{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_LARGE_FILES", "name": "Average file size is 976 lines (recommend <300)", "shortDescription": {"text": "Average file size is 976 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0320", "name": "yaml-rust: RUSTSEC-2024-0320", "shortDescription": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "fullDescription": {"text": "yaml-rust is unmaintained."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2020-0071", "name": "time: RUSTSEC-2020-0071", "shortDescription": {"text": "time: RUSTSEC-2020-0071"}, "fullDescription": {"text": "Potential segfault in the time crate"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0071", "name": "rsa: RUSTSEC-2023-0071", "shortDescription": {"text": "rsa: RUSTSEC-2023-0071"}, "fullDescription": {"text": "Marvin Attack: potential key recovery through timing sidechannels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2021-0141", "name": "dotenv: RUSTSEC-2021-0141", "shortDescription": {"text": "dotenv: RUSTSEC-2021-0141"}, "fullDescription": {"text": "dotenv is Unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2020-0159", "name": "chrono: RUSTSEC-2020-0159", "shortDescription": {"text": "chrono: RUSTSEC-2020-0159"}, "fullDescription": {"text": "Potential segfault in `localtime_r` invocations"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0375", "name": "atty: RUSTSEC-2024-0375", "shortDescription": {"text": "atty: RUSTSEC-2024-0375"}, "fullDescription": {"text": "`atty` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2021-0145", "name": "atty: RUSTSEC-2021-0145", "shortDescription": {"text": "atty: RUSTSEC-2021-0145"}, "fullDescription": {"text": "Potential unaligned read"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `mheap/automatic-approve-action` pinned to mutable ref `@v1.1.0`", "shortDescription": {"text": "Action `mheap/automatic-approve-action` pinned to mutable ref `@v1.1.0`"}, "fullDescription": {"text": "`uses: mheap/automatic-approve-action@v1.1.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.TOKEN_FOR_GITHUB` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.TOKEN_FOR_GITHUB` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.TOKEN_FOR_GITHUB }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/902"}, "properties": {"repository": "rust-unofficial/awesome-rust", "repoUrl": "https://github.com/rust-unofficial/awesome-rust", "branch": "main"}, "results": [{"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 976 lines (recommend <300)"}, "properties": {"repobilityId": 84226, "scanner": "repobility-core", "fingerprint": "5490e18a075d79d905914cf6a3ba88fdbb99a65fc2f701405ada18738c7d062d", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|5490e18a075d79d905914cf6a3ba88fdbb99a65fc2f701405ada18738c7d062d"}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 84225, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "RUSTSEC-2024-0320", "level": "error", "message": {"text": "yaml-rust: RUSTSEC-2024-0320"}, "properties": {"repobilityId": 84249, "scanner": "osv-scanner", "fingerprint": "70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "yaml-rust", "rule_id": "RUSTSEC-2024-0320", "scanner": "osv-scanner", "correlation_key": "fp|70967c64ce611dd07d3a189ca0d1542831d3a26c197c68aa7b72fc171615d198"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2020-0071", "level": "error", "message": {"text": "time: RUSTSEC-2020-0071"}, "properties": {"repobilityId": 84248, "scanner": "osv-scanner", "fingerprint": "697587d587922a1148a604fbaf7f5be21c8f689f769aba520d0d8b73542757ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2020-26235", "GHSA-wcg3-cvx6-7396"], "package": "time", "rule_id": "RUSTSEC-2020-0071", "scanner": "osv-scanner", "correlation_key": "vuln|time|CVE-2020-26235|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wcg3-cvx6-7396", "RUSTSEC-2020-0071"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["697587d587922a1148a604fbaf7f5be21c8f689f769aba520d0d8b73542757ab", "c3a538986c51394cbf3bc96935540d0894293550ae9f20ebe8921ea4bb83b67d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0071", "level": "error", "message": {"text": "rsa: