{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/reindex."}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 10.5% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 10.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `workflows-docs` image uses the latest tag", "shortDescription": {"text": "Compose service `workflows-docs` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workfl", "shortDescription": {"text": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise ("}, "fullDescription": {"text": "Replace with: `uses: actions/deploy-pages@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `node:20` not pinned by digest: `FROM node:20` resolves the tag at build time. The registry C", "shortDescription": {"text": "[MINED118] Dockerfile FROM `node:20` not pinned by digest: `FROM node:20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to "}, "fullDescription": {"text": "Replace with: `FROM node:20@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "[MINED113] Express POST /api/reindex has no auth: Express route POST /api/reindex declared without an auth middleware in", "shortDescription": {"text": "[MINED113] Express POST /api/reindex has no auth: Express route POST /api/reindex declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken acce"}, "fullDescription": {"text": "Add an auth middleware: app.post('/api/reindex', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /api/workflows/{workflow_id}/download has no auth: Handler `track_workflow_download` is register", "shortDescription": {"text": "[MINED112] FastAPI POST /api/workflows/{workflow_id}/download has no auth: Handler `track_workflow_download` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function bo"}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.get_db_connection` used but never assigned in __init__: Method `search_workflows_intelligent` of class ", "shortDescription": {"text": "[MINED108] `self.get_db_connection` used but never assigned in __init__: Method `search_workflows_intelligent` of class `WorkflowAssistant` reads `self.get_db_connection`, but no assignment to it exists in __init__ (and no class-level fallb"}, "fullDescription": {"text": "Initialize `self.get_db_connection = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_sample_workflows: Test function `test_sample_workflows` runs code but contains no", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_sample_workflows: Test function `test_sample_workflows` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/workflows/{workflow_id}/"}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `collections` used but not imported: The file uses `collections.something(...)` but never imp", "shortDescription": {"text": "[MINED107] Missing import: `collections` used but not imported: The file uses `collections.something(...)` but never imports `collections`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import collections` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC008", "name": "Compose service mounts the Docker socket", "shortDescription": {"text": "Compose service mounts the Docker socket"}, "fullDescription": {"text": "Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/922"}, "properties": {"repository": "Zie619/n8n-workflows", "repoUrl": "https://github.com/Zie619/n8n-workflows", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86767, "scanner": "repobility-ast-engine", "fingerprint": "b9ebdbf5ad50564eda40ea37039197203f2ef123fb854a1142a4b4051ac9fec3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9ebdbf5ad50564eda40ea37039197203f2ef123fb854a1142a4b4051ac9fec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/update_readme_stats.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86766, "scanner": "repobility-ast-engine", "fingerprint": "325c35d27ee1453fa9be70d6bfcf61cc0732b6e8af98d430ba93cd750785578d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|325c35d27ee1453fa9be70d6bfcf61cc0732b6e8af98d430ba93cd750785578d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/generate_search_index.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86765, "scanner": "repobility-ast-engine", "fingerprint": "7e7a84f99e1bc91bc9549ccbb8611c426301148e34dfadb20ee796814f3bfbc9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e7a84f99e1bc91bc9549ccbb8611c426301148e34dfadb20ee796814f3bfbc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 454}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86764, "scanner": "repobility-ast-engine", "fingerprint": "13e35b1da5c798a77b6f46eaae6c848a2334c5651bbdec6a8662882cde0ccfd3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13e35b1da5c798a77b6f46eaae6c848a2334c5651bbdec6a8662882cde0ccfd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 370}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86763, "scanner": "repobility-ast-engine", "fingerprint": "5931ed7d88becf35874cb42af0ac24eb108770635a318c07407e8b5a8ebf04d0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5931ed7d88becf35874cb42af0ac24eb108770635a318c07407e8b5a8ebf04d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86761, "scanner": "repobility-ast-engine", "fingerprint": "546a9484c884c38bb208db4a2925910c4ae43d9f3d12a2b43cbde299018d33b5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|546a9484c884c38bb208db4a2925910c4ae43d9f3d12a2b43cbde299018d33b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86760, "scanner": "repobility-ast-engine", "fingerprint": "a6f4417c45c6551a2fba22c9f488afd6e9b7437838007e57351375ca56f10ddf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6f4417c45c6551a2fba22c9f488afd6e9b7437838007e57351375ca56f10ddf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86759, "scanner