02b840e2bae66638171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/current/source/includes/examples/tf-staging-prod-complete/main.tf"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 109609, "scanner": "repobility-threat-engine", "fingerprint": "a704e5d2d3b519f3d06cfe49811e8790d95ac26e7ec62994d398cf3d58d4df2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a704e5d2d3b519f3d06cfe49811e8790d95ac26e7ec62994d398cf3d58d4df2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/examples/indexes/partial/insert.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 109608, "scanner": "repobility-threat-engine", "fingerprint": "e973c240dbc4f89f3ed23634248c27c341c4e2b97022c76d007ae21bef62c680", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e973c240dbc4f89f3ed23634248c27c341c4e2b97022c76d007ae21bef62c680", "aggregated_count": 7}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 109607, "scanner": "repobility-threat-engine", "fingerprint": "37fac8aa2a2a40724c5a29abc7616fb5d136f9da174deb8436d4bbab0e7b44bc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37fac8aa2a2a40724c5a29abc7616fb5d136f9da174deb8436d4bbab0e7b44bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/examples/aggregation/stages/sort/sort-multi-field-output.sh"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 109606, "scanner": "repobility-threat-engine", "fingerprint": "d8e4c172414853d8d8b45c9ba88878ffbe1cccf0c07e71b1b2507b2488e0c530", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d8e4c172414853d8d8b45c9ba88878ffbe1cccf0c07e71b1b2507b2488e0c530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/examples/aggregation/pipelines/let-agg-method/output.sh"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 109605, "scanner": "repobility-threat-engine", "fingerprint": "45a8441194c86ebcba7869832172b68dbc63cc3895d8081c17980bd0c2402a20", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45a8441194c86ebcba7869832172b68dbc63cc3895d8081c17980bd0c2402a20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/examples/aggregation/pipelines/hint/output.sh"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 109604, "scanner": "repobility-threat-engine", "fingerprint": "48b05db1c8accd9b071a4f82ba7c48348ada6f0f4c20bc02001ac9a24c7e392b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|48b05db1c8accd9b071a4f82ba7c48348ada6f0f4c20bc02001ac9a24c7e392b", "aggregated_count": 26}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 109603, "scanner": "repobility-threat-engine", "fingerprint": "53734964f8e2aa935aa92eaefc78d5b341ba42bb7f187a76b59d9681562ca8f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|53734964f8e2aa935aa92eaefc78d5b341ba42bb7f187a76b59d9681562ca8f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/nested-components-lint-cli.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 109602, "scanner": "repobility-threat-engine", "fingerprint": "96bae9781573c23ce948f62f89dd8cd25f4f706a82f30963bc6fa466ccee99b6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96bae9781573c23ce948f62f89dd8cd25f4f706a82f30963bc6fa466ccee99b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/findability-lint-cli.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 109601, "scanner": "repobility-threat-engine", "fingerprint": "e591844881a5cdc8a4aba4734af4c034f7486f1a0ae6797d055880ec7fbe2547", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e591844881a5cdc8a4aba4734af4c034f7486f1a0ae6797d055880ec7fbe2547"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/lint-docs/404-lint-cli.ts"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 109600, "scanner": "repobility-threat-engine", "fingerprint": "c3ce1a723ef4710686a57671e6e55e0aa56124aa88ebb5503d44d890e55f4c09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3ce1a723ef4710686a57671e6e55e0aa56124aa88ebb5503d44d890e55f4c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/agents/atlas-release-notes/fetch_aha_features.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 109599, "scanner": "repobility-threat-engine", "fingerprint": "593ef331a2a5e8e49abb7b270b39083f8d35b284ba90b5791339ffb38f45f4f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|593ef331a2a5e8e49abb7b270b39083f8d35b284ba90b5791339ffb38f45f4f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/agents/atlas-release-notes/fetch_aha_features.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 109596, "scanner": "repobility-threat-engine", "fingerprint": "70d6644e5668ff97d4359c4cae39830731f1701e32b8069c6793d433270914f3", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(\"ERROR: AHA_API_TOKEN environment variable not set\", file=sys.stderr)", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|. token|13|print error: aha_api_token environment variable not set file sys.stderr"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/agents/atlas-release-notes/fetch_aha_features.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 109595, "scanner": "repobility-threat-engine", "fingerprint": "88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "convert", "breakdown": {"if": 6, "for": 3, "else": 2, "while": 1, "continue": 3, "nested_bonus": 10}, "aggregated": true, "complexity": 25, "correlation_key": "fp|88bc83404cd2ee7008de79d63577b83ca6520a75ef847238a1ec8a3084ede646", "aggregated_count": 5}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (60,756 bytes) committed to a repo that otherwise has 23216 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 109911, "scanner": "repobility-supply-chain", "fingerprint": "e95972d705fb7fe5f6d2a853b358aa4792f5216848f4b77c9decf02c34bcaea3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e95972d705fb7fe5f6d2a853b358aa4792f5216848f4b77c9decf02c34bcaea3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/kotlin/current/examples/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `content/kotlin/upcoming/examples/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `content/kotlin/upcoming/examples/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (60,756 bytes) committed to a repo that otherwise has 23216 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 109910, "scanner": "repobility-supply-chain", "fingerprint": "322835e5f609c29793e4ea46f04a3584ffd9850bc4c68eeb1324b3170c19368e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|322835e5f609c29793e4ea46f04a3584ffd9850bc4c68eeb1324b3170c19368e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/kotlin/upcoming/examples/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "[MINED121] requirements.txt installs from `http://<opsmanagerhost>:8090/health...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"repobilityId": 109900, "scanner": "repobility-supply-chain", "fingerprint": "ff9ef1d0e7547b63a3d5f37590827df9011d73e03e439517771f9a5eda93d2b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff9ef1d0e7547b63a3d5f37590827df9011d73e03e439517771f9a5eda93d2b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/ops-manager/current/source/includes/requirements-network-ports.rst"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "[MINED121] requirements.txt installs from `http://<opsmanagerhost>:8090/health...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"repobilityId": 109899, "scanner": "repobility-supply-chain", "fingerprint": "2317025bf172cfae543f4852d53d9220db46ace2dace5ac70215a1d8affc03bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2317025bf172cfae543f4852d53d9220db46ace2dace5ac70215a1d8affc03bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/ops-manager/upcoming/source/includes/requirements-network-ports.rst"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED121", "level": "error", "message": {"text": "[MINED121] requirements.txt installs from `http://<opsmanagerhost>:8090/health...` (git/URL): Pip requirement points to a VCS URL or direct download. Bypasses PyPI's integrity check + scanning. If the host or branch tip changes, the next `pip install` pulls a different package \u2014 no diff visible to reviewers."}, "properties": {"repobilityId": 109898, "scanner": "repobility-supply-chain", "fingerprint": "d0a548e2bf166758bf17d6752f87527d7f413e00d478e060dac8be71b069d214", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "pip-install-git-or-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0a548e2bf166758bf17d6752f87527d7f413e00d478e060dac8be71b069d214"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/ops-manager/v7.0/source/includes/requirements-network-ports.rst"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:12-slim` not pinned by digest: `FROM node:12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 109876, "scanner": "repobility-supply-chain", "fingerprint": "cac435b952ac2ed1c91f7004c042fb763d0400a3dbc1191084a584c5925a93b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cac435b952ac2ed1c91f7004c042fb763d0400a3dbc1191084a584c5925a93b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/realm/.github/actions/push-to-artifact-repo/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109875, "scanner": "repobility-supply-chain", "fingerprint": "5367fbe7d954acc64f17ed1b623ef4cbd67771c292ca9f408b16698a14ef2ca3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5367fbe7d954acc64f17ed1b623ef4cbd67771c292ca9f408b16698a14ef2ca3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/copy-compat-to-docs-shared.