{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKC014", "name": "Database data bind mount is inside the Docker build context", "shortDescription": {"text": "Database data bind mount is inside the Docker build context"}, "fullDescription": {"text": "Keeping live database files under the repository/build context can leak data into Docker builds, slow context loading, and make accidental commits more likely."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `falkordb` image uses the latest tag", "shortDescription": {"text": "Compose service `falkordb` image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_prepare_api_call` has cognitive complexity 17 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_prepare_api_call` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 17."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `openai` is 1 major version(s) behind (1.6.1 -> 2.41.0)", "shortDescription": {"text": "Python package `openai` is 1 major version(s) behind (1.6.1 -> 2.41.0)"}, "fullDescription": {"text": "`openai==1.6.1` is 1 major version(s) behind the latest stable release on PyPI (2.41.0). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `sentence-transformers` has no version pin", "shortDescription": {"text": "requirements.txt: `sentence-transformers` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI halluci", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `pgvector/pgvector:pg17` unpinned", "shortDescription": {"text": "Workflow container/services image `pgvector/pgvector:pg17` unpinned"}, "fullDescription": {"text": "`container/services image: pgvector/pgvector:pg17` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `postgres:17-bookworm` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `postgres:17-bookworm` not pinned by digest"}, "fullDescription": {"text": "`FROM postgres:17-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI PATCH haystack_integrations.document_stores.astra.astra_client.AstraDBClient has no auth", "shortDescription": {"text": "FastAPI PATCH haystack_integrations.document_stores.astra.astra_client.AstraDBClient has no auth"}, "fullDescription": {"text": "Handler `test_init_is_lazy` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_passes_api_base", "shortDescription": {"text": "Phantom test coverage: test_passes_api_base"}, "fullDescription": {"text": "Test function `test_passes_api_base` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.filter_documents_async` used but never assigned in __init__", "shortDescription": {"text": "`self.filter_documents_async` used but never assigned in __init__"}, "fullDescription": {"text": "Method `update_by_filter_async` of class `ChromaDocumentStore` reads `self.filter_documents_async`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "curl-auth-header", "name": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed r", "shortDescription": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "jwt", "name": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", "shortDescription": {"text": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.GOOGLE_API_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.GOOGLE_API_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GOOGLE_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `operator` used but not imported", "shortDescription": {"text": "Missing import: `operator` used but not imported"}, "fullDescription": {"text": "The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1008"}, "properties": {"repository": "deepset-ai/haystack-core-integrations", "repoUrl": "https://github.com/deepset-ai/haystack-core-integrations", "branch": "main"}, "results": [{"ruleId": "DKC013", "level": "warning", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 94676, "scanner": "repobility-docker", "fingerprint": "6438a8f7ff24e8ae3e9051c6929cae1f55a635f60862398a8614d7b8ae035e61", "category": "docker", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|6438a8f7ff24e8ae3e9051c6929cae1f55a635f60862398a8614d7b8ae035e61", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC014", "level": "warning", "message": {"text": "Database data bind mount is inside the Docker build context"}, "properties": {"repobilityId": 94673, "scanner": "repobility-docker", "fingerprint": "9f9621dcf3fd2ca0ed8ca956542f0af2f895b1abf514265a685f22bc76371dad", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database data directory is mounted from a relative path that is not excluded by .dockerignore.", "evidence": {"source": "./init", "target": "/container-entrypoint-initdb.d", "rule_id": "DKC014", "scanner": "repobility-docker", "service": "oracle", "references": ["https://docs.docker.com/engine/storage/volumes/", "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|9f9621dcf3fd2ca0ed8ca956542f0af2f895b1abf514265a685f22bc76371dad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/oracle/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `falkordb` image uses the latest tag"}, "properties": {"repobilityId": 94663, "scanner": "repobility-docker", "fingerprint": "a84ffacfdfafe0e5c0b57e3ba06b891c9d9dd04c689be6501f819f263a18f1aa", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "falkordb/falkordb:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a84ffacfdfafe0e5c0b57e3ba06b891c9d9dd04c689be6501f819f263a18f1aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/falkordb/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 94660, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 94659, "scanner": "repobility-docker", "fingerprint": "4b51b8a4b68eef630b7ef9b576e39d89fac4bd549d2d19933a0c85912ce51d0e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "postgres:17-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4b51b8a4b68eef630b7ef9b576e39d89fac4bd549d2d19933a0c85912ce51d0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/Dockerfile.pgroonga"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 94652, "scanner": "repobility-threat-engine", "fingerprint": "c706d63e59154f4ee1ee30bc1ba618917495706f7fba01088fecc78b875f215b", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (4.3 bits) \u2014 may be placeholder or common string Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "PASSWORD = \"<redacted>\"", "reason": "Low entropy value (4.3 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|2|password redacted", "duplicate_count": 1, "duplicate_rule_ids": ["SEC001"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["c706d63e59154f4ee1ee30bc1ba618917495706f7fba01088fecc78b875f215b", "f3b1f3b0c89f8d6d0c70b600f1dc89b414fe614636e769445c5551bd6c6421b5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/snowflake/src/haystack_integrations/components/retrievers/snowflake/auth.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 94646, "scanner": "repobility-threat-engine", "fingerprint": "ba4795d816be8e29ab9ae1e9d12f64b5159d5905069e90d124d5106b9ad5761a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"<your-api-key>\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba4795d816be8e29ab9ae1e9d12f64b5159d5905069e90d124d5106b9ad5761a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/huggingface_api/src/haystack_integrations/components/embedders/huggingface_api/text_embedder.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_prepare_api_call` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=6, nested_bonus=6, or=3, ternary=1."}, "properties": {"repobilityId": 94608, "scanner": "repobility-threat-engine", "fingerprint": "bd8becd3335916fc6048592f6c769892ad690dae0e10ab31a9a2eff0032a27c3", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 17 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_prepare_api_call", "breakdown": {"if": 6, "or": 3, "for": 1, "ternary": 1, "nested_bonus": 6}, "complexity": 17, "correlation_key": "fp|bd8becd3335916fc6048592f6c769892ad690dae0e10ab31a9a2eff0032a27c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aimlapi/src/haystack_integrations/components/generators/aimlapi/chat/chat_generator.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 94604, "scanner": "repobility-agent-runtime", "fingerprint": "731d5daf16ee4add806c3745041f5e29b4ef7dc39c1573a09abf090101d64afe", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|731d5daf16ee4add806c3745041f5e29b4ef7dc39c1573a09abf090101d64afe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ollama.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 94603, "scanner": "repobility-agent-runtime", "fingerprint": "1782b00ededd3ff30a1135f2f94133c4d7f996ae6251bf7285b1c182459b2bb1", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1782b00ededd3ff30a1135f2f94133c4d7f996ae6251bf7285b1c182459b2bb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/llama_stack.yml"}, "region": {"startLine": 72}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `openai` is 1 major version(s) behind (1.6.1 -> 2.41.0)"}, "properties": {"repobilityId": 94602, "scanner": "repobility-dependency-currency", "fingerprint": "ac0953a1dfc748c277ebe84b3feb7bcbacb6905f7a2df9929ae478ded9ca27fb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "openai", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.41.0", "correlation_key": "fp|ac0953a1dfc748c277ebe84b3feb7bcbacb6905f7a2df9929ae478ded9ca27fb", "current_version": "1.6.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/examples/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `sentence_transformers` is 3 major version(s) behind (2.2.2 -> 5.5.1)"}, "properties": {"repobilityId": 94601, "scanner": "repobility-dependency-currency", "fingerprint": "0d473d774701731bef1b8ff2f0bc764696d7e570cdb08d8ca7703e5c15323704", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "sentence_transformers", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "5.5.1", "correlation_key": "fp|0d473d774701731bef1b8ff2f0bc764696d7e570cdb08d8ca7703e5c15323704", "current_version": "2.2.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/examples/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `sentence-transformers` has no version pin"}, "properties": {"repobilityId": 94570, "scanner": "repobility-supply-chain", "fingerprint": "5fcc526d7cfc09ff026b15dbbc7fa933a35b8b0a2162f5881ec50d11cab8b4e8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5fcc526d7cfc09ff026b15dbbc7fa933a35b8b0a2162f5881ec50d11cab8b4e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/langfuse/example/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `datasets` has no version pin"}, "properties": {"repobilityId": 94569, "scanner": "repobility-supply-chain", "fingerprint": "8e6318bcb4cfb4aee326dc4c1bc1979090afa1a64c337ba774b6a357463f379d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e6318bcb4cfb4aee326dc4c1bc1979090afa1a64c337ba774b6a357463f379d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/langfuse/example/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `langfuse-haystack` has no version pin"}, "properties": {"repobilityId": 94568, "scanner": "repobility-supply-chain", "fingerprint": "7ecf8bceac225f335f3edf3f5e761e470c218a1209dcda4a0b2e48d026b9c2c3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ecf8bceac225f335f3edf3f5e761e470c218a1209dcda4a0b2e48d026b9c2c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/langfuse/example/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `haystack-ai` has no version pin"}, "properties": {"repobilityId": 94567, "scanner": "repobility-supply-chain", "fingerprint": "65557a9bd62174f73ac985c6aec17c55e3d5f120d5a438b27d818d24a1f10a65", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65557a9bd62174f73ac985c6aec17c55e3d5f120d5a438b27d818d24a1f10a65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/examples/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94564, "scanner": "repobility-ast-engine", "fingerprint": "09d531cfc84e722c1a8ca1baf9801d83987110688241789c4e0fdd56e77e2346", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09d531cfc84e722c1a8ca1baf9801d83987110688241789c4e0fdd56e77e2346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/tests/conftest.