": "repobility-ast-engine", "fingerprint": "2bb8abb7693aefb23544e4c77b89fe097941d853c6bd6a9afad0f912ddfab367", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bb8abb7693aefb23544e4c77b89fe097941d853c6bd6a9afad0f912ddfab367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86758, "scanner": "repobility-ast-engine", "fingerprint": "ebdab68d768589bc783c469941ffabb69803136f81a4f151d98d0492eef9fdfd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebdab68d768589bc783c469941ffabb69803136f81a4f151d98d0492eef9fdfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86757, "scanner": "repobility-ast-engine", "fingerprint": "878633aeb328a40229eda2298c1dd1d57dda803fb264cd677ef596d86ffcb809", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|878633aeb328a40229eda2298c1dd1d57dda803fb264cd677ef596d86ffcb809"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86755, "scanner": "repobility-ast-engine", "fingerprint": "040dc7874fb359be77f843a5ae6fbc03d5ba9ad87eceb8a940642bc81ccf9afb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|040dc7874fb359be77f843a5ae6fbc03d5ba9ad87eceb8a940642bc81ccf9afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 230}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86754, "scanner": "repobility-ast-engine", "fingerprint": "a83c1347ca7c3219ac5849ccfc311dacf57fd5fcfa7f4f89e44dd7e8dbd050c5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a83c1347ca7c3219ac5849ccfc311dacf57fd5fcfa7f4f89e44dd7e8dbd050c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86753, "scanner": "repobility-ast-engine", "fingerprint": "0213ff6d22aec3d4f7e7650b2ee00856e2a687199c2d10893cac9426b4e15ce5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0213ff6d22aec3d4f7e7650b2ee00856e2a687199c2d10893cac9426b4e15ce5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86735, "scanner": "repobility-ast-engine", "fingerprint": "594f38a89c5164e2c435df49d8523fb6f02e7ee59bc8785b4858554a90aca630", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|594f38a89c5164e2c435df49d8523fb6f02e7ee59bc8785b4858554a90aca630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "run.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86734, "scanner": "repobility-ast-engine", "fingerprint": "4e3f4c90bcc4c321711c21c2e91a28b2f4d0fa49f3faa110c7dc10cb26d32036", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e3f4c90bcc4c321711c21c2e91a28b2f4d0fa49f3faa110c7dc10cb26d32036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "run.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86733, "scanner": "repobility-ast-engine", "fingerprint": "6eb2ed09942da6ac5eacc1ba9939312770ac77c9a4c40b3bde253e2948f53cbb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6eb2ed09942da6ac5eacc1ba9939312770ac77c9a4c40b3bde253e2948f53cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86725, "scanner": "repobility-ast-engine", "fingerprint": "fba326406d2618463fcf8808e63148d2fa6e3ea144f659f644c59d1354e4fff0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fba326406d2618463fcf8808e63148d2fa6e3ea144f659f644c59d1354e4fff0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 794}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86724, "scanner": "repobility-ast-engine", "fingerprint": "e148966cd9690f97e4ecb7bab92aa290a243b6d2e1f499d3f42b640fe228611b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e148966cd9690f97e4ecb7bab92aa290a243b6d2e1f499d3f42b640fe228611b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 727}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86723, "scanner": "repobility-ast-engine", "fingerprint": "611a6bd6c1f82bc26fba3622ffd719c2cbe922dff4304281d52354325bc088a3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|611a6bd6c1f82bc26fba3622ffd719c2cbe922dff4304281d52354325bc088a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86722, "scanner": "repobility-ast-engine", "fingerprint": "d4ad6b3d2972d9b913a071420c38c1c7fa8cfd00f301aa6022013d35187ed1fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4ad6b3d2972d9b913a071420c38c1c7fa8cfd00f301aa6022013d35187ed1fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 609}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86721, "scanner": "repobility-ast-engine", "fingerprint": "254019be942bce55922f6ce8ac4133057f94b19fb9b87cc1f40d1ccaefa04d0f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|254019be942bce55922f6ce8ac4133057f94b19fb9b87cc1f40d1ccaefa04d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86720, "scanner": "repobility-ast-engine", "fingerprint": "35c39f219e358d714e63b00bce032f3b2aad1178f9ec4b9eb53298f207f2401f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35c39f219e358d714e63b00bce032f3b2aad1178f9ec4b9eb53298f207f2401f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 787}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 86719, "scanner": "repobility-ast-engine", "fingerprint": "ac92888daadf455cd49d504d70aa80ee02a6e141aa9530dc89b392e1b959b8a6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac92888daadf455cd49d504d70aa80ee02a6e141aa9530dc89b392e1b959b8a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_workflows.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 86717, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 86713, "scanner": "repobility-journey-contract", "fingerprint": "e3833127c9af2bc8398f0ce98afb35e177d94ec9166a09f2a2f11c7b4defd552", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v2/workflows", "correlation_key": "fp|e3833127c9af2bc8398f0ce98afb35e177d94ec9166a09f2a2f11c7b4defd552", "backend_endpoint_count": 19}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "static/mobile-interface.html"}, "region": {"startLine": 469}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 86711, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 26, "file_path": "api_server.