RUSTSEC-2023-0071"}, "properties": {"repobilityId": 84247, "scanner": "osv-scanner", "fingerprint": "8d2ec21cf46ba80ff1843c2b573a651f4162fc37b24b67de47343d2180e0463e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-49092", "GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr"], "package": "rsa", "rule_id": "RUSTSEC-2023-0071", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2023-49092|cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2021-0141", "level": "error", "message": {"text": "dotenv: RUSTSEC-2021-0141"}, "properties": {"repobilityId": 84246, "scanner": "osv-scanner", "fingerprint": "510e3e5120ab09f35912b276d001ec907e20d8e6984fe9dc6fd321e83d0eb4d2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "dotenv", "rule_id": "RUSTSEC-2021-0141", "scanner": "osv-scanner", "correlation_key": "fp|510e3e5120ab09f35912b276d001ec907e20d8e6984fe9dc6fd321e83d0eb4d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2020-0159", "level": "error", "message": {"text": "chrono: RUSTSEC-2020-0159"}, "properties": {"repobilityId": 84245, "scanner": "osv-scanner", "fingerprint": "99132519162e5d319db2b61f0257b899da1111af74b8aaa5489f1fa2d4881856", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "chrono", "rule_id": "RUSTSEC-2020-0159", "scanner": "osv-scanner", "correlation_key": "fp|99132519162e5d319db2b61f0257b899da1111af74b8aaa5489f1fa2d4881856"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0375", "level": "error", "message": {"text": "atty: RUSTSEC-2024-0375"}, "properties": {"repobilityId": 84244, "scanner": "osv-scanner", "fingerprint": "7659bfa3796c87ab29d2fa2fed8de97a968f38d0d7927cd19e00695ce8330bd5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atty", "rule_id": "RUSTSEC-2024-0375", "scanner": "osv-scanner", "correlation_key": "fp|7659bfa3796c87ab29d2fa2fed8de97a968f38d0d7927cd19e00695ce8330bd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2021-0145", "level": "error", "message": {"text": "atty: RUSTSEC-2021-0145"}, "properties": {"repobilityId": 84243, "scanner": "osv-scanner", "fingerprint": "a1c674679a0daa9ad82d1d4917872781295adfcddd1cd580124d38ff15d2687a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-g98v-hv3f-hcfr"], "package": "atty", "rule_id": "RUSTSEC-2021-0145", "scanner": "osv-scanner", "correlation_key": "vuln|atty|GHSA-G98V-HV3F-HCFR|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-g98v-hv3f-hcfr", "RUSTSEC-2021-0145"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["40f04d504386f433be36aeb657151d1f32299623bc61dff32f4ed07d1989ada2", "a1c674679a0daa9ad82d1d4917872781295adfcddd1cd580124d38ff15d2687a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mheap/automatic-approve-action` pinned to mutable ref `@v1.1.0`"}, "properties": {"repobilityId": 84242, "scanner": "repobility-supply-chain", "fingerprint": "c6509d66806e162faea72d0a8527988c6e3a363c712874db591a1d3f4eb720f8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c6509d66806e162faea72d0a8527988c6e3a363c712874db591a1d3f4eb720f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/approve.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/save` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 84239, "scanner": "repobility-supply-chain", "fingerprint": "2986d4d4329d46b2f28208a210ae74292f0cf33669fc714f929211cd42c31a28", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2986d4d4329d46b2f28208a210ae74292f0cf33669fc714f929211cd42c31a28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache/restore` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 84238, "scanner": "repobility-supply-chain", "fingerprint": "d4926bcb19515fd9ab392abb3710d0412419ffae44144c502d417dcb276ccdbd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4926bcb19515fd9ab392abb3710d0412419ffae44144c502d417dcb276ccdbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 84237, "scanner": "repobility-supply-chain", "fingerprint": "49f12b41601ffa3446b11ee44c9439da814eb8f691a162230c6be30169aa0403", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49f12b41601ffa3446b11ee44c9439da814eb8f691a162230c6be30169aa0403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 