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94562, "scanner": "repobility-ast-engine", "fingerprint": "7131f376e8b0f2bff50af013201507aa4e6f4a6e81be586593e644c97b0da464", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7131f376e8b0f2bff50af013201507aa4e6f4a6e81be586593e644c97b0da464"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/azure_ai_search/tests/conftest.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94560, "scanner": "repobility-ast-engine", "fingerprint": "370e69bf056d3eec3e039e19b1a874fae10210180f01e590432e67bfdf11ca47", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|370e69bf056d3eec3e039e19b1a874fae10210180f01e590432e67bfdf11ca47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/weaviate/src/haystack_integrations/document_stores/weaviate/document_store.py"}, "region": {"startLine": 1454}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94559, "scanner": "repobility-ast-engine", "fingerprint": "59154cbdcf27ad0ba566ee28a520bbfbccb534a22cf6004dbe2f27249bf79ba8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59154cbdcf27ad0ba566ee28a520bbfbccb534a22cf6004dbe2f27249bf79ba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/weaviate/src/haystack_integrations/document_stores/weaviate/document_store.py"}, "region": {"startLine": 1360}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94558, "scanner": "repobility-ast-engine", "fingerprint": "2a397fb2135fd46d14b82d18fb9cb7471465c6fc45587342c8d76e11e11ad92c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a397fb2135fd46d14b82d18fb9cb7471465c6fc45587342c8d76e11e11ad92c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mcp/examples/mcp_client.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94557, "scanner": "repobility-ast-engine", "fingerprint": "7a2ed7f58422742db50bd590af913eb0c095f0d530c7c909a8b0a835206b3648", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a2ed7f58422742db50bd590af913eb0c095f0d530c7c909a8b0a835206b3648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mcp/examples/mcp_stdio_toolset.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94556, "scanner": "repobility-ast-engine", "fingerprint": "2d834b85332000ad73acb310d41a867f6ecab5d4a0e0c2f832ae5f2b66c9f7e4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d834b85332000ad73acb310d41a867f6ecab5d4a0e0c2f832ae5f2b66c9f7e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mcp/examples/mcp_filtered_tools.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94555, "scanner": "repobility-ast-engine", "fingerprint": "c29d532b98ee346d379187fe1bb9d5b7d3d9acef91c3fdc89fdbdc95322b8dd7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c29d532b98ee346d379187fe1bb9d5b7d3d9acef91c3fdc89fdbdc95322b8dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mcp/examples/mcp_stdio_client.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 94549, "scanner": "repobility-ast-engine", "fingerprint": "f69abb8988a11e342e6a196b441bd21b33fdcd04a176119733ff7c7052e0aed8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f69abb8988a11e342e6a196b441bd21b33fdcd04a176119733ff7c7052e0aed8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/src/haystack_integrations/components/converters/mistral/ocr_document_converter.py"}, "region": {"startLine": 428}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94681, "scanner": "repobility-docker", "fingerprint": "fa35aa0fd675042a7de1a722af6f134e17101c338bccf5d27a2ddeef667b4222", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "weaviate", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|fa35aa0fd675042a7de1a722af6f134e17101c338bccf5d27a2ddeef667b4222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/weaviate/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94680, "scanner": "repobility-docker", "fingerprint": "f5ab444f953f82eff26f8c569604cc6954e4f313fe0531de697b0a0f0bd8b57a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "weaviate", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f5ab444f953f82eff26f8c569604cc6954e4f313fe0531de697b0a0f0bd8b57a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/weaviate/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94679, "scanner": "repobility-docker", "fingerprint": "70bacee35b7c1c1c42a2b1f414c95bab195e1359a24435c84d072e493bd7d522", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "vespa", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|70bacee35b7c1c1c42a2b1f414c95bab195e1359a24435c84d072e493bd7d522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/vespa/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94678, "scanner": "repobility-docker", "fingerprint": "eda43b935be5d0db6fcda546d8b3be0682bdea37f67ae794ae26ef17ab136525", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "vespa", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|eda43b935be5d0db6fcda546d8b3be0682bdea37f67ae794ae26ef17ab136525"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/vespa/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94674, "scanner": "repobility-docker", "fingerprint": "7c015b52919e36e2bcefd0d6cfe3b20e1740826c46660aaab36eff2114a4baf3", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "postgres", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7c015b52919e36e2bcefd0d6cfe3b20e1740826c46660aaab36eff2114a4baf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94671, "scanner": "repobility-docker", "fingerprint": "37951d60527f47f36e3ce8fb95370aa7b04a784261be6a7a7eeb75f116ef02e4", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "oracle", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|37951d60527f47f36e3ce8fb95370aa7b04a784261be6a7a7eeb75f116ef02e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/oracle/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94669, "scanner": "repobility-docker", "fingerprint": "af7ae97f5b6671cd013f3e99d56dbca263e136e370b0a4b1e3a392f51ff727fe", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "oracle", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|af7ae97f5b6671cd013f3e99d56dbca263e136e370b0a4b1e3a392f51ff727fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/oracle/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94665, "scanner": "repobility-docker", "fingerprint": "41111c552edc678d27d29c3aaaa3d0f098c716ba7f89282054a33edde24638a5", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "falkordb", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|41111c552edc678d27d29c3aaaa3d0f098c716ba7f89282054a33edde24638a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/falkordb/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94664, "scanner": "repobility-docker", "fingerprint": "bc2d4ef0518e2d0e726d70f4d8ca634c1754280501974f15c665035cb390f5c1", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "falkordb", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bc2d4ef0518e2d0e726d70f4d8ca634c1754280501974f15c665035cb390f5c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/falkordb/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 94658, "scanner": "repobility-docker", "fingerprint": "7ce1ce26d003a5c0731ac28a12e432c1d760881dfb911dc2cea20f47f05f3d65", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7ce1ce26d003a5c0731ac28a12e432c1d760881dfb911dc2cea20f47f05f3d65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/Dockerfile.pgroonga"}, "region": {"startLine": 3}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `validate_version_number` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, if=5, nested_bonus=2."}, "properties": {"repobilityId": 94607, "scanner": "repobility-threat-engine", "fingerprint": "ad6d8b60ef4910cc27ae87228f757257fcdb050339772a483d5abda05dc2bfbc", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "validate_version_number", "breakdown": {"if": 5, "else": 1, "except": 1, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|ad6d8b60ef4910cc27ae87228f757257fcdb050339772a483d5abda05dc2bfbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/validate_version.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `docstrings_checksum` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=2, nested_bonus=5."}, "properties": {"repobilityId": 94606, "scanner": "repobility-threat-engine", "fingerprint": "b7195b1caaf51015996cf8ec876476bf8b74c41635ec64ba80ffc3837cda7be9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "docstrings_checksum", "breakdown": {"if": 2, "for": 2, "continue": 1, "nested_bonus": 5}, "complexity": 10, "correlation_key": "fp|b7195b1caaf51015996cf8ec876476bf8b74c41635ec64ba80ffc3837cda7be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/docstrings_checksum.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94502, "scanner": "repobility-ai-code-hygiene", "fingerprint": "92047a579f466eeb15f35863bd218b2bcf79f67aba9dead8a459eb0853e08c28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/inference_sparse_retriever.py", "duplicate_line": 71, "correlation_key": "fp|92047a579f466eeb15f35863bd218b2bcf79f67aba9dead8a459eb0853e08c28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/sparse_embedding_retriever.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94501, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6c61e1c3203c449abfceb94aba43854abc30307e82becab1ac29557cbafa804", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/bm25_retriever.py", "duplicate_line": 80, "correlation_key": "fp|f6c61e1c3203c449abfceb94aba43854abc30307e82becab1ac29557cbafa804"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/sparse_embedding_retriever.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94500, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38118ddc873c278b6d2f37fd53466cd4191b5c88449b6f78fb140eadab211075", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/inference_hybrid_retriever.py", "duplicate_line": 91, "correlation_key": "fp|38118ddc873c278b6d2f37fd53466cd4191b5c88449b6f78fb140eadab211075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/inference_sparse_retriever.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94499, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a169f36674d0b0714db5f4d03a22ca953ca1cc047ea42f80525cf53422e8024", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/bm25_retriever.py", "duplicate_line": 80, "correlation_key": "fp|6a169f36674d0b0714db5f4d03a22ca953ca1cc047ea42f80525cf53422e8024"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/inference_sparse_retriever.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94498, "scanner": "repobility-ai-code-hygiene", "fingerprint": "36a86b3bf4f747d2f803cc39cd76e713bec7d657336dffc22c75210f4cd5a3eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/bm25_retriever.py", "duplicate_line": 80, "correlation_key": "fp|36a86b3bf4f747d2f803cc39cd76e713bec7d657336dffc22c75210f4cd5a3eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/src/haystack_integrations/components/retrievers/elasticsearch/embedding_retriever.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94497, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d00d1ecf6aa3509c320656e9aaa980323d67a4f73f85f5ed4d94a9d600d86776", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/cohere/src/haystack_integrations/components/generators/cohere/chat/chat_generator.py", "duplicate_line": 370, "correlation_key": "fp|d00d1ecf6aa3509c320656e9aaa980323d67a4f73f85f5ed4d94a9d600d86776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/cohere/src/haystack_integrations/components/generators/cohere/generator.