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `MongoCaleb/pr-description-action` pinned to mutable ref `@master`: `uses: MongoCaleb/pr-description-action@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109874, "scanner": "repobility-supply-chain", "fingerprint": "71577857fb508ae3d3259e56255a2b37a1b2cfd57201285adeaa7d9a0855c791", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71577857fb508ae3d3259e56255a2b37a1b2cfd57201285adeaa7d9a0855c791"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109873, "scanner": "repobility-supply-chain", "fingerprint": "83b7ab1e0a23194d4dcefb3064efbac4d25794cee7f02ecdc6672ce1132359c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|83b7ab1e0a23194d4dcefb3064efbac4d25794cee7f02ecdc6672ce1132359c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `errata-ai/vale-action` pinned to mutable ref `@reviewdog`: `uses: errata-ai/vale-action@reviewdog` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109872, "scanner": "repobility-supply-chain", "fingerprint": "e5277753523896278c093ee9d83ee13fbfb089d6fb26ea4d28aae04f1221729a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e5277753523896278c093ee9d83ee13fbfb089d6fb26ea4d28aae04f1221729a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109871, "scanner": "repobility-supply-chain", "fingerprint": "4691304f7f82a692e68ac87090da7c99ef404c6f50e050f368d31df77628e118", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4691304f7f82a692e68ac87090da7c99ef404c6f50e050f368d31df77628e118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `masesgroup/retrieve-changed-files` pinned to mutable ref `@v2`: `uses: masesgroup/retrieve-changed-files@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109870, "scanner": "repobility-supply-chain", "fingerprint": "f540036411b87ce1f327605c4d01d9f0d1cc45541f64abcc3ac68ae5f562ef61", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f540036411b87ce1f327605c4d01d9f0d1cc45541f64abcc3ac68ae5f562ef61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109869, "scanner": "repobility-supply-chain", "fingerprint": "04c30059e69cde3a0e1c2dba11e9744c1a5391224c0845b54be757b2fcc4c4e9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04c30059e69cde3a0e1c2dba11e9744c1a5391224c0845b54be757b2fcc4c4e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/node/v6.x/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `errata-ai/vale-action` pinned to mutable ref `@reviewdog`: `uses: errata-ai/vale-action@reviewdog` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109868, "scanner": "repobility-supply-chain", "fingerprint": "cd737f48bd6b17b1e6d35fcdee5e5fb65c2440f5070fbb272bd0973aade19452", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cd737f48bd6b17b1e6d35fcdee5e5fb65c2440f5070fbb272bd0973aade19452"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongodb-vscode/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109867, "scanner": "repobility-supply-chain", "fingerprint": "67c3fbe19a7312cac01a9459aa5c8d95c4d7a8a90d96634afe13c52198717f57", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67c3fbe19a7312cac01a9459aa5c8d95c4d7a8a90d96634afe13c52198717f57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongodb-vscode/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `masesgroup/retrieve-changed-files` pinned to mutable ref `@v2`: `uses: masesgroup/retrieve-changed-files@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109866, "scanner": "repobility-supply-chain", "fingerprint": "788316bf2264ff661c4f33616fe07251869db1458093e6997574d0cef6ffd8f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|788316bf2264ff661c4f33616fe07251869db1458093e6997574d0cef6ffd8f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongodb-vscode/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@master`: `uses: actions/checkout@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109865, "scanner": "repobility-supply-chain", "fingerprint": "18875f44f9b06abf7ce47a6559f630229894f7959899970a941e0ae00d071a22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|18875f44f9b06abf7ce47a6559f630229894f7959899970a941e0ae00d071a22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongodb-vscode/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tibdex/backport` pinned to mutable ref `@v2`: `uses: tibdex/backport@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109864, "scanner": "repobility-supply-chain", "fingerprint": "49f7d3acc240a86fab45e80d9a2fc893de8e4f55ae21c8254582fe3808bdf10d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49f7d3acc240a86fab45e80d9a2fc893de8e4f55ae21c8254582fe3808bdf10d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/backport.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `MongoCaleb/pr-description-action` pinned to mutable ref `@master`: `uses: MongoCaleb/pr-description-action@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109863, "scanner": "repobility-supply-chain", "fingerprint": "88f3d8f0e973791f4a056f73e8e410c059275a844adea1ea632a1f2ea4da3225", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|88f3d8f0e973791f4a056f73e8e410c059275a844adea1ea632a1f2ea4da3225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109862, "scanner": "repobility-supply-chain", "fingerprint": "f1856c40b170b2c124d3465f318a6ae4bfa0001e9016cb48163517c7c3c3bd51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1856c40b170b2c124d3465f318a6ae4bfa0001e9016cb48163517c7c3c3bd51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `errata-ai/vale-action` pinned to mutable ref `@reviewdog`: `uses: errata-ai/vale-action@reviewdog` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109861, "scanner": "repobility-supply-chain", "fingerprint": "5191c495602e2b2467cf3758da7b6e702c2308d1253570bbf0439800b8c6e2d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5191c495602e2b2467cf3758da7b6e702c2308d1253570bbf0439800b8c6e2d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109860, "scanner": "repobility-supply-chain", "fingerprint": "652cbcbcdc9f899824d0028c5873d9b00a8b17e08ddb3810704446d8dc7cf7d5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|652cbcbcdc9f899824d0028c5873d9b00a8b17e08ddb3810704446d8dc7cf7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `masesgroup/retrieve-changed-files` pinned to mutable ref `@v2`: `uses: masesgroup/retrieve-changed-files@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109859, "scanner": "repobility-supply-chain", "fingerprint": "fd9daa09ae185c2bb7a2d7ccf3773c7203968923bc35cc6f971a8f9f66300a06", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd9daa09ae185c2bb7a2d7ccf3773c7203968923bc35cc6f971a8f9f66300a06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109858, "scanner": "repobility-supply-chain", "fingerprint": "fd4850781a8399acb04c2e494bb003ac9e2cfc24108eca7ba7f414b16200b1f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd4850781a8399acb04c2e494bb003ac9e2cfc24108eca7ba7f414b16200b1f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/current/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tibdex/backport` pinned to mutable ref `@v2`: `uses: tibdex/backport@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109857, "scanner": "repobility-supply-chain", "fingerprint": "7cb038bce5f4357886872c0ef79a5765c011563d63c0e053be3894785929c1be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7cb038bce5f4357886872c0ef79a5765c011563d63c0e053be3894785929c1be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/backport.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `MongoCaleb/pr-description-action` pinned to mutable ref `@master`: `uses: MongoCaleb/pr-description-action@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109856, "scanner": "repobility-supply-chain", "fingerprint": "b091c799730fdfc55de4803f7304d3a87c85f9111a44e8a136e7efef8c94fa9a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b091c799730fdfc55de4803f7304d3a87c85f9111a44e8a136e7efef8c94fa9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109855, "scanner": "repobility-supply-chain", "fingerprint": "f8b43b6c90c25af2df000702c87bb7cae752218a5104e65b4b9616c0c5abcbdf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f8b43b6c90c25af2df000702c87bb7cae752218a5104e65b4b9616c0c5abcbdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/add-netlify-links.