84236, "scanner": "repobility-supply-chain", "fingerprint": "ab7277c85660319f56a9a7eec290fad74cb270b2811ec44c679be24c656c0a87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab7277c85660319f56a9a7eec290fad74cb270b2811ec44c679be24c656c0a87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84235, "scanner": "repobility-supply-chain", "fingerprint": "d35e2bdd71124d7e5dabc0526908a392bcf7a9e9da56e27e7838485b9f62fd49", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d35e2bdd71124d7e5dabc0526908a392bcf7a9e9da56e27e7838485b9f62fd49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 84234, "scanner": "repobility-supply-chain", "fingerprint": "2419c86dba99e01cd58b15901952f66f88735ccf2d4e66046601ad56762d362d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2419c86dba99e01cd58b15901952f66f88735ccf2d4e66046601ad56762d362d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_tidyup.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 84233, "scanner": "repobility-supply-chain", "fingerprint": "a42896691edb9ef5e1c951ea09c467c64537a2db160b9e5f24eff2208ce4fdd6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a42896691edb9ef5e1c951ea09c467c64537a2db160b9e5f24eff2208ce4fdd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_tidyup.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84232, "scanner": "repobility-supply-chain", "fingerprint": "0ab46b8c6618f1fe7e46c0f32a6688634f8f6122a48c2173198d8e00daba8669", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ab46b8c6618f1fe7e46c0f32a6688634f8f6122a48c2173198d8e00daba8669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr_tidyup.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84231, "scanner": "repobility-supply-chain", "fingerprint": "5cb5702148938ec82e0b2eaa59ed2029f80db22ee57147e63b4ff96fd5ceffb8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cb5702148938ec82e0b2eaa59ed2029f80db22ee57147e63b4ff96fd5ceffb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84230, "scanner": "repobility-supply-chain", "fingerprint": "b1bf7c027436b33931081d865bcde25e08ff24aeeb740e20367bf9710c19936d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1bf7c027436b33931081d865bcde25e08ff24aeeb740e20367bf9710c19936d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `editorconfig-checker/action-editorconfig-checker` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 84229, "scanner": "repobility-supply-chain", "fingerprint": "61296d5597be99e3a2a589fbe7c43bdafc8423f9fad3904527ada532d126469e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61296d5597be99e3a2a589fbe7c43bdafc8423f9fad3904527ada532d126469e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84228, "scanner": "repobility-supply-chain", "fingerprint": "6fcae2bec756b1db11095c41f0c769407e45654e90c43adb57ee639b88cb5743", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6fcae2bec756b1db11095c41f0c769407e45654e90c43adb57ee639b88cb5743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 84227, "scanner": "repobility-supply-chain", "fingerprint": "663e491cecd50dbc6ab7eb40c285fec3b626056da6137af010787ce71000d192", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|663e491cecd50dbc6ab7eb40c285fec3b626056da6137af010787ce71000d192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.TOKEN_FOR_GITHUB` on a `pull_request` trigger"}, "properties": {"repobilityId": 84241, "scanner": "repobility-supply-chain", "fingerprint": "790fccb12f52ab15e989977a582dbbe33190c33b233d529676feffe4c02be384", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|790fccb12f52ab15e989977a582dbbe33190c33b233d529676feffe4c02be384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.USERNAME_FOR_GITHUB` on a `pull_request` trigger"}, "properties": {"repobilityId": 84240, "scanner": "repobility-supply-chain", "fingerprint": "71a8f5e22eb3c3bead34702a65ad5ef12e78ec20a9388db31cb8ce3b6aad207c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71a8f5e22eb3c3bead34702a65ad5ef12e78ec20a9388db31cb8ce3b6aad207c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust.yml"}, "region": {"startLine": 40}}}]}]}]}