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94496, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3ab0b504fe30c434e7b972fb7dc418eb7a7091e87c6e1d14cf5d572df4473ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/cohere/src/haystack_integrations/components/embedders/cohere/document_embedder.py", "duplicate_line": 21, "correlation_key": "fp|c3ab0b504fe30c434e7b972fb7dc418eb7a7091e87c6e1d14cf5d572df4473ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/cohere/src/haystack_integrations/components/embedders/cohere/text_embedder.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94495, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11e866e30677a378ae6eec4fe791e9ade44737a76319836f608007c0750db245", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/cohere/src/haystack_integrations/components/embedders/cohere/document_embedder.py", "duplicate_line": 21, "correlation_key": "fp|11e866e30677a378ae6eec4fe791e9ade44737a76319836f608007c0750db245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/cohere/src/haystack_integrations/components/embedders/cohere/document_image_embedder.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94494, "scanner": "repobility-ai-code-hygiene", "fingerprint": "939dbd7c62d961e473d7ec4ad4372f3c585129b4fdacb8c49350443c9f3ff207", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/astra/src/haystack_integrations/components/retrievers/astra/retriever.py", "duplicate_line": 90, "correlation_key": "fp|939dbd7c62d961e473d7ec4ad4372f3c585129b4fdacb8c49350443c9f3ff207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/components/retrievers/chroma/retriever.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94493, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb93b90809a31899f33bcf09c6f655dd44cbc11d81f082a28465c037429d4885", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/sentence_splitter.py", "duplicate_line": 104, "correlation_key": "fp|bb93b90809a31899f33bcf09c6f655dd44cbc11d81f082a28465c037429d4885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/token_splitter.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94492, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae55af0f0ee8eb1c17064aaa847f16aa77fe7dc8f9af782b7d6c6989f388244e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/semantic_splitter.py", "duplicate_line": 128, "correlation_key": "fp|ae55af0f0ee8eb1c17064aaa847f16aa77fe7dc8f9af782b7d6c6989f388244e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/token_splitter.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94491, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcf1e4f122462920807bff7ac965fe70c7651f42b57021541661f9804e52f5a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/recursive_splitter.py", "duplicate_line": 73, "correlation_key": "fp|fcf1e4f122462920807bff7ac965fe70c7651f42b57021541661f9804e52f5a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/token_splitter.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94490, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e83d8f625dee3fd4b3ed375807a2e190e8511b9787d73f73a1440e50b815652", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/semantic_splitter.py", "duplicate_line": 128, "correlation_key": "fp|6e83d8f625dee3fd4b3ed375807a2e190e8511b9787d73f73a1440e50b815652"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/sentence_splitter.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94489, "scanner": "repobility-ai-code-hygiene", "fingerprint": "528362b3588b301d9cb809e1d4e38c3a07a5b51b51c7eab90a70ecab9b4ff9a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/recursive_splitter.py", "duplicate_line": 73, "correlation_key": "fp|528362b3588b301d9cb809e1d4e38c3a07a5b51b51c7eab90a70ecab9b4ff9a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/sentence_splitter.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94488, "scanner": "repobility-ai-code-hygiene", "fingerprint": "53bca5add9583cbd34b575751425321adcf7283b0e4170851bc9d828882aa62d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/recursive_splitter.py", "duplicate_line": 73, "correlation_key": "fp|53bca5add9583cbd34b575751425321adcf7283b0e4170851bc9d828882aa62d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/semantic_splitter.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94487, "scanner": "repobility-ai-code-hygiene", "fingerprint": "195b58f644482859b70f7a8eb72bc6d99760bdd435bad7810d07b3d61ed411a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/azure_ai_search/src/haystack_integrations/components/retrievers/azure_ai_search/bm25_retriever.py", "duplicate_line": 25, "correlation_key": "fp|195b58f644482859b70f7a8eb72bc6d99760bdd435bad7810d07b3d61ed411a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/azure_ai_search/src/haystack_integrations/components/retrievers/azure_ai_search/hybrid_retriever.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94486, "scanner": "repobility-ai-code-hygiene", "fingerprint": "787820470be75f0445d4b204b34fe4ceca941c52b0dd9e4381e947a84de84145", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/azure_ai_search/src/haystack_integrations/components/retrievers/azure_ai_search/bm25_retriever.py", "duplicate_line": 49, "correlation_key": "fp|787820470be75f0445d4b204b34fe4ceca941c52b0dd9e4381e947a84de84145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/azure_ai_search/src/haystack_integrations/components/retrievers/azure_ai_search/embedding_retriever.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94485, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d550a711af8039388cce0363c240c55cbd40b59df28dd68c87a0de2d6ff9b61", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/arcadedb/src/haystack_integrations/document_stores/arcadedb/document_store.py", "duplicate_line": 428, "correlation_key": "fp|7d550a711af8039388cce0363c240c55cbd40b59df28dd68c87a0de2d6ff9b61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/src/haystack_integrations/document_stores/astra/document_store.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94484, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4825710612b3cf7c9c8e0446b4fc68b1d9df736af18dd7d90131ceaf75ad6c77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/chat_generator.py", "duplicate_line": 142, "correlation_key": "fp|4825710612b3cf7c9c8e0446b4fc68b1d9df736af18dd7d90131ceaf75ad6c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/vertex_chat_generator.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94483, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2184d34f8ff71c2dc134fff21ddfdb23a1302f2715ffb818e703880ca12bf927", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/foundry_chat_generator.py", "duplicate_line": 99, "correlation_key": "fp|2184d34f8ff71c2dc134fff21ddfdb23a1302f2715ffb818e703880ca12bf927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/vertex_chat_generator.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94482, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0ee0099e0e1c91366655a4483449739aa8dfef1bc435aff8d93422d699e320bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/chat_generator.py", "duplicate_line": 142, "correlation_key": "fp|0ee0099e0e1c91366655a4483449739aa8dfef1bc435aff8d93422d699e320bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/foundry_chat_generator.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94481, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4dcfd0fa088af3c14acf4fd3e7a63a996e396df1fb15ba263adcbeca2704bf11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/generators/amazon_bedrock/chat/chat_generator.py", "duplicate_line": 378, "correlation_key": "fp|4dcfd0fa088af3c14acf4fd3e7a63a996e396df1fb15ba263adcbeca2704bf11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/src/haystack_integrations/components/generators/anthropic/chat/chat_generator.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94480, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a08a4be3fdf1e50de8fb88ef38bcff54d5556a6b861cfbdf087f0b075a535c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_embedder.py", "duplicate_line": 212, "correlation_key": "fp|7a08a4be3fdf1e50de8fb88ef38bcff54d5556a6b861cfbdf087f0b075a535c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_textract/src/haystack_integrations/components/converters/amazon_textract/converter.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94479, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5aeabbe858c68a499e89d982af55a439dc90acfd88b563bace3a7210cb65154", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_image_embedder.py", "duplicate_line": 132, "correlation_key": "fp|e5aeabbe858c68a499e89d982af55a439dc90acfd88b563bace3a7210cb65154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/rankers/amazon_bedrock/ranker.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94478, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c4f696f14b48f6ad07bf2385c4bada950751ba74065ae52fe1bb290cf13d218", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/generators/amazon_bedrock/chat/chat_generator.py", "duplicate_line": 273, "correlation_key": "fp|8c4f696f14b48f6ad07bf2385c4bada950751ba74065ae52fe1bb290cf13d218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/generators/amazon_bedrock/generator.py"}, "region": {"startLine": 254}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94477, "scanner": "repobility-ai-code-hygiene", "fingerprint": "487983e8730164dd32eb296d2a727012f28949de58e0bb23304e160abe9a650c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_embedder.py", "duplicate_line": 103, "correlation_key": "fp|487983e8730164dd32eb296d2a727012f28949de58e0bb23304e160abe9a650c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/generators/amazon_bedrock/generator.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94476, "scanner": "repobility-ai-code-hygiene", "fingerprint": "777cc9a989e2370c20467ec19ef5af218faa72716c6b4afbddd7254481b04410", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_image_embedder.py", "duplicate_line": 132, "correlation_key": "fp|777cc9a989e2370c20467ec19ef5af218faa72716c6b4afbddd7254481b04410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/generators/amazon_bedrock/chat/chat_generator.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94475, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fac90aa7c4212e4b75b7f0e7ab257ef3dbd2d36b097f3120990334e54d11a6b8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_embedder.py", "duplicate_line": 36, "correlation_key": "fp|fac90aa7c4212e4b75b7f0e7ab257ef3dbd2d36b097f3120990334e54d11a6b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/text_embedder.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94474, "scanner": "repobility-ai-code-hygiene", "fingerprint": "74c64c6991c77153a1882cfc55bb9787211790426099c71f3d7e02e4c0739bfc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_embedder.py", "duplicate_line": 36, "correlation_key": "fp|74c64c6991c77153a1882cfc55bb9787211790426099c71f3d7e02e4c0739bfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/components/embedders/amazon_bedrock/document_image_embedder.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94473, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1fa872608dfb9d516543ab4bb3ad6739002b36f335fd6af23196694c02591f34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "integrations/alloydb/src/haystack_integrations/components/retrievers/alloydb/embedding_retriever.py", "duplicate_line": 73, "correlation_key": "fp|1fa872608dfb9d516543ab4bb3ad6739002b36f335fd6af23196694c02591f34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/alloydb/src/haystack_integrations/components/retrievers/alloydb/keyword_retriever.