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `errata-ai/vale-action` pinned to mutable ref `@reviewdog`: `uses: errata-ai/vale-action@reviewdog` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109854, "scanner": "repobility-supply-chain", "fingerprint": "3429f8508394c11392faebea87fb37ade6c14602cff2b809a220ab1964a5fc1f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3429f8508394c11392faebea87fb37ade6c14602cff2b809a220ab1964a5fc1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109853, "scanner": "repobility-supply-chain", "fingerprint": "b0f180dd2aac87a56a28d7e8d6f2a8a07b542e62760793d6074983d821b6395c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0f180dd2aac87a56a28d7e8d6f2a8a07b542e62760793d6074983d821b6395c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `masesgroup/retrieve-changed-files` pinned to mutable ref `@v2`: `uses: masesgroup/retrieve-changed-files@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109852, "scanner": "repobility-supply-chain", "fingerprint": "703329d6704b4b2d38b985864f7c4ec1bd69bedb565b8bfa479121d19944917b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|703329d6704b4b2d38b985864f7c4ec1bd69bedb565b8bfa479121d19944917b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 109851, "scanner": "repobility-supply-chain", "fingerprint": "fe0ccee4772110174b775f71bd205c05b808431caf2b6a0ce4dafe5437cf138d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe0ccee4772110174b775f71bd205c05b808431caf2b6a0ce4dafe5437cf138d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/mongoid/upcoming/.github/workflows/vale-tdbx.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 109850, "scanner": "repobility-supply-chain", "fingerprint": "700e62f7a2d5076a68baaae0e535b6a2983d5d016c07d565965ed66a1092c347", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|700e62f7a2d5076a68baaae0e535b6a2983d5d016c07d565965ed66a1092c347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/tools/cdnLogParser/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-alpine` not pinned by digest: `FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 109849, "scanner": "repobility-supply-chain", "fingerprint": "fcc40e4bf15efa94d6e8e8de2d218d22f10c7b99d20d60fafee9423b58344dc9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fcc40e4bf15efa94d6e8e8de2d218d22f10c7b99d20d60fafee9423b58344dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/openapi/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_with_unordered_sort_chained_with_ignored_fields: Test function `test_with_unordered_sort_chained_with_ignored_fields` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109795, "scanner": "repobility-ast-engine", "fingerprint": "c1b83dfed41e84e82886f7db6fca2a8b396b641d2a4af458bd7a6cb4d59b1a07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1b83dfed41e84e82886f7db6fca2a8b396b641d2a4af458bd7a6cb4d59b1a07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_default_behavior_is_unordered: Test function `test_default_behavior_is_unordered` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109794, "scanner": "repobility-ast-engine", "fingerprint": "3a462af452fc4784c766fcc7d9d77b059df40e908b163079252b2705c06495dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a462af452fc4784c766fcc7d9d77b059df40e908b163079252b2705c06495dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_explicit_with_unordered_sort_objects: Test function `test_explicit_with_unordered_sort_objects` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109793, "scanner": "repobility-ast-engine", "fingerprint": "d59b5507e8fca2f550ba84a12177483115b39b6afd72de6205743d071f56ca23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d59b5507e8fca2f550ba84a12177483115b39b6afd72de6205743d071f56ca23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fluent_api_unordered_arrays: Test function `test_fluent_api_unordered_arrays` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109792, "scanner": "repobility-ast-engine", "fingerprint": "8aeb163cf59698f0d5a1c2075c1cbc7bd32791d1fc01796adce0307ed4c8f1af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aeb163cf59698f0d5a1c2075c1cbc7bd32791d1fc01796adce0307ed4c8f1af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_nested_array_structures: Test function `test_nested_array_structures` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109791, "scanner": "repobility-ast-engine", "fingerprint": "d58bb9d91b22e4be8ac843d83ba9cb5b950b83785beee9ee118fb9c05e5206c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d58bb9d91b22e4be8ac843d83ba9cb5b950b83785beee9ee118fb9c05e5206c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mixed_types_with_ellipsis: Test function `test_mixed_types_with_ellipsis` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109790, "scanner": "repobility-ast-engine", "fingerprint": "b6e1f396aabc94c71e321bae2b3de1a82ff7149272325d244a413de03680ee1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6e1f396aabc94c71e321bae2b3de1a82ff7149272325d244a413de03680ee1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_timeout_protection: Test function `test_timeout_protection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109789, "scanner": "repobility-ast-engine", "fingerprint": "b2e87e83c3ce6ab30c2d5aa7a0b8b5a4126d407a818d28ee4b9eb1803a671f89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2e87e83c3ce6ab30c2d5aa7a0b8b5a4126d407a818d28ee4b9eb1803a671f89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_hybrid_strategy_mixed_types: Test function `test_hybrid_strategy_mixed_types` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109788, "scanner": "repobility-ast-engine", "fingerprint": "20532ed9ddb73787663eaee64365f83f424d54adc958b65bb373ebea309f1c69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20532ed9ddb73787663eaee64365f83f424d54adc958b65bb373ebea309f1c69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unordered_with_ellipsis: Test function `test_unordered_with_ellipsis` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109787, "scanner": "repobility-ast-engine", "fingerprint": "24d69c2f4e00dfe9227b317b08508cefa2f4d55e99ea7f7fb984a059af9cc32e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24d69c2f4e00dfe9227b317b08508cefa2f4d55e99ea7f7fb984a059af9cc32e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_auto_select_small_arrays: Test function `test_auto_select_small_arrays` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109786, "scanner": "repobility-ast-engine", "fingerprint": "52deaf216b8ae712fc3f855a585f12412da82ab59dc828f348cf2deebfb95dcd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|52deaf216b8ae712fc3f855a585f12412da82ab59dc828f348cf2deebfb95dcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unordered_with_nested_arrays: Test function `test_unordered_with_nested_arrays` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109785, "scanner": "repobility-ast-engine", "fingerprint": "ec1abc551cb47b4bfeb72caf87a953bef676d85c96a6a8fae754db05cf0461bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec1abc551cb47b4bfeb72caf87a953bef676d85c96a6a8fae754db05cf0461bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_unordered_with_objects: Test function `test_unordered_with_objects` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109784, "scanner": "repobility-ast-engine", "fingerprint": "7e8b7639cd4e1ca1bedad8a2238c59be3950322349673cabf8ad9868b679f447", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e8b7639cd4e1ca1bedad8a2238c59be3950322349673cabf8ad9868b679f447"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/test_package/test_unordered_arrays.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function_with_args: Test function `test_function_with_args` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109783, "scanner": "repobility-ast-engine", "fingerprint": "067593bd68ecd86ea0574e0ded4363562073949707671c8557c0b204fc3b6492", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|067593bd68ecd86ea0574e0ded4363562073949707671c8557c0b204fc3b6492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109782, "scanner": "repobility-ast-engine", "fingerprint": "2ddc5edc1e741062e688b1aec5bf8c0efd0edc4f8a70eb18b938eb7b98fd48ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ddc5edc1e741062e688b1aec5bf8c0efd0edc4f8a70eb18b938eb7b98fd48ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109781, "scanner": "repobility-ast-engine", "fingerprint": "55273c730a83aa2ed3d1f6b16f4dcf6030a3faf5023bfe339dadd74134145741", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55273c730a83aa2ed3d1f6b16f4dcf6030a3faf5023bfe339dadd74134145741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109780, "scanner": "repobility-ast-engine", "fingerprint": "f1e9c59308770042c7e34175ccc07671933dce6ae3f18cb722500197719d3eaf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1e9c59308770042c7e34175ccc07671933dce6ae3f18cb722500197719d3eaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109779, "scanner": "repobility-ast-engine", "fingerprint": "13ae2eace2b1e50b6becfe324e0c1391eb967a4e3477874aa733da6f84cdf843", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13ae2eace2b1e50b6becfe324e0c1391eb967a4e3477874aa733da6f84cdf843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109778, "scanner": "repobility-ast-engine", "fingerprint": "4d248ce7e6cbccd13b63cd93b844ebffdb9199afdda04af8bacbc98e04a21048", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d248ce7e6cbccd13b63cd93b844ebffdb9199afdda04af8bacbc98e04a21048"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109777, "scanner": "repobility-ast-engine", "fingerprint": "b8e507228ad87074887d2acc04acc6be671f22c3be2764d93ca7092e6f9b986d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8e507228ad87074887d2acc04acc6be671f22c3be2764d93ca7092e6f9b986d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mixin_ensure_multiple_sample_data: Test function `test_mixin_ensure_multiple_sample_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109776, "scanner": "repobility-ast-engine", "fingerprint": "85f1314d72196617365d28f0d6eb076dbf71f8515204df4786f2eccbd7c5db19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85f1314d72196617365d28f0d6eb076dbf71f8515204df4786f2eccbd7c5db19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_mixin_ensure_sample_data: Test function `test_mixin_ensure_sample_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109775, "scanner": "repobility-ast-engine", "fingerprint": "98a3eb5699b080d794a7de4fd69cc66b5177e3348cc5e7cc36205459fb1fc85a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98a3eb5699b080d794a7de4fd69cc66b5177e3348cc5e7cc36205459fb1fc85a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_decorators.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_function: Test function `test_function` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109773, "scanner": "repobility-ast-engine", "fingerprint": "fc6cc995db377f6f90e702c1fd456a4f7240df383ad08ad1ecc543bff21f43be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc6cc995db377f6f90e702c1fd456a4f7240df383ad08ad1ecc543bff21f43be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/tests/test_integration.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertLess` used but never assigned in __init__: Method `test_large_dataset_operations` of class `ExamplePerformanceTests` reads `self.assertLess`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109772, "scanner": "repobility-ast-engine", "fingerprint": "2f8b901a6c120daf33de19a2e8644a40f21dc1d3ee1be4cae044485be6c08b94", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f8b901a6c120daf33de19a2e8644a40f21dc1d3ee1be4cae044485be6c08b94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_with_generated_data` used but never assigned in __init__: Method `test_adaptive_aggregation` of class `ExampleAdaptiveTests` reads `self._test_with_generated_data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109771, "scanner": "repobility-ast-engine", "fingerprint": "fd66cfcf86c093d4240d9e973871b4fc4607f8b7c52892beb42dabdb2b39e35a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd66cfcf86c093d4240d9e973871b4fc4607f8b7c52892beb42dabdb2b39e35a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_analytics_aggregation` used but never assigned in __init__: Method `test_adaptive_aggregation` of class `ExampleAdaptiveTests` reads `self._test_analytics_aggregation`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109770, "scanner": "repobility-ast-engine", "fingerprint": "7da97f2eb450fd0fecf3d76151efb5fa1bcda510e004b48e038f5779edd5c8a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7da97f2eb450fd0fecf3d76151efb5fa1bcda510e004b48e038f5779edd5c8a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_restaurant_aggregation` used but never assigned in __init__: Method `test_adaptive_aggregation` of class `ExampleAdaptiveTests` reads `self._test_restaurant_aggregation`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109769, "scanner": "repobility-ast-engine", "fingerprint": "0b310ffd4621e7a292f3c632425d88d78f86fc9ede720d9c5d545b91fa793783", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b310ffd4621e7a292f3c632425d88d78f86fc9ede720d9c5d545b91fa793783"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_movie_aggregation` used but never assigned in __init__: Method `test_adaptive_aggregation` of class `ExampleAdaptiveTests` reads `self._test_movie_aggregation`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109768, "scanner": "repobility-ast-engine", "fingerprint": "1b2fa38d691fd50c1d89e73869d13bdd3cb0f1377223b26207740adbb2f74b31", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b2fa38d691fd50c1d89e73869d13bdd3cb0f1377223b26207740adbb2f74b31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_neighborhood_analysis` of class `ExampleRestaurantTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109767, "scanner": "repobility-ast-engine", "fingerprint": "eb7c2763d27343f02ee626c5f76f56e18fd63ed893a6bd4541323504ce9281c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb7c2763d27343f02ee626c5f76f56e18fd63ed893a6bd4541323504ce9281c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_restaurant_search` of class `ExampleRestaurantTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109766, "scanner": "repobility-ast-engine", "fingerprint": "dbd7c8177c87cad63580ceead074c47b85fe5fd0e8c51241712c01600f7df851", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbd7c8177c87cad63580ceead074c47b85fe5fd0e8c51241712c01600f7df851"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skipTest` used but never assigned in __init__: Method `setUp` of class `ExampleRestaurantTests` reads `self.skipTest`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109765, "scanner": "repobility-ast-engine", "fingerprint": "b097e55a58c86dc445d400449bf1f78aab8e919124a395b5babf4ad8b638386f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b097e55a58c86dc445d400449bf1f78aab8e919124a395b5babf4ad8b638386f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_transaction_analysis` of class `ExampleAnalyticsTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109764, "scanner": "repobility-ast-engine", "fingerprint": "c39c2e3e95734ddbf8b0c3791bae0ffbc4ea2a33f524315cc7056b75e79f1c97", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c39c2e3e95734ddbf8b0c3791bae0ffbc4ea2a33f524315cc7056b75e79f1c97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_customer_account_analysis` of class `ExampleAnalyticsTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109763, "scanner": "repobility-ast-engine", "fingerprint": "22a8129869cf48752a7f7b651f577a18abc2673f8cc11fb98548eb9fa0d7df4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22a8129869cf48752a7f7b651f577a18abc2673f8cc11fb98548eb9fa0d7df4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.skipTest` used but never assigned in __init__: Method `test_check_available_with_mixin` of class `ExampleMixinTests` reads `self.skipTest`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109762, "scanner": "repobility-ast-engine", "fingerprint": "156360afebc01effce4e3a59e0c745377eea9289c1a4f80706f41d0ebfc431a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|156360afebc01effce4e3a59e0c745377eea9289c1a4f80706f41d0ebfc431a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_check_available_with_mixin` of class `ExampleMixinTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109761, "scanner": "repobility-ast-engine", "fingerprint": "d0ace3a9f54ada221fc57ecaff9361ec00732cb9fc8a1b80a9ff0447c29c0b58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0ace3a9f54ada221fc57ecaff9361ec00732cb9fc8a1b80a9ff0447c29c0b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_sample_data_available` used but never assigned in __init__: Method `test_check_available_with_mixin` of class `ExampleMixinTests` reads `self.check_sample_data_available`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109760, "scanner": "repobility-ast-engine", "fingerprint": "cf84d894e57b200ba3ebede0223614817c5079b540a218b103a42e3e0c5bc899", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf84d894e57b200ba3ebede0223614817c5079b540a218b103a42e3e0c5bc899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_available_sample_databases` used but never assigned in __init__: Method `test_check_available_with_mixin` of class `ExampleMixinTests` reads `self.get_available_sample_databases`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109759, "scanner": "repobility-ast-engine", "fingerprint": "84c7c18720c9658b0fc3f8aaccca6cd36499971b019dcf9d05e2a389d0e44e77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|84c7c18720c9658b0fc3f8aaccca6cd36499971b019dcf9d05e2a389d0e44e77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_with_mixin_methods` of class `ExampleMixinTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109758, "scanner": "repobility-ast-engine", "fingerprint": "5cf039f827cac238c7ef29410bccd7dee2471daf27f31572c6c0f26e1e925fbd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cf039f827cac238c7ef29410bccd7dee2471daf27f31572c6c0f26e1e925fbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.ensure_sample_data` used