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 94657, "scanner": "repobility-threat-engine", "fingerprint": "feb25db503cd51d7c4c9ed6332f569767b8817866138172c4b40b8faa87f7162", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|feb25db503cd51d7c4c9ed6332f569767b8817866138172c4b40b8faa87f7162"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/create_new_integration.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 94655, "scanner": "repobility-threat-engine", "fingerprint": "9336d79eaeb4c581f7d7c219118e1abad36e93ad67978b4f0db167c051922db6", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Form field or UI element reference", "evidence": {"match": "api_key = \"<redacted>\"", "reason": "Form field or UI element reference", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|2|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/vllm/src/haystack_integrations/common/vllm/utils.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 94651, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 94650, "scanner": "repobility-threat-engine", "fingerprint": "6ea0136bb1154bab287fe9ed188561abc4d8ffff4d0bddd0f05983a0ddc7dfee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ea0136bb1154bab287fe9ed188561abc4d8ffff4d0bddd0f05983a0ddc7dfee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/nvidia/src/haystack_integrations/utils/nvidia/utils.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 94649, "scanner": "repobility-threat-engine", "fingerprint": "d1023e7547645d17d753b38126bbfe86f2415820e97432a66db017f6ce35d76f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d1023e7547645d17d753b38126bbfe86f2415820e97432a66db017f6ce35d76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/nvidia/src/haystack_integrations/components/embedders/nvidia/text_embedder.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 94648, "scanner": "repobility-threat-engine", "fingerprint": "471a7d9e84cfe7fe1129110b20d700fd290ff79f655291e3343b5f73d10bf0fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|471a7d9e84cfe7fe1129110b20d700fd290ff79f655291e3343b5f73d10bf0fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/nvidia/src/haystack_integrations/components/embedders/nvidia/document_embedder.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 94647, "scanner": "repobility-threat-engine", "fingerprint": "8d58964b3cdf8813b899d1fa6322e9ec7aa27b1d53bf8396a45bc74cd1b222b2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d58964b3cdf8813b899d1fa6322e9ec7aa27b1d53bf8396a45bc74cd1b222b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/huggingface_api/src/haystack_integrations/components/rankers/huggingface_api/ranker.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 94645, "scanner": "repobility-threat-engine", "fingerprint": "29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 94641, "scanner": "repobility-threat-engine", "fingerprint": "a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "aggregated_count": 4}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 94640, "scanner": "repobility-threat-engine", "fingerprint": "734a32c5c718b548ee6c362f3ba034ab3457b502e4da2b0a6851474c4e3dae4f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|734a32c5c718b548ee6c362f3ba034ab3457b502e4da2b0a6851474c4e3dae4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/errors.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 94639, "scanner": "repobility-threat-engine", "fingerprint": "7e948d615d568a9fea9b0bf01d49e77a1583e4d3b2d975e47c4ae3d73494bec3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e948d615d568a9fea9b0bf01d49e77a1583e4d3b2d975e47c4ae3d73494bec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/azure_ai_search/src/haystack_integrations/document_stores/azure_ai_search/errors.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 94638, "scanner": "repobility-threat-engine", "fingerprint": "b534505261d307851fddfc0a9d3c13a45330cc347c1fe56f1245a1718f7e3a31", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b534505261d307851fddfc0a9d3c13a45330cc347c1fe56f1245a1718f7e3a31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/src/haystack_integrations/document_stores/astra/errors.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 94637, "scanner": "repobility-threat-engine", "fingerprint": "b2035a80780304e620b60087b426ba3ac5c6c7cc37beacb9e3090ae321c15a3e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b2035a80780304e620b60087b426ba3ac5c6c7cc37beacb9e3090ae321c15a3e", "aggregated_count": 2}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 94636, "scanner": "repobility-threat-engine", "fingerprint": "1638173bc208fbfeb4ce10e6a7df4fb97c9e3256a88bf87c4d9dda38a6285a0b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1638173bc208fbfeb4ce10e6a7df4fb97c9e3256a88bf87c4d9dda38a6285a0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/e2b/examples/e2b_pipeline_example.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 94635, "scanner": "repobility-threat-engine", "fingerprint": "507df959aa18a510c5cec2d96c23b58403659015428918d78f76704178682c69", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|507df959aa18a510c5cec2d96c23b58403659015428918d78f76704178682c69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/e2b/examples/e2b_agent_example.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 94634, "scanner": "repobility-threat-engine", "fingerprint": "ae90d01e59dcf433b01ac18d085dc80b4e5953d912229b3e7e7e8c3f4d79ed71", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae90d01e59dcf433b01ac18d085dc80b4e5953d912229b3e7e7e8c3f4d79ed71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/arcadedb/examples/embedding_retrieval.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 94633, "scanner": "repobility-threat-engine", "fingerprint": "ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "aggregated_count": 1}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 94632, "scanner": "repobility-threat-engine", "fingerprint": "73ac292b12b4ce169c6edd996bf29e99e3419712de3d61e010287ff01f8539d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73ac292b12b4ce169c6edd996bf29e99e3419712de3d61e010287ff01f8539d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mcp/examples/time_pipeline_toolset.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 94631, "scanner": "repobility-threat-engine", "fingerprint": "b9d6c2be6a43e7d072631e373b8ded2f749ec54c695808be9760e4149e03e6d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9d6c2be6a43e7d072631e373b8ded2f749ec54c695808be9760e4149e03e6d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/llama_cpp/src/haystack_integrations/components/generators/llama_cpp/generator.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 94630, "scanner": "repobility-threat-engine", "fingerprint": "0f47aa9f3e1a102263e25cb96e51136ba7ab142b1f63a4f64315cbe96daf9722", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f47aa9f3e1a102263e25cb96e51136ba7ab142b1f63a4f64315cbe96daf9722"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/example/prompt_caching.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 94629, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 94628, "scanner": "repobility-threat-engine", "fingerprint": "8c6227e0559af11aaee31281741940d7b22ea3967020be405b964fd5cd537352", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"     and ask a maintainer to add the secret to the GitHub repo.\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|15|print f and ask a maintainer to add the secret to the github repo."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/create_new_integration.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 94627, "scanner": "repobility-threat-engine", "fingerprint": "535a86368ba72a087ba4753e62859614e66ba0da651bde9b6dac97444e1ea357", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(generator.run(\"Who is the best American actor?\", generation_kwargs={\"max_tokens\": 128})", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|2|print generator.run who is the best american actor generation_kwargs max_tokens : 128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/llama_cpp/src/haystack_integrations/components/generators/llama_cpp/generator.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 94625, "scanner": "repobility-threat-engine", "fingerprint": "703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "aggregated_count": 4}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 94624, "scanner": "repobility-threat-engine", "fingerprint": "16fee202e1b915d7d9880223fdeac9a7a066f9c3957aa5cf4e89fdf2abb9e32d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|16fee202e1b915d7d9880223fdeac9a7a066f9c3957aa5cf4e89fdf2abb9e32d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/repo_viewer.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 94623, "scanner": "repobility-threat-engine", "fingerprint": "12953b703dbdd2d9a97e683c45f8d19eb1b4a5149e079c3ecba5bffa0fecb667", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12953b703dbdd2d9a97e683c45f8d19eb1b4a5149e079c3ecba5bffa0fecb667"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/filters.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 94622, "scanner": "repobility-threat-engine", "fingerprint": "0ec16ba7371113411dcc4667dd0ec11e67753bfbf65bbef88be76c35f4eb5abf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ec16ba7371113411dcc4667dd0ec11e67753bfbf65bbef88be76c35f4eb5abf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/amazon_bedrock/src/haystack_integrations/common/s3/utils.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 94621, "scanner": "repobility-threat-engine", "fingerprint": "0739686e430239ba7b3236e9a44720c49fcd4d7e277864d5ec8ae18a37e048b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0739686e430239ba7b3236e9a44720c49fcd4d7e277864d5ec8ae18a37e048b0", "aggregated_count": 5}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 94620, "scanner": "repobility-threat-engine", "fingerprint": "214ce6f0b6b4a49099baed50b1846bdfbde7215abe6ae554e455cd09d9468af1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|214ce6f0b6b4a49099baed50b1846bdfbde7215abe6ae554e455cd09d9468af1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/issue_viewer.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 94619, "scanner": "repobility-threat-engine", "fingerprint": "2369fc88517f65f4cfc1c6c319a7eb109a541f941711e601f7ff23319cae12f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2369fc88517f65f4cfc1c6c319a7eb109a541f941711e601f7ff23319cae12f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/issue_commenter.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 94618, "scanner": "repobility-threat-engine", "fingerprint": "fd270ae195c9ee151b0deb6e2dd4cfbd9b3bc370eb3fc555b13c61c521d76588", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd270ae195c9ee151b0deb6e2dd4cfbd9b3bc370eb3fc555b13c61c521d76588"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/validate_version.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 94617, "scanner": "repobility-threat-engine", "fingerprint": "786c402d6370e4b20e5de8e1668086eeb34a73c9557b72e071ac80b5a366f9d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|786c402d6370e4b20e5de8e1668086eeb34a73c9557b72e071ac80b5a366f9d1"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 94613, "scanner": "repobility-threat-engine", "fingerprint": "719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|719f16a1467677730b367baa2144dabfe702dd229dc13e6f3e8747ec0afa970d"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 70 more): Same pattern found in 70 additional files. Review if needed."}, "properties": {"repobilityId": 94609, "scanner": "repobility-threat-engine", "fingerprint": "ead50bf9db7918bc155f16c7471e0c8cacbbf32465aff801b4aaf15607899c72", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 70 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "docstrings_checksum", "breakdown": {"if": 2, "for": 2, "continue": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 10, "correlation_key": "fp|ead50bf9db7918bc155f16c7471e0c8cacbbf32465aff801b4aaf15607899c72", "aggregated_count": 70}}}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 94672, "scanner": "repobility-docker", "fingerprint": "d2328f2dc17203aeffef5e21551ab48bc53f454b5e7b3a59a0a1d69b91cae6e1", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "1521:1521", "target": "1521", "host_ip": "", "published": "1521"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "oracle", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|d2328f2dc17203aeffef5e21551ab48bc53f454b5e7b3a59a0a1d69b91cae6e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/oracle/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 94668, "scanner": "repobility-docker", "fingerprint": "d376aa3efbf74a1e8025c912f4b2d7b01447fb715d1d81b173ccf7a908d7971f", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|d376aa3efbf74a1e8025c912f4b2d7b01447fb715d1d81b173ccf7a908d7971f", "expected_targets": ["/usr/share/opensearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/opensearch/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 94667, "scanner": "repobility-docker", "fingerprint": "c8154d5c9b6c0a10ea0915909b61a3439fb6a68cdfb8ee37e41f655dff61821b", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9200:9200", "target": "9200", "host_ip": "", "published": "9200"}, {"raw": "9600:9600", "target": "9600", "host_ip": "", "published": "9600"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "opensearch", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|c8154d5c9b6c0a10ea0915909b61a3439fb6a68cdfb8ee37e41f655dff61821b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/opensearch/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 94662, "scanner": "repobility-docker", "fingerprint": "82cdb3bf7a8be8ee7d7256de6d138035cc2df6facf04cf5b7fc6476096c1832f", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "elasticsearch", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|82cdb3bf7a8be8ee7d7256de6d138035cc2df6facf04cf5b7fc6476096c1832f", "expected_targets": ["/usr/share/elasticsearch/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 94661, "scanner": "repobility-docker", "fingerprint": "237bb85b8663fe8a430e9bf2902a0d0e3b2fa3ad75e2fc27c87ceb68251bb563", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "9200:9200", "target": "9200", "host_ip": "", "published": "9200"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "elasticsearch", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|237bb85b8663fe8a430e9bf2902a0d0e3b2fa3ad75e2fc27c87ceb68251bb563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/elasticsearch/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 94656, "scanner": "repobility-threat-engine", "fingerprint": "35e52010b0d3f2d13adac2ce598dc5aed59cfae425954a7d1580a2424b571d80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35e52010b0d3f2d13adac2ce598dc5aed59cfae425954a7d1580a2424b571d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/weaviate/src/haystack_integrations/document_stores/weaviate/_filters.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94644, "scanner": "repobility-threat-engine", "fingerprint": "244a2f95b6f7608b14fc1deac9ae544eb037ae27d79798ae4752925fadbf1dc1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(comments_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|244a2f95b6f7608b14fc1deac9ae544eb037ae27d79798ae4752925fadbf1dc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/issue_viewer.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94643, "scanner": "repobility-threat-engine", "fingerprint": "02652b30061dacc37dac7a8dd45bcdad5c3264bc2a3a417470e0ee714c1332a2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|02652b30061dacc37dac7a8dd45bcdad5c3264bc2a3a417470e0ee714c1332a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/issue_commenter.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 94642, "scanner": "repobility-threat-engine", "fingerprint": "efdbb073f9dae3c932c717b33c87c36c4b2cd380fd2ee4f7666185ecf8e24aca", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|efdbb073f9dae3c932c717b33c87c36c4b2cd380fd2ee4f7666185ecf8e24aca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/firecrawl/src/haystack_integrations/components/fetchers/firecrawl/firecrawl_crawler.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 94626, "scanner": "repobility-threat-engine", "fingerprint": "6251f7045ec84e1354d03076dfb085de9546222c20ae411146b59fce769d5d8c", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"Time to first token: <redacted>} seconds\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|8|print f time to first token: redacted seconds"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/anthropic/example/prompt_caching.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 94616, "scanner": "repobility-threat-engine", "fingerprint": "dc767a56111ce097ba7cde26cf80cba0998ba3d9ffa4c6e545d58215c74d76ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dc767a56111ce097ba7cde26cf80cba0998ba3d9ffa4c6e545d58215c74d76ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/google_ai/src/haystack_integrations/components/generators/google_ai/gemini.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 94615, "scanner": "repobility-threat-engine", "fingerprint": "6127a7691cd379964ba966ce919e59e624b2ce4239303e3af7320b93adfa5f56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6127a7691cd379964ba966ce919e59e624b2ce4239303e3af7320b93adfa5f56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/github/src/haystack_integrations/components/connectors/github/repo_forker.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 94614, "scanner": "repobility-threat-engine", "fingerprint": "3ef1b421eaca8dcf46b8366116f4d7b46902f2200ed0f8ee9f9810eb332a56aa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3ef1b421eaca8dcf46b8366116f4d7b46902f2200ed0f8ee9f9810eb332a56aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/validate_version.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94612, "scanner": "repobility-threat-engine", "fingerprint": "7a8e15c058d6a1c7e9fb0b7d8a0558c8dfabb806f4489e19c2b7c9c1ef9fa553", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "meta.update(\n                    {\n                        \"source_id\": doc.id,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a8e15c058d6a1c7e9fb0b7d8a0558c8dfabb806f4489e19c2b7c9c1ef9fa553"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chonkie/src/haystack_integrations/components/preprocessors/chonkie/recursive_splitter.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94611, "scanner": "repobility-threat-engine", "fingerprint": "8349f0e1a2d9d28954cbca963026f08f1fe332f7ae7e0461db7cb4378424926c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "params.update(self.extra_params)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8349f0e1a2d9d28954cbca963026f08f1fe332f7ae7e0461db7cb4378424926c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/brave/src/haystack_integrations/components/websearch/brave/brave_websearch.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 94610, "scanner": "repobility-threat-engine", "fingerprint": "e6d3c96b9ab02d37fa3a80d6ea16f87828706ece77d131635775f12670e57193", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "deps.update(dep_list)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e6d3c96b9ab02d37fa3a80d6ea16f87828706ece77d131635775f12670e57193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/pyproject_to_requirements.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 94605, "scanner": "repobility-threat-engine", "fingerprint": "04e9a3894d6f247b955f5b89d669b29746e6fca5b0dc1b55b569d70005cc4188", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04e9a3894d6f247b955f5b89d669b29746e6fca5b0dc1b55b569d70005cc4188"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/utils/docstrings_checksum.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `pgvector/pgvector:pg17` unpinned"}, "properties": {"repobilityId": 94600, "scanner": "repobility-supply-chain", "fingerprint": "87870f8f72ecd6b7e5a539c860aed38ab64418b75f7081673fd3ee5d7d2f12e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87870f8f72ecd6b7e5a539c860aed38ab64418b75f7081673fd3ee5d7d2f12e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pgvector.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `pgvector/pgvector:pg17` unpinned"}, "properties": {"repobilityId": 94599, "scanner": "repobility-supply-chain", "fingerprint": "8c6ea8681bcdb79ccdfca236c0aba6a12645f29a013de745ecf795199589194c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c6ea8681bcdb79ccdfca236c0aba6a12645f29a013de745ecf795199589194c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/supabase.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `arcadedata/arcadedb:latest` unpinned"}, "properties": {"repobilityId": 94590, "scanner": "repobility-supply-chain", "fingerprint": "5d16e3a3417aefbc8f39dcea91731f9d004743d6dbb9231d891afa89a3854db0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d16e3a3417aefbc8f39dcea91731f9d004743d6dbb9231d891afa89a3854db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/arcadedb.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `valkey/valkey-bundle:latest` unpinned"}, "properties": {"repobilityId": 94584, "scanner": "repobility-supply-chain", "fingerprint": "97486a643b6975d8c6f228c2d4516c437f1b93b136d394c8ee7998472f029eda", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97486a643b6975d8c6f228c2d4516c437f1b93b136d394c8ee7998472f029eda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/valkey.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `falkordb/falkordb:latest` unpinned"}, "properties": {"repobilityId": 94573, "scanner": "repobility-supply-chain", "fingerprint": "ae69e512179d54c580c95789a65394a8f70ae87228ef0e072dad1493297eb115", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae69e512179d54c580c95789a65394a8f70ae87228ef0e072dad1493297eb115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/falkordb.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `postgres:17-bookworm` not pinned by digest"}, "properties": {"repobilityId": 94566, "scanner": "repobility-supply-chain", "fingerprint": "900649ef452932b540310e8600e3f7a08169a84975779c04e2b61db4ba02d24b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|900649ef452932b540310e8600e3f7a08169a84975779c04e2b61db4ba02d24b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/Dockerfile.pgroonga"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PATCH haystack_integrations.document_stores.astra.astra_client.AstraDBClient has no auth"}, "properties": {"repobilityId": 94565, "scanner": "repobility-route-auth", "fingerprint": "e29cecdc6eb8462abd515fa7f1549f1e0d7b678c159725ae9b11dc0e2269a1c7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e29cecdc6eb8462abd515fa7f1549f1e0d7b678c159725ae9b11dc0e2269a1c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/astra/tests/test_document_store.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_passes_api_base"}, "properties": {"repobilityId": 94553, "scanner": "repobility-ast-engine", "fingerprint": "f9a0bf499e2e21e04b179f17af7a59947093876a7717975d9104b61e021bb3eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9a0bf499e2e21e04b179f17af7a59947093876a7717975d9104b61e021bb3eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/dspy/tests/test_chat_generator.