but never assigned in __init__: Method `test_with_mixin_methods` of class `ExampleMixinTests` reads `self.ensure_sample_data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109757, "scanner": "repobility-ast-engine", "fingerprint": "d92ef9b16f34d414559988be576144f3680aa97f24cccc1570472c48c40fc0bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d92ef9b16f34d414559988be576144f3680aa97f24cccc1570472c48c40fc0bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_specific_collections_multiple_dbs` of class `ExampleMultiDatabaseTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109756, "scanner": "repobility-ast-engine", "fingerprint": "a8a60f276d63a3a0b07f6e39954ccd62ac7289b4dd45e9e19aec5a630dd0ca96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8a60f276d63a3a0b07f6e39954ccd62ac7289b4dd45e9e19aec5a630dd0ca96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_cross_database_query` of class `ExampleMultiDatabaseTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109755, "scanner": "repobility-ast-engine", "fingerprint": "93aeaed3714985ae8edb14e5981d86a6e9746e2dfb5e044557ea6466b034df89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93aeaed3714985ae8edb14e5981d86a6e9746e2dfb5e044557ea6466b034df89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_with_mock_data` used but never assigned in __init__: Method `test_conditional_behavior` of class `ExampleMovieTests` reads `self._test_with_mock_data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109754, "scanner": "repobility-ast-engine", "fingerprint": "155d7df954ca16d8dd5d90957999fe2f1cca12b7d46265256740892417dcdadd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|155d7df954ca16d8dd5d90957999fe2f1cca12b7d46265256740892417dcdadd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._test_with_sample_data` used but never assigned in __init__: Method `test_conditional_behavior` of class `ExampleMovieTests` reads `self._test_with_sample_data`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109753, "scanner": "repobility-ast-engine", "fingerprint": "47dbd2c753ac4ff18926677462910408b583b8e41718b983cad5065f0333f36b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47dbd2c753ac4ff18926677462910408b583b8e41718b983cad5065f0333f36b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_programmatic_check` of class `ExampleMovieTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109752, "scanner": "repobility-ast-engine", "fingerprint": "26e18e9b88605f7bd70cfb9caa1d0df64d1d4a94182a034952a905f07ada5c54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26e18e9b88605f7bd70cfb9caa1d0df64d1d4a94182a034952a905f07ada5c54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_movies_and_theaters` of class `ExampleMovieTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109751, "scanner": "repobility-ast-engine", "fingerprint": "3d8d7499497a1049b6538753c93c505a8f11abe96bf5a15926768569b2584c36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d8d7499497a1049b6538753c93c505a8f11abe96bf5a15926768569b2584c36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_basic_movie_query` of class `ExampleMovieTests` reads `self.assertTrue`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109750, "scanner": "repobility-ast-engine", "fingerprint": "9eb0166873db829afb977f7278db428eb7a95a0fb531dbaf6886f32873ae4425", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9eb0166873db829afb977f7278db428eb7a95a0fb531dbaf6886f32873ae4425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_adaptive_aggregation: Test function `test_adaptive_aggregation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109749, "scanner": "repobility-ast-engine", "fingerprint": "1f93eb4f26d723662995bbba77ee6414c364df75072684252b1765e38bc4558b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f93eb4f26d723662995bbba77ee6414c364df75072684252b1765e38bc4558b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_multiple_databases: Test function `test_check_multiple_databases` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109748, "scanner": "repobility-ast-engine", "fingerprint": "8a018d8bc00fec57c08208778e0c61eb16f7adc7978621650b4dec4b06f91081", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a018d8bc00fec57c08208778e0c61eb16f7adc7978621650b4dec4b06f91081"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_conditional_behavior: Test function `test_conditional_behavior` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 109747, "scanner": "repobility-ast-engine", "fingerprint": "df47467c58fbe7c67529e10633d6a591218dad86b640c9378d71f14d2f1238d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df47467c58fbe7c67529e10633d6a591218dad86b640c9378d71f14d2f1238d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/sample_data/examples/example_tests.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_timeout` used but never assigned in __init__: Method `enter_recursion` of class `_Ctx` reads `self.check_timeout`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109737, "scanner": "repobility-ast-engine", "fingerprint": "594d88d4dd35ce88a6a54bf49baa38d80219d70c625b67f393532cb7b07a3fd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|594d88d4dd35ce88a6a54bf49baa38d80219d70c625b67f393532cb7b07a3fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/utils/comparison/objects.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_stub` of class `TestExampleStub` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 109733, "scanner": "repobility-ast-engine", "fingerprint": "b067f2b3d205ae2934821bee0f240dd44d3c25b943cdf9deba90b229cd028dcc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b067f2b3d205ae2934821bee0f240dd44d3c25b943cdf9deba90b229cd028dcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/tests_package/test_example_stub.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 109731, "scanner": "repobility-journey-contract", "fingerprint": "6d47326a5d375795b83fa09a0e4e352446febd313691e4fb2e0a28244e19a1ea", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|1384|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 2}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/table-of-contents/L2-data/on-prem.ts"}, "region": {"startLine": 1384}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 109711, "scanner": "repobility-docker", "fingerprint": "ae4bf1c23b85a102b1ee61c67f29000094bd88962d2957d8b60ba45959ed1ced", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ae4bf1c23b85a102b1ee61c67f29000094bd88962d2957d8b60ba45959ed1ced"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "platform/tools/cdnLogParser/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR015", "level": "error", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 109706, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": true, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": "content/manual/manual/source/images/agg-pipeline.mp4", "size_mb": 4.4}, {"path": "content/manual/upcoming/source/images/agg-pipeline.mp4", "size_mb": 4.4}, {"path": "content/manual/v7.0/source/images/agg-pipeline.mp4", "size_mb": 4.4}, {"path": "content/manual/v6.0/source/images/agg-pipeline.mp4", "size_mb": 4.4}, {"path": "content/manual/v4.4/source/images/agg-pipeline.mp4", "size_mb": 4.4}], "included_files": 50000, "context_size_mb": 403.5, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED099", "level": "error", "message": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "properties": {"repobilityId": 109663, "scanner": "repobility-threat-engine", "fingerprint": "1d45fdb2744136a5dd2e0f958de5db304c2502d209afbf679978e3e7542da706", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d45fdb2744136a5dd2e0f958de5db304c2502d209afbf679978e3e7542da706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/upcoming/source/includes/examples/tf-dev-test-complete/encryption.tf"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED099", "level": "error", "message": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "properties": {"repobilityId": 109662, "scanner": "repobility-threat-engine", "fingerprint": "410f977bebcef977d63428a0593001235014e0a5a81b07809c5544518bee82e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "correlation_key": "fp|410f977bebcef977d63428a0593001235014e0a5a81b07809c5544518bee82e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/current/source/includes/examples/tf-staging-prod-complete/encryption.tf"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED099", "level": "error", "message": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "properties": {"repobilityId": 109661, "scanner": "repobility-threat-engine", "fingerprint": "60d4184ebf8a0b99bbcebaa2de3b0cd1fdd26a2f25bca637bea6b3cf35ba6dd8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60d4184ebf8a0b99bbcebaa2de3b0cd1fdd26a2f25bca637bea6b3cf35ba6dd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/atlas-architecture/current/source/includes/examples/tf-dev-test-complete/encryption.tf"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC061", "level": "error", "message": {"text": "[SEC061] JWT in source: Three-part JWT (likely signed token). Even if expired, may leak structure or claims. Ported from gitleaks jwt (MIT)."