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_passes_extra_kwargs"}, "properties": {"repobilityId": 94552, "scanner": "repobility-ast-engine", "fingerprint": "cf365943061ffcce89b564f662419653bb051bcf878348c745cd6135965d274c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf365943061ffcce89b564f662419653bb051bcf878348c745cd6135965d274c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/dspy/tests/test_chat_generator.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_type_lists_valid_options"}, "properties": {"repobilityId": 94551, "scanner": "repobility-ast-engine", "fingerprint": "e57a80dc0f0f9b215f8e9715d1449e03307d43e83b82e71d2d090ae04c211a74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e57a80dc0f0f9b215f8e9715d1449e03307d43e83b82e71d2d090ae04c211a74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/dspy/tests/test_chat_generator.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_type_raises"}, "properties": {"repobilityId": 94550, "scanner": "repobility-ast-engine", "fingerprint": "8d9943a7415fc3162c11fc4fbb94c9f77f7d375e133612db1cd9cb62baa4d57a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d9943a7415fc3162c11fc4fbb94c9f77f7d375e133612db1cd9cb62baa4d57a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/dspy/tests/test_chat_generator.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_streaming_with_reasoning_logs_warning"}, "properties": {"repobilityId": 94548, "scanner": "repobility-ast-engine", "fingerprint": "ba4b7e293057e0e967a6189677ae1433b29b50f785b51e3ce0a837b804fd9cf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba4b7e293057e0e967a6189677ae1433b29b50f785b51e3ce0a837b804fd9cf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_chat_generator.py"}, "region": {"startLine": 1202}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_live_run_wrong_model"}, "properties": {"repobilityId": 94547, "scanner": "repobility-ast-engine", "fingerprint": "bdd97f84c2c270f2bf91d49f3a783ddb0ec94db85ffa7faf4dca5b247fdb05a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdd97f84c2c270f2bf91d49f3a783ddb0ec94db85ffa7faf4dca5b247fdb05a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_chat_generator.py"}, "region": {"startLine": 524}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_from_dict_fail_wo_env_var"}, "properties": {"repobilityId": 94546, "scanner": "repobility-ast-engine", "fingerprint": "8032a1e1033f0745076a0ae34b3eff0f4a53bb6d6186ed79f963a93da9f88eca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8032a1e1033f0745076a0ae34b3eff0f4a53bb6d6186ed79f963a93da9f88eca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_chat_generator.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_init_fail_wo_api_key"}, "properties": {"repobilityId": 94545, "scanner": "repobility-ast-engine", "fingerprint": "5be0bd48533eb441f19c08bd26b40e04bd73f30779e23aefeb26ca79ece2278b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5be0bd48533eb441f19c08bd26b40e04bd73f30779e23aefeb26ca79ece2278b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_chat_generator.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_async_streaming_with_reasoning_logs_warning"}, "properties": {"repobilityId": 94544, "scanner": "repobility-ast-engine", "fingerprint": "42cca1b5796340f6ee055ad80f2d4d093f1bbdabc7aa92b8f08dcbd33ab050bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42cca1b5796340f6ee055ad80f2d4d093f1bbdabc7aa92b8f08dcbd33ab050bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_chat_generator_async.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_with_meta_list_length_mismatch"}, "properties": {"repobilityId": 94543, "scanner": "repobility-ast-engine", "fingerprint": "235a9728013a9f0fe13c1eae09070f35f96443f3bef26a477f874c7b5fa90d5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|235a9728013a9f0fe13c1eae09070f35f96443f3bef26a477f874c7b5fa90d5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_ocr_document_converter.py"}, "region": {"startLine": 489}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_run_wrong_input_format"}, "properties": {"repobilityId": 94542, "scanner": "repobility-ast-engine", "fingerprint": "e62590be4f35d2dc7dd71c1ca3589f2136a5983c29785f99823bbbd31d7eb17a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e62590be4f35d2dc7dd71c1ca3589f2136a5983c29785f99823bbbd31d7eb17a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/mistral/tests/test_mistral_text_embedder.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.filter_documents_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94541, "scanner": "repobility-ast-engine", "fingerprint": "94b75513c18a3d68b5460a97c18453890638b16dbba4517933cb0fb35535d346", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94b75513c18a3d68b5460a97c18453890638b16dbba4517933cb0fb35535d346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 870}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94540, "scanner": "repobility-ast-engine", "fingerprint": "3c1b82bb99d3b1747c3d8177a96cdedf1c80a91bb448cf8440e36ac268715c92", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c1b82bb99d3b1747c3d8177a96cdedf1c80a91bb448cf8440e36ac268715c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 866}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.filter_documents` used but never assigned in __init__"}, "properties": {"repobilityId": 94539, "scanner": "repobility-ast-engine", "fingerprint": "af55646fcb41b0f1de15e2dfee5333dc99b99afe92bee033bcd2edf9b98c46a2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af55646fcb41b0f1de15e2dfee5333dc99b99afe92bee033bcd2edf9b98c46a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 828}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94538, "scanner": "repobility-ast-engine", "fingerprint": "7ec0c6e413dd284809020e1101e32b4bf9ca9af644a958c0a853c9b276e08092", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ec0c6e413dd284809020e1101e32b4bf9ca9af644a958c0a853c9b276e08092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 824}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.filter_documents_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94537, "scanner": "repobility-ast-engine", "fingerprint": "423dcf1016c97c17727fd8bff3ba0b3143247851ace3c8486e0bed2aa7cddc5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|423dcf1016c97c17727fd8bff3ba0b3143247851ace3c8486e0bed2aa7cddc5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 781}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94536, "scanner": "repobility-ast-engine", "fingerprint": "98f2d3f5fbb340625f99d64fe1e61282b70eede1f87a872f6d787ab44150340c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98f2d3f5fbb340625f99d64fe1e61282b70eede1f87a872f6d787ab44150340c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 774}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.filter_documents` used but never assigned in __init__"}, "properties": {"repobilityId": 94535, "scanner": "repobility-ast-engine", "fingerprint": "4ea87711946d5b9d486187ebdcb25f77d0b04a51dc010feffee128ca82773bf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ea87711946d5b9d486187ebdcb25f77d0b04a51dc010feffee128ca82773bf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 733}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94534, "scanner": "repobility-ast-engine", "fingerprint": "5424bbc62f4612655286e0381cf9fa8fe1d0f09e1213d5e3adf7711f9fab074a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5424bbc62f4612655286e0381cf9fa8fe1d0f09e1213d5e3adf7711f9fab074a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 726}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94533, "scanner": "repobility-ast-engine", "fingerprint": "879dff286dd845da07efcfac63665c59f28ea1b30b569fb421d66200d5f0b2a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|879dff286dd845da07efcfac63665c59f28ea1b30b569fb421d66200d5f0b2a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 713}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94532, "scanner": "repobility-ast-engine", "fingerprint": "6828644fbc83174e5c061b11e854fa8876a597179aca61730141913e7bbe1c42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6828644fbc83174e5c061b11e854fa8876a597179aca61730141913e7bbe1c42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 700}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._apply_duplicate_policy` used but never assigned in __init__"}, "properties": {"repobilityId": 94531, "scanner": "repobility-ast-engine", "fingerprint": "8892c502a769424b3e109a2f540c54fddf45bc8a516d6182f9b63cff0cbc7c86", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8892c502a769424b3e109a2f540c54fddf45bc8a516d6182f9b63cff0cbc7c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 666}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94530, "scanner": "repobility-ast-engine", "fingerprint": "70f1acfb7e6fbc0c23c9627cb443aaa70c8ce0dd1ca9354e553c716c2576461d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70f1acfb7e6fbc0c23c9627cb443aaa70c8ce0dd1ca9354e553c716c2576461d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 651}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._apply_duplicate_policy` used but never assigned in __init__"}, "properties": {"repobilityId": 94529, "scanner": "repobility-ast-engine", "fingerprint": "33ad6b29e5fa6832077f45bf229b0f5a9fd8a37a6674150339a9a78b4ee5382c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33ad6b29e5fa6832077f45bf229b0f5a9fd8a37a6674150339a9a78b4ee5382c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 612}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94528, "scanner": "repobility-ast-engine", "fingerprint": "a196adfeeb8094a3e2d4a7e9cb3c109670c177597290992ba06e09bb45ac325e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a196adfeeb8094a3e2d4a7e9cb3c109670c177597290992ba06e09bb45ac325e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 598}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94527, "scanner": "repobility-ast-engine", "fingerprint": "f91037cb449806c29b5fa8dc9171d3441e219ea634a75ff854ac698c84428b61", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f91037cb449806c29b5fa8dc9171d3441e219ea634a75ff854ac698c84428b61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 446}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_result_to_documents` used but never assigned in __init__"}, "properties": {"repobilityId": 94526, "scanner": "repobility-ast-engine", "fingerprint": "f03cff3bb5c4a3c194c993a9bf8f7eafbabb18d77b1ab6076cbc0ef9417efaf8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f03cff3bb5c4a3c194c993a9bf8f7eafbabb18d77b1ab6076cbc0ef9417efaf8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 452}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_result_to_documents` used but never assigned in __init__"}, "properties": {"repobilityId": 94525, "scanner": "repobility-ast-engine", "fingerprint": "cc46c2959d639d162b4ee69b44807636df9e66612ebff93b4c252fa4dac86dff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc46c2959d639d162b4ee69b44807636df9e66612ebff93b4c252fa4dac86dff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 432}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94524, "scanner": "repobility-ast-engine", "fingerprint": "f4836866eaaf255f4f3e85a328660da8e0288c81197f77ea70d4150ccfb0751b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4836866eaaf255f4f3e85a328660da8e0288c81197f77ea70d4150ccfb0751b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized_async` used but never assigned in __init__"}, "properties": {"repobilityId": 94523, "scanner": "repobility-ast-engine", "fingerprint": "0e683772ee5814edcd3e5a1bc0ef99101e14f09c89ecad8a6744d55dd4715657", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e683772ee5814edcd3e5a1bc0ef99101e14f09c89ecad8a6744d55dd4715657"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 410}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._ensure_initialized` used but never assigned in __init__"}, "properties": {"repobilityId": 94522, "scanner": "repobility-ast-engine", "fingerprint": "767a06781bd52d65991d9f526e15f46b2baa49b712e1fe58b17e3429f264b07f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|767a06781bd52d65991d9f526e15f46b2baa49b712e1fe58b17e3429f264b07f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 398}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._async_client` used but never assigned in __init__"}, "properties": {"repobilityId": 94521, "scanner": "repobility-ast-engine", "fingerprint": "91d878ee85665e3d8b054bf1f7080eec3ce7cd0a1d4b7ae49791803c7628cc63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91d878ee85665e3d8b054bf1f7080eec3ce7cd0a1d4b7ae49791803c7628cc63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._client` used but never assigned in __init__"}, "properties": {"repobilityId": 94520, "scanner": "repobility-ast-engine", "fingerprint": "46612f7d9cc9597d9579b714a7d51c46a14450202b67774ec411293c5d1775a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46612f7d9cc9597d9579b714a7d51c46a14450202b67774ec411293c5d1775a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/src/haystack_integrations/document_stores/chroma/document_store.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parse_comparison_condition_errors"}, "properties": {"repobilityId": 94519, "scanner": "repobility-ast-engine", "fingerprint": "5fd313c1d79c0f1ab8b2ec4eeefd5f5450ffeb04905c21ceb6714bdfb95681f5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5fd313c1d79c0f1ab8b2ec4eeefd5f5450ffeb04905c21ceb6714bdfb95681f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_filters.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parse_logical_condition_errors"}, "properties": {"repobilityId": 94518, "scanner": "repobility-ast-engine", "fingerprint": "6635ed28d6d1118b365c41e52f149e8f79d20d4ce1883b69241f448485c72df1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6635ed28d6d1118b365c41e52f149e8f79d20d4ce1883b69241f448485c72df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_filters.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_id_filter_with_empty_value_raises"}, "properties": {"repobilityId": 94517, "scanner": "repobility-ast-engine", "fingerprint": "a23d0fa767052a5f60aacded96e37f84cf43ab6fac423d7aa65e533caa8ebec0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a23d0fa767052a5f60aacded96e37f84cf43ab6fac423d7aa65e533caa8ebec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_filters.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assert_documents_are_equal` used but never assigned in __init__"}, "properties": {"repobilityId": 94516, "scanner": "repobility-ast-engine", "fingerprint": "bed1b8b96305c7d307cfe8c01e0ef205e4ca878d0dfafdbc017649122ef56625", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bed1b8b96305c7d307cfe8c01e0ef205e4ca878d0dfafdbc017649122ef56625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assert_documents_are_equal` used but never assigned in __init__"}, "properties": {"repobilityId": 94515, "scanner": "repobility-ast-engine", "fingerprint": "6da463cdf14f091a097e5c03bcadac6085d8648e877c64f79051e65a8d5b7662", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6da463cdf14f091a097e5c03bcadac6085d8648e877c64f79051e65a8d5b7662"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 450}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.assert_documents_are_equal` used but never assigned in __init__"}, "properties": {"repobilityId": 94514, "scanner": "repobility-ast-engine", "fingerprint": "851c1aa28974b5f3d23ab4c5957d8705a3cf790dde9bf9c9d33fc53dfae340a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|851c1aa28974b5f3d23ab4c5957d8705a3cf790dde9bf9c9d33fc53dfae340a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 435}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nested_logical_filters"}, "properties": {"repobilityId": 94513, "scanner": "repobility-ast-engine", "fingerprint": "c5cb32d670890cf01297e76917c9695c84bddb4c5ea040180ff86b69b88a63da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5cb32d670890cf01297e76917c9695c84bddb4c5ea040180ff86b69b88a63da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 455}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_multiple_contains"}, "properties": {"repobilityId": 94512, "scanner": "repobility-ast-engine", "fingerprint": "96669c146d07524841282d23cf80d31cbdec15b509aa734756957880de7f0d78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96669c146d07524841282d23cf80d31cbdec15b509aa734756957880de7f0d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_contains"}, "properties": {"repobilityId": 94511, "scanner": "repobility-ast-engine", "fingerprint": "01c962e6df34f6fed6a708be4055c85f43155fd701ab6e4e670cd762c8e46098", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01c962e6df34f6fed6a708be4055c85f43155fd701ab6e4e670cd762c8e46098"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 431}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_delete_empty"}, "properties": {"repobilityId": 94510, "scanner": "repobility-ast-engine", "fingerprint": "98cb86c3bcc02137a21ec7c366ad4c052e798f2d4a51beaf9b822f8f1ff76e57", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98cb86c3bcc02137a21ec7c366ad4c052e798f2d4a51beaf9b822f8f1ff76e57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 341}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_convert_document_to_chroma_rejects_non_document"}, "properties": {"repobilityId": 94509, "scanner": "repobility-ast-engine", "fingerprint": "d8efb82dad64963aaa66c4d2b667e260b74a85aaac2383f59cd9a4e81cc3e01d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8efb82dad64963aaa66c4d2b667e260b74a85aaac2383f59cd9a4e81cc3e01d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ensure_initialized_invalid_client_settings_raises"}, "properties": {"repobilityId": 94508, "scanner": "repobility-ast-engine", "fingerprint": "0a757eed4e020b362fe5e28a72cf52a8cc67067e53efce8dfb660c4d2ba055d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a757eed4e020b362fe5e28a72cf52a8cc67067e53efce8dfb660c4d2ba055d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_same_collection_name_reinitialization"}, "properties": {"repobilityId": 94507, "scanner": "repobility-ast-engine", "fingerprint": "bf8f894317e381a67d9e2a202098f1279084f94c2ac7c21bfa8bd82c561c7ca2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf8f894317e381a67d9e2a202098f1279084f94c2ac7c21bfa8bd82c561c7ca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_initialization_both_host_and_persist_path"}, "properties": {"repobilityId": 94506, "scanner": "repobility-ast-engine", "fingerprint": "c81793d9ccfd5276355b958a9843aa280f2f4bf09250dd5641a87a9791e6265b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c81793d9ccfd5276355b958a9843aa280f2f4bf09250dd5641a87a9791e6265b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_embedding_function_invalid_name_raises"}, "properties": {"repobilityId": 94505, "scanner": "repobility-ast-engine", "fingerprint": "da2fecec072911770840f544e20f10646e7073643bfd39261ea9cc87e9e1d1e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da2fecec072911770840f544e20f10646e7073643bfd39261ea9cc87e9e1d1e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ensure_initialized_async_invalid_client_settings_raises"}, "properties": {"repobilityId": 94504, "scanner": "repobility-ast-engine", "fingerprint": "ab6324eb78d21611be9526e9ce1aae1f6d9b62aa0b9f209d12f3f6c773ff3f9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab6324eb78d21611be9526e9ce1aae1f6d9b62aa0b9f209d12f3f6c773ff3f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store_async.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_ensure_initialized_async_requires_host_and_port"}, "properties": {"repobilityId": 94503, "scanner": "repobility-ast-engine", "fingerprint": "ec93b361294aad5b9bc7f3877db54888cd8e86df9ebc88e7e27d42de7df2895e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec93b361294aad5b9bc7f3877db54888cd8e86df9ebc88e7e27d42de7df2895e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/chroma/tests/test_document_store_async.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 94685, "scanner": "gitleaks", "fingerprint": "0ff7a5756fa5c9fec571cf95824d8ae6d59a3cb055d3be6aa501ea9ae75e983a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|12|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/snowflake/tests/test_auth.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 94684, "scanner": "gitleaks", "fingerprint": "5264668a9d90d5e7545e2df77688b8adb34aa3bfb41641ab055e542de91e826c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|5|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/snowflake/tests/test_auth.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 94683, "scanner": "gitleaks", "fingerprint": "3602472fa9f0698875bd3634d9f5c4cb07098e9c0e2100bbfed6da2cbe3706e2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -sf http://localhost:8000/rest/v1/ -H \"apikey: <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|. token|13|curl -sf token / -h apikey: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/supabase.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "jwt", "level": "error", "message": {"text": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data."}, "properties": {"repobilityId": 94682, "scanner": "gitleaks", "fingerprint": "c48e2df56a110468c334331570b027b5d3df40a41f854569d816b293a12a59ad", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED\"", "rule_id": "jwt", "scanner": "gitleaks", "detector": "jwt", "correlation_key": "secret|. token|13|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/supabase.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94677, "scanner": "repobility-docker", "fingerprint": "cb42d03da76f3e6ddf223c6448beb0cceabdc4c0887e9a28811f76dd22748cc0", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "setup", "variable": "PGPASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|cb42d03da76f3e6ddf223c6448beb0cceabdc4c0887e9a28811f76dd22748cc0", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94675, "scanner": "repobility-docker", "fingerprint": "d216f4a3961991c8f2a35ac04b41fe538e3503f6a709a81e846893683d4e6aec", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|d216f4a3961991c8f2a35ac04b41fe538e3503f6a709a81e846893683d4e6aec", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94670, "scanner": "repobility-docker", "fingerprint": "d0d37e758695e4c1275254d5382019da5441826378a450a1f2167cfcb2349eff", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "oracle", "variable": "ORACLE_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|d0d37e758695e4c1275254d5382019da5441826378a450a1f2167cfcb2349eff", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/oracle/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94666, "scanner": "repobility-docker", "fingerprint": "16ec32b262f7333e21bdcc1e7b28a950d78d3f54b5b1ef0356e69f62eefee214", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "opensearch", "variable": "OPENSEARCH_INITIAL_ADMIN_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|16ec32b262f7333e21bdcc1e7b28a950d78d3f54b5b1ef0356e69f62eefee214", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/opensearch/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 94654, "scanner": "repobility-threat-engine", "fingerprint": "39cfbe8d743d0992c9770e6c384da7082bddf570c28dec1144576de9db9a6e66", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/src/haystack_integrations/components/retrievers/supabase/keyword_retriever.