}, "properties": {"repobilityId": 109660, "scanner": "repobility-threat-engine", "fingerprint": "9a7a5c2bba090e0b865bd7c5170b37a5cbb948a651f9e21d88e60357cf3764ad", "category": "secret", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0LWN1c3RvbS1lbmRwb2ludHMtZWhtenQiLCJzdWIiOiIxMjM", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC061", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|token", "duplicate_count": 1, "duplicate_rule_ids": ["SEC061"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["19eaad50dd222f1bde665ce98f9c338553c3a55712eb3344efae28e718df318a", "9a7a5c2bba090e0b865bd7c5170b37a5cbb948a651f9e21d88e60357cf3764ad"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/source/data-api/snippets/custom-endpoints.snippet.auth-jwtTokenString.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109648, "scanner": "repobility-threat-engine", "fingerprint": "1930138e140d29f1884604794863a5e58bcfaaedad4f2d8f7f6cff4995846e95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1930138e140d29f1884604794863a5e58bcfaaedad4f2d8f7f6cff4995846e95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/secondary_indexes.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109647, "scanner": "repobility-threat-engine", "fingerprint": "1b0d7cf623795bb321e9832525c4ebd2fde19bea474fde271db6890d11d27a67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b0d7cf623795bb321e9832525c4ebd2fde19bea474fde271db6890d11d27a67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/limitations.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 109646, "scanner": "repobility-threat-engine", "fingerprint": "d34d96b256c2ebdaeac29bc1956fff2e724508f9f26f6f10458d4cd8058d9fde", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d34d96b256c2ebdaeac29bc1956fff2e724508f9f26f6f10458d4cd8058d9fde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/python/pymongo/examples/timeseries/auto_removal.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 109645, "scanner": "repobility-threat-engine", "fingerprint": "0739363301429b38a0ba949a9eed148b80745ed137e3f4c226e8eb738844ff80", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((f) => `${f.day}: ${f.temperature}\u00b0F and ${f.weather}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0739363301429b38a0ba949a9eed148b80745ed137e3f4c226e8eb738844ff80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/source/functions/examples/complex-function.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 109644, "scanner": "repobility-threat-engine", "fingerprint": "3de12e524de939b9501ce6c4ae2defe2f7d5ea8f31780405e8e15c5f07dd3f50", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((err, i) => `${i + 1}. ${err.toString()}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3de12e524de939b9501ce6c4ae2defe2f7d5ea8f31780405e8e15c5f07dd3f50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/javascript/driver/utils/comparison/errorReporting.js"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 109641, "scanner": "repobility-threat-engine", "fingerprint": "7bea2ae5c4b3f1f859cc538a724cc0b74eda8e8aa310d7297e96342fb3991c18", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7bea2ae5c4b3f1f859cc538a724cc0b74eda8e8aa310d7297e96342fb3991c18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/billing/collector.go"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 109640, "scanner": "repobility-threat-engine", "fingerprint": "751d6b16b6e0120d2fe5e67a3a5f13ab795daf2f2ed2619293a168ce189c0bba", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|751d6b16b6e0120d2fe5e67a3a5f13ab795daf2f2ed2619293a168ce189c0bba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/auth/client.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 109638, "scanner": "repobility-threat-engine", "fingerprint": "0b6beab28bbdb76f3cd8a84c63c6447c0207d3b401c0c38abe802f072e10e789", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b6beab28bbdb76f3cd8a84c63c6447c0207d3b401c0c38abe802f072e10e789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/scale/execute.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 109637, "scanner": "repobility-threat-engine", "fingerprint": "99f63e9d1247d170da17b0dc63d142c03c6acafa476eaba27c05a8dc89d0d906", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99f63e9d1247d170da17b0dc63d142c03c6acafa476eaba27c05a8dc89d0d906"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/billing/collector.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 109636, "scanner": "repobility-threat-engine", "fingerprint": "f6837e88ed76d3766c0091d5e59d2719c921e52ddc75bba1cfb025c1c683fef4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6837e88ed76d3766c0091d5e59d2719c921e52ddc75bba1cfb025c1c683fef4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/atlas-sdk/internal/archive/configure.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 109615, "scanner": "repobility-threat-engine", "fingerprint": "ac82bc591e61706668ab39c70f12ec9c537f5ca7b20e3860a4504cb18345098b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac82bc591e61706668ab39c70f12ec9c537f5ca7b20e3860a4504cb18345098b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/go/driver/snip.js"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 109614, "scanner": "repobility-threat-engine", "fingerprint": "cafa319ebc0cc818f49d364f48428fac3ce086c169cad6fa6366bc9ff349f645", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cafa319ebc0cc818f49d364f48428fac3ce086c169cad6fa6366bc9ff349f645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/csharp/driver/snip.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 109613, "scanner": "repobility-threat-engine", "fingerprint": "25953ecbf919ed605bde106d2131df018c5225f45fb4214c356324909a762f43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|25953ecbf919ed605bde106d2131df018c5225f45fb4214c356324909a762f43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "code-example-tests/command-line/mongosh/jest.globalSetup.js"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 109598, "scanner": "repobility-threat-engine", "fingerprint": "ffa3b63f00424803d340012f08221ade6805f75a885733099c1e38e42f676236", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'href=\"/features/([^\"]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|75|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/agents/atlas-release-notes/fetch_aha_features.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 109597, "scanner": "repobility-threat-engine", "fingerprint": "b5b38c3566e2d58cb3d9d64efc1adb720282afaa3738491411c4973a5196c463", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b5b38c3566e2d58cb3d9d64efc1adb720282afaa3738491411c4973a5196c463"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/agents/atlas-release-notes/fetch_aha_features.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109909, "scanner": "repobility-supply-chain", "fingerprint": "6348514a637f5b7347eabe7faabe2d6944e150d5c57e702d145145e50d828f7c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6348514a637f5b7347eabe7faabe2d6944e150d5c57e702d145145e50d828f7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pymongo-driver-examples-test-in-docker.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109908, "scanner": "repobility-supply-chain", "fingerprint": "b5d242f46dae9788c1c3dc4723130ad77493f8519528a55d491d7311745bda45", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b5d242f46dae9788c1c3dc4723130ad77493f8519528a55d491d7311745bda45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go-sdk-examples-unit-tests.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109907, "scanner": "repobility-supply-chain", "fingerprint": "77f391bb84948ecec6b8dbb3f4a879260bbdd929b38408caf3c24c6c97807021", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77f391bb84948ecec6b8dbb3f4a879260bbdd929b38408caf3c24c6c97807021"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/java-driver-sync-examples-test-in-docker.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109906, "scanner": "repobility-supply-chain", "fingerprint": "45ee1b870f693d5058e980be207cbb2d07f7c527258654025581bd7c1b63a58a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45ee1b870f693d5058e980be207cbb2d07f7c527258654025581bd7c1b63a58a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/node-driver-examples-test-in-docker.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DRIVER_DOCS_PR_WEBHOOK` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DRIVER_DOCS_PR_WEBHOOK }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109905, "scanner": "repobility-supply-chain", "fingerprint": "279460dcb63cd8300353a3b92ce15aea1d46e18afce05ec7db5ad7a4ea34fc87", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|279460dcb63cd8300353a3b92ce15aea1d46e18afce05ec7db5ad7a4ea34fc87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/notify-slack-drivers-pr.