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 94653, "scanner": "repobility-threat-engine", "fingerprint": "8e3979d95beae11a79d35f29831ac011b424e7c273fcdf0f92b552c1723f691a", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "postgresql://postgres:postgres@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|2|token", "duplicate_count": 1, "duplicate_rule_ids": ["SEC022"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["8e3979d95beae11a79d35f29831ac011b424e7c273fcdf0f92b552c1723f691a", "b0e8abe9657523232de5c19fbec3cde6cae7f379d78cfeab87f86f914c228a53"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/supabase/src/haystack_integrations/components/retrievers/supabase/embedding_retriever.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GOOGLE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94598, "scanner": "repobility-supply-chain", "fingerprint": "9ba89199488dfa54f76a67c267ecd160439b9bdd490e7bc1b5ba00da170bf726", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ba89199488dfa54f76a67c267ecd160439b9bdd490e7bc1b5ba00da170bf726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/google_genai.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94597, "scanner": "repobility-supply-chain", "fingerprint": "f022dc0b3153108032e43bf40b12675a5e984a4cbcf723b633bb2f5090e8e1f3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f022dc0b3153108032e43bf40b12675a5e984a4cbcf723b633bb2f5090e8e1f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/llama_stack.yml"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94596, "scanner": "repobility-supply-chain", "fingerprint": "1b2de4e35783ea82c0a0136509649e20d0a571ce8793be46fc962cde36bd714c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1b2de4e35783ea82c0a0136509649e20d0a571ce8793be46fc962cde36bd714c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mcp.yml"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94595, "scanner": "repobility-supply-chain", "fingerprint": "4a586e61c3dbb9b7c447f51d13c7e9dc6bb4bf1fcc75c0478282d805eb8bc4f0", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a586e61c3dbb9b7c447f51d13c7e9dc6bb4bf1fcc75c0478282d805eb8bc4f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mcp.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BRAVE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94594, "scanner": "repobility-supply-chain", "fingerprint": "239847d87aee20dfc780adca73ef6cd443c1cb9087fe83bd31e077f08fc5e9eb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|239847d87aee20dfc780adca73ef6cd443c1cb9087fe83bd31e077f08fc5e9eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mcp.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94593, "scanner": "repobility-supply-chain", "fingerprint": "c08342b0693203f0f25ffb54468d32ca48d5f1919ba6370efe47c6b42d867186", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c08342b0693203f0f25ffb54468d32ca48d5f1919ba6370efe47c6b42d867186"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fastembed.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94592, "scanner": "repobility-supply-chain", "fingerprint": "0be3463520fc40afd30b9b0cb98aa441b4ccf04b772b9be7a6952aa08b2f6ce8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0be3463520fc40afd30b9b0cb98aa441b4ccf04b772b9be7a6952aa08b2f6ce8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/weaviate.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94591, "scanner": "repobility-supply-chain", "fingerprint": "a79eb3279e57149b871913f46e64706c0d3106a14e22c302cab5e46dffd7b19f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a79eb3279e57149b871913f46e64706c0d3106a14e22c302cab5e46dffd7b19f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sqlalchemy.yml"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94589, "scanner": "repobility-supply-chain", "fingerprint": "081c4ef70e96ac3d644f3811356388bda0481e474ecf2b734b8f7392a5399670", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|081c4ef70e96ac3d644f3811356388bda0481e474ecf2b734b8f7392a5399670"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/arcadedb.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ARCADEDB_PASSWORD` on a `pull_request` trigger"}, "properties": {"repobilityId": 94588, "scanner": "repobility-supply-chain", "fingerprint": "69ed10a1a54be4b2e863f87475fb351755bfd60963715dc7061ce08ae81c5d70", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69ed10a1a54be4b2e863f87475fb351755bfd60963715dc7061ce08ae81c5d70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/arcadedb.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ARCADEDB_PASSWORD` on a `pull_request` trigger"}, "properties": {"repobilityId": 94587, "scanner": "repobility-supply-chain", "fingerprint": "b205bca19631281497285217fa2827617bdbbf5f618200d6ee27cb55e99cdba1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b205bca19631281497285217fa2827617bdbbf5f618200d6ee27cb55e99cdba1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/arcadedb.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94586, "scanner": "repobility-supply-chain", "fingerprint": "6ab74781861e6a561db1d6f286760a8e1e42fc9982848f1f52500669bb03e3a4", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ab74781861e6a561db1d6f286760a8e1e42fc9982848f1f52500669bb03e3a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cohere.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COHERE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94585, "scanner": "repobility-supply-chain", "fingerprint": "5a0c77c20d78e54ca6269b44439a0c55e0e083f523e3e5d204c61bc7a678b0bb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5a0c77c20d78e54ca6269b44439a0c55e0e083f523e3e5d204c61bc7a678b0bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cohere.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94583, "scanner": "repobility-supply-chain", "fingerprint": "a8730660fe9d70ffe3cae34dc6ce59962ca7fba7c8de3251a2fd322999322443", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a8730660fe9d70ffe3cae34dc6ce59962ca7fba7c8de3251a2fd322999322443"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/valkey.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94582, "scanner": "repobility-supply-chain", "fingerprint": "d1b6a4dccef57265a3bfd5cf62dfbc654f61b0c1159c3069e5076bf5a609cadc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d1b6a4dccef57265a3bfd5cf62dfbc654f61b0c1159c3069e5076bf5a609cadc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unstructured.yml"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94581, "scanner": "repobility-supply-chain", "fingerprint": "be3e2b21ee217dd35d3515cfa09829648a6e90165e55063a9b9188bc3181c597", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|be3e2b21ee217dd35d3515cfa09829648a6e90165e55063a9b9188bc3181c597"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/firecrawl.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.FIRECRAWL_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94580, "scanner": "repobility-supply-chain", "fingerprint": "5bf8824cc247e1b9f9b410ce4ecc6bc2c4c5354e907aaa76fe80b3db8241ad8b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5bf8824cc247e1b9f9b410ce4ecc6bc2c4c5354e907aaa76fe80b3db8241ad8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/firecrawl.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94579, "scanner": "repobility-supply-chain", "fingerprint": "5d2b69ce0297c2c4d970ae7e542579f0d09cba6e48567ba7c1edaf3238bf0895", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d2b69ce0297c2c4d970ae7e542579f0d09cba6e48567ba7c1edaf3238bf0895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/paddleocr.yml"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.PADDLEOCR_VL_API_URL` on a `pull_request` trigger"}, "properties": {"repobilityId": 94578, "scanner": "repobility-supply-chain", "fingerprint": "f556ad91ddffce0c377d3193aa10722f713ab569192172dd74d5e70383f4161e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f556ad91ddffce0c377d3193aa10722f713ab569192172dd74d5e70383f4161e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/paddleocr.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.AISTUDIO_ACCESS_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 94577, "scanner": "repobility-supply-chain", "fingerprint": "f0af45c15a6af0f20bbf699a6ba9da5dff070c751e96c87939ee5406724c9872", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0af45c15a6af0f20bbf699a6ba9da5dff070c751e96c87939ee5406724c9872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/paddleocr.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94576, "scanner": "repobility-supply-chain", "fingerprint": "0e4dab4906c0fd115d0882345f7b61ed994871fa1d8673ca115fa7f180ecf0aa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e4dab4906c0fd115d0882345f7b61ed994871fa1d8673ca115fa7f180ecf0aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvidia.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.NVIDIA_CATALOG_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94575, "scanner": "repobility-supply-chain", "fingerprint": "1f4bd8e28cbce4c4cd4808a53fc6135829572f1c6fdba33f12bec52559cdd0fa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1f4bd8e28cbce4c4cd4808a53fc6135829572f1c6fdba33f12bec52559cdd0fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvidia.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.NVIDIA_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 94574, "scanner": "repobility-supply-chain", "fingerprint": "35dabf9b9a8381a557db0e511c50b88bfb742adedb0fa5c726a30dc96bfb7d91", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35dabf9b9a8381a557db0e511c50b88bfb742adedb0fa5c726a30dc96bfb7d91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvidia.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94572, "scanner": "repobility-supply-chain", "fingerprint": "3a081d8a1d50de2c3efdbb5e219e584e7548b962c2c9a73b3abc354be7a0a730", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a081d8a1d50de2c3efdbb5e219e584e7548b962c2c9a73b3abc354be7a0a730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/falkordb.yml"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_NOTIFICATIONS` on a `pull_request` trigger"}, "properties": {"repobilityId": 94571, "scanner": "repobility-supply-chain", "fingerprint": "7c5f3adf10182d94e0e321f8923e81fa58d58db30827058cc609f4e3e815c045", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c5f3adf10182d94e0e321f8923e81fa58d58db30827058cc609f4e3e815c045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/amazon_sagemaker.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `operator` used but not imported"}, "properties": {"repobilityId": 94563, "scanner": "repobility-ast-engine", "fingerprint": "65c037e27e4883392349470978ec68db140db2c6b35f7eba8e7bd91a952edd99", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65c037e27e4883392349470978ec68db140db2c6b35f7eba8e7bd91a952edd99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/falkordb/src/haystack_integrations/document_stores/falkordb/document_store.py"}, "region": {"startLine": 828}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 94561, "scanner": "repobility-ast-engine", "fingerprint": "0a3734b9150f07118f04078a5eeece506bb0558e3eabeff1916f396ef70b2496", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a3734b9150f07118f04078a5eeece506bb0558e3eabeff1916f396ef70b2496"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/cohere/src/haystack_integrations/components/embedders/cohere/embedding_types.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `operator` used but not imported"}, "properties": {"repobilityId": 94554, "scanner": "repobility-ast-engine", "fingerprint": "630ae79b6d386461d8161f8f6b4acd04d0bd9b5a4b0a204d4c235168a2fbb593", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|630ae79b6d386461d8161f8f6b4acd04d0bd9b5a4b0a204d4c235168a2fbb593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/arcadedb/src/haystack_integrations/document_stores/arcadedb/filters.py"}, "region": {"startLine": 29}}}]}]}]}