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.NPM_EMAIL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NPM_EMAIL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109904, "scanner": "repobility-supply-chain", "fingerprint": "b616bb3cc82bc0d764256d957d5705c610ed514279d6906ef29f9b404d71b99d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b616bb3cc82bc0d764256d957d5705c610ed514279d6906ef29f9b404d71b99d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/platform-ci.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.NPM_BASE_64_AUTH` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NPM_BASE_64_AUTH }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109903, "scanner": "repobility-supply-chain", "fingerprint": "9a5d3530ffe928afbd757ca7ea5fc1022fcab07f8f5e772d9a70378f32ff02bd", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a5d3530ffe928afbd757ca7ea5fc1022fcab07f8f5e772d9a70378f32ff02bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/platform-ci.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109902, "scanner": "repobility-supply-chain", "fingerprint": "7b2b41021d6f24d1c37be9fde0e5180a06f0603077de3276737cb4f78023b7ec", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b2b41021d6f24d1c37be9fde0e5180a06f0603077de3276737cb4f78023b7ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-bump-rm-api.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109901, "scanner": "repobility-supply-chain", "fingerprint": "67ffc93e13c30bbb634c8b7018894e0bc4d4f39f92628c8cd449c149b919205c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67ffc93e13c30bbb634c8b7018894e0bc4d4f39f92628c8cd449c149b919205c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-bump-rm-api.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109897, "scanner": "repobility-supply-chain", "fingerprint": "0d3d842ce5819a8c45b68e5fafcab39daeefb288817e5c922e5b88bccd964273", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d3d842ce5819a8c45b68e5fafcab39daeefb288817e5c922e5b88bccd964273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/current/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.API_TOKEN_GITHUB` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.API_TOKEN_GITHUB }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109896, "scanner": "repobility-supply-chain", "fingerprint": "bca10bbe81165732e74ea0f7d6c6558be47d49715c3faa49573aebb2ba1f192b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bca10bbe81165732e74ea0f7d6c6558be47d49715c3faa49573aebb2ba1f192b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/current/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.API_TOKEN_GITHUB` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.API_TOKEN_GITHUB }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109895, "scanner": "repobility-supply-chain", "fingerprint": "5a726c2e60f6b5b61f95f3e804ce5a8e5a022b989d03aaedd7d4b10ad1f25f7b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a726c2e60f6b5b61f95f3e804ce5a8e5a022b989d03aaedd7d4b10ad1f25f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/current/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.SLACK_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.SLACK_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109894, "scanner": "repobility-supply-chain", "fingerprint": "394313c016ad67afca9dbf0f93e4734f71016aeca47d258a6d2e1732144745b2", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|394313c016ad67afca9dbf0f93e4734f71016aeca47d258a6d2e1732144745b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/upcoming/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.API_TOKEN_GITHUB` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.API_TOKEN_GITHUB }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109893, "scanner": "repobility-supply-chain", "fingerprint": "83276b91f0d996eaa6332cab970fc5410c3734d9e9c9e2e55a46d501fb60d7a8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|83276b91f0d996eaa6332cab970fc5410c3734d9e9c9e2e55a46d501fb60d7a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/upcoming/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.API_TOKEN_GITHUB` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.API_TOKEN_GITHUB }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109892, "scanner": "repobility-supply-chain", "fingerprint": "390c27fb7b2b6cca52c46fbeb78fedbd2bfc81e0c3cdc3ff8c46dd5b22966d4d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|390c27fb7b2b6cca52c46fbeb78fedbd2bfc81e0c3cdc3ff8c46dd5b22966d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/java/upcoming/.github/workflows/osiris-subpar-coverage.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109891, "scanner": "repobility-supply-chain", "fingerprint": "1429a83fcc152d8ad446d82dfd85af248e6f288eaf5fc77be7c1df02f384155e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1429a83fcc152d8ad446d82dfd85af248e6f288eaf5fc77be7c1df02f384155e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/generate-bump-pages-openapi-admin-v3.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109890, "scanner": "repobility-supply-chain", "fingerprint": "2cef8cc8be0637ac857e268398d480da828fc55741cc20839720d2a52535940e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2cef8cc8be0637ac857e268398d480da828fc55741cc20839720d2a52535940e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/generate-bump-pages-openapi-admin-v3.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PRIVATE_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PRIVATE_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109889, "scanner": "repobility-supply-chain", "fingerprint": "df98bb6f9cc59579947f1101f799344ebeb69acf0ed617c5517e65101953a3a3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df98bb6f9cc59579947f1101f799344ebeb69acf0ed617c5517e65101953a3a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PUBLIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PUBLIC_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109888, "scanner": "repobility-supply-chain", "fingerprint": "b15acc4cd294630fc39157c7c59b0335fb61712ccf4d4afbb8da5f5cc2f27bce", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b15acc4cd294630fc39157c7c59b0335fb61712ccf4d4afbb8da5f5cc2f27bce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PRIVATE_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PRIVATE_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109887, "scanner": "repobility-supply-chain", "fingerprint": "df5f6db637d37dbb07f96051bb0d908594af41360b1bb4cb5e0db3ceeea733a9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df5f6db637d37dbb07f96051bb0d908594af41360b1bb4cb5e0db3ceeea733a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PUBLIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PUBLIC_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109886, "scanner": "repobility-supply-chain", "fingerprint": "276582c65ec36b592cb9520c1f3ed19f16f6feae05cc6ae6a9959f9826162862", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|276582c65ec36b592cb9520c1f3ed19f16f6feae05cc6ae6a9959f9826162862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PRIVATE_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PRIVATE_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109885, "scanner": "repobility-supply-chain", "fingerprint": "51f2cc264c470a6ae1c21391330ee496225a2311cd3c253c6c3d011f229ed9e6", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51f2cc264c470a6ae1c21391330ee496225a2311cd3c253c6c3d011f229ed9e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.ATLAS_PUBLIC_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.ATLAS_PUBLIC_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109884, "scanner": "repobility-supply-chain", "fingerprint": "d1c2aceeec9b46dc577eb620c816545ea88b37f4d8086334ca35f019d1eb38aa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1c2aceeec9b46dc577eb620c816545ea88b37f4d8086334ca35f019d1eb38aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/test-data-api.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109883, "scanner": "repobility-supply-chain", "fingerprint": "7fd33e0a539c671662773b4bd6201bdbb315a7ec9fc9749d84127ebbe24e3b1f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7fd33e0a539c671662773b4bd6201bdbb315a7ec9fc9749d84127ebbe24e3b1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/generate-bump-pages-openapi-data-api.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.BUMP_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BUMP_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 109882, "scanner": "repobility-supply-chain", "fingerprint": "ae294a4e090b2859903b2c18d8c51ef02c5e04f563e4a047042bb2fa7440d559", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae294a4e090b2859903b2c18d8c51ef02c5e04f563e4a047042bb2fa7440d559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/app-services/.github/workflows/generate-bump-pages-openapi-data-api.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109828, "scanner": "repobility-ast-engine", "fingerprint": "bd9837bc58133c0305248a6e6c6f996a3a1570f44f69ef0e41ff06367c83443e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd9837bc58133c0305248a6e6c6f996a3a1570f44f69ef0e41ff06367c83443e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/manual/source/includes/queryable-encryption/tutorials/automatic/azure/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109827, "scanner": "repobility-ast-engine", "fingerprint": "799cb18aa2f186ced98a0f897bf7a83d06ed5b00135d07e39183bb65c7e5e15e", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|799cb18aa2f186ced98a0f897bf7a83d06ed5b00135d07e39183bb65c7e5e15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/manual/source/includes/queryable-encryption/tutorials/automatic/aws/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109826, "scanner": "repobility-ast-engine", "fingerprint": "e9f229830652b0b64d3fd9468cb15bbfeb298dffde5dcfae391d0d7e25626999", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9f229830652b0b64d3fd9468cb15bbfeb298dffde5dcfae391d0d7e25626999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/manual/source/includes/queryable-encryption/tutorials/automatic/kmip/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109825, "scanner": "repobility-ast-engine", "fingerprint": "94f14430c30c8c59a78590aaebc689e8e113abb96a6b99dd01a2dada2fdd7932", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94f14430c30c8c59a78590aaebc689e8e113abb96a6b99dd01a2dada2fdd7932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/manual/source/includes/queryable-encryption/tutorials/automatic/gcp/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109824, "scanner": "repobility-ast-engine", "fingerprint": "af1f42d183c93633669a20f24bbcb7c374b937e7e8cfcfb8b10a024c5a951040", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af1f42d183c93633669a20f24bbcb7c374b937e7e8cfcfb8b10a024c5a951040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/upcoming/source/includes/queryable-encryption/tutorials/automatic/azure/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109823, "scanner": "repobility-ast-engine", "fingerprint": "0bda648f8d4a1a7bed454b993cdc0b88960a9ba43778015719c0ebcc4b3c2aed", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0bda648f8d4a1a7bed454b993cdc0b88960a9ba43778015719c0ebcc4b3c2aed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/upcoming/source/includes/queryable-encryption/tutorials/automatic/aws/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109822, "scanner": "repobility-ast-engine", "fingerprint": "3e242153e6b4078d8a0c3f46fe68b65c48747058b2a772f9c5885024fe0b0699", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e242153e6b4078d8a0c3f46fe68b65c48747058b2a772f9c5885024fe0b0699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/upcoming/source/includes/queryable-encryption/tutorials/automatic/kmip/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109821, "scanner": "repobility-ast-engine", "fingerprint": "037714d6eda39c96abd887f2d8914f136afd0d9bc6f03cbb6f009abf3851a1a9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|037714d6eda39c96abd887f2d8914f136afd0d9bc6f03cbb6f009abf3851a1a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/upcoming/source/includes/queryable-encryption/tutorials/automatic/gcp/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109820, "scanner": "repobility-ast-engine", "fingerprint": "877c2f76d2bf854aa046a1707b084cea62bd40233f1656fa4f97bd4b9addbaa3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|877c2f76d2bf854aa046a1707b084cea62bd40233f1656fa4f97bd4b9addbaa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.2/source/includes/queryable-encryption/tutorials/automatic/azure/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109819, "scanner": "repobility-ast-engine", "fingerprint": "3e88c3cd7ffa7db8dec9f4913dea9d4a50328054623632c7e4ef35a22dfb4a4b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e88c3cd7ffa7db8dec9f4913dea9d4a50328054623632c7e4ef35a22dfb4a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.2/source/includes/queryable-encryption/tutorials/automatic/aws/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109818, "scanner": "repobility-ast-engine", "fingerprint": "e6c2fdd9956ed55b289699cf3f635a0a00a9fd966b623efcc21941332b0386cd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6c2fdd9956ed55b289699cf3f635a0a00a9fd966b623efcc21941332b0386cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.2/source/includes/queryable-encryption/tutorials/automatic/kmip/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109817, "scanner": "repobility-ast-engine", "fingerprint": "29571cb128c9e25f69782fbaf3ae65f11dafc50065b07c4b4b252160a9ae07da", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29571cb128c9e25f69782fbaf3ae65f11dafc50065b07c4b4b252160a9ae07da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.2/source/includes/queryable-encryption/tutorials/automatic/gcp/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109816, "scanner": "repobility-ast-engine", "fingerprint": "860c5ddda2eaf571be9d2ff444a9878da0a8db1d7ebd551ad146a443ecfcc3aa", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|860c5ddda2eaf571be9d2ff444a9878da0a8db1d7ebd551ad146a443ecfcc3aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.0/source/includes/queryable-encryption/tutorials/automatic/azure/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109815, "scanner": "repobility-ast-engine", "fingerprint": "1b3048a21d4433c83230bc35d4c72bf458d83720fed07c18c900437944377af3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b3048a21d4433c83230bc35d4c72bf458d83720fed07c18c900437944377af3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.0/source/includes/queryable-encryption/tutorials/automatic/aws/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109814, "scanner": "repobility-ast-engine", "fingerprint": "6092613d4b66d49f0f54b6002f583571bb183d7295ff61fcf0661faa55142959", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6092613d4b66d49f0f54b6002f583571bb183d7295ff61fcf0661faa55142959"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.0/source/includes/queryable-encryption/tutorials/automatic/kmip/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109813, "scanner": "repobility-ast-engine", "fingerprint": "9058c352e086e3ec3244fce967ea1dbee962d5bfdcb28c7742d37b15ec4c8796", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9058c352e086e3ec3244fce967ea1dbee962d5bfdcb28c7742d37b15ec4c8796"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/manual/v8.0/source/includes/queryable-encryption/tutorials/automatic/gcp/named-kms/named-kms.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109806, "scanner": "repobility-ast-engine", "fingerprint": "8cc54f1842f24883aba1393f98cf72584d67667e5e2829bce586252b6a9b59b3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cc54f1842f24883aba1393f98cf72584d67667e5e2829bce586252b6a9b59b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/pymongo-driver/current/source/includes/cursors/tailable-cursor.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `asyncio` used but not imported: The file uses `asyncio.something(...)` but never imports `asyncio`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109805, "scanner": "repobility-ast-engine", "fingerprint": "59bba0bdce469958478a16f0d842911ce2d434b480c385d32af975ffb4e4f58f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59bba0bdce469958478a16f0d842911ce2d434b480c385d32af975ffb4e4f58f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/pymongo-driver/current/source/includes/cursors/tailable-cursor.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109804, "scanner": "repobility-ast-engine", "fingerprint": "dabf619879e48f03246541edfc0c4159da3c8bed1c50742add70e5571c32e0f0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dabf619879e48f03246541edfc0c4159da3c8bed1c50742add70e5571c32e0f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/pymongo-driver/upcoming/source/includes/cursors/tailable-cursor.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `asyncio` used but not imported: The file uses `asyncio.something(...)` but never imports `asyncio`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 109803, "scanner": "repobility-ast-engine", "fingerprint": "5c017880f772f6003ffd26d4ee34e31fb535223d80c87f095c55c4474b10b204", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c017880f772f6003ffd26d4ee34e31fb535223d80c87f095c55c4474b10b204"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "content/pymongo-driver/upcoming/source/includes/cursors/tailable-cursor.py"}, "region": {"startLine": 36}}}]}]}]}