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 287, "file_path": "src/performance_monitor.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 253, "file_path": "src/ai_assistant.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 247, "file_path": "src/integration_hub.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 385, "file_path": "src/user_management.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/reindex."}, "properties": {"repobilityId": 86710, "scanner": "repobility-access-control", "fingerprint": "e747956970a463360ff80e5d0d41cc2d5835cc1c2b2c7284de062384b124494b", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/reindex", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|api_server.py|573|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 573}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 10.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 86705, "scanner": "repobility-access-control", "fingerprint": "3f07e5874e5a70e46c28dfbc76b5189e1785feeb73ddee7acf57e61e34198c46", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 19, "correlation_key": "fp|3f07e5874e5a70e46c28dfbc76b5189e1785feeb73ddee7acf57e61e34198c46", "auth_visible_percent": 10.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 86704, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `workflows-docs` image uses the latest tag"}, "properties": {"repobilityId": 86701, "scanner": "repobility-docker", "fingerprint": "dcdf639f9a07b51fcc2e1e77cc593c644d8886dd09ada8b6280aa01ea44dfb9e", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "workflows-doc:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dcdf639f9a07b51fcc2e1e77cc593c644d8886dd09ada8b6280aa01ea44dfb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `comfyui` image uses the latest tag"}, "properties": {"repobilityId": 86698, "scanner": "repobility-docker", "fingerprint": "76caff7a74c97e249971923fcde83a7b4b0913875a0653664b62519801c765d7", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "aidockorg/comfyui-cuda:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|76caff7a74c97e249971923fcde83a7b4b0913875a0653664b62519801c765d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `agent-zero` image uses the latest tag"}, "properties": {"repobilityId": 86695, "scanner": "repobility-docker", "fingerprint": "b0be8d4d0242d43b487ed0e7d4f7bfb9798e695399a0c4c45f688061cce84c86", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "frdel/agent-zero-run:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b0be8d4d0242d43b487ed0e7d4f7bfb9798e695399a0c4c45f688061cce84c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `n8n` image uses the latest tag"}, "properties": {"repobilityId": 86692, "scanner": "repobility-docker", "fingerprint": "e5ffa506d0d344eac53d1240ed5c9749186fd9cfd013d4c5fe37f6cf59489d61", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "n8nio/n8n:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5ffa506d0d344eac53d1240ed5c9749186fd9cfd013d4c5fe37f6cf59489d61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 86691, "scanner": "repobility-docker", "fingerprint": "a90f9d741467fae8fd49bae90665e199c0e33292501f6e1b14f43ad3347d0f5e", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a90f9d741467fae8fd49bae90665e199c0e33292501f6e1b14f43ad3347d0f5e", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 86687, "scanner": "repobility-agent-runtime", "fingerprint": "cd68ea93a908a1c7a80451ed797afc6db950c79b400affd72da9179da19e2db8", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|cd68ea93a908a1c7a80451ed797afc6db950c79b400affd72da9179da19e2db8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 86716, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 86715, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 86714, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 86712, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 86702, "scanner": "repobility-docker", "fingerprint": "b475622bc6c7ce56787d76ba73adf53e45403f7a8f2512d3760503f86cb3db5f", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "workflows-docs", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b475622bc6c7ce56787d76ba73adf53e45403f7a8f2512d3760503f86cb3db5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 86700, "scanner": "repobility-docker", "fingerprint": "b767496b80923862d7a723e2386ac600f64135f88e94ef493f47e5feb8a3885a", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "comfyui", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b767496b80923862d7a723e2386ac600f64135f88e94ef493f47e5feb8a3885a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 86699, "scanner": "repobility-docker", "fingerprint": "9d65c76c0f199446f9a5b35fecbdce5b3dca51de76fca51a76797260193f6e26", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "comfyui", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9d65c76c0f199446f9a5b35fecbdce5b3dca51de76fca51a76797260193f6e26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 86697, "scanner": "repobility-docker", "fingerprint": "fa5560e9deaddbf4058d9f9c5441328d7a9919708274dc2987d56d29e7b50a76", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "agent-zero", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|fa5560e9deaddbf4058d9f9c5441328d7a9919708274dc2987d56d29e7b50a76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 86696, "scanner": "repobility-docker", "fingerprint": "99a61e7ebdf71783a6618f1b7ac79015ace78f947623fca399ba6a5a1d52d853", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "agent-zero", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|99a61e7ebdf71783a6618f1b7ac79015ace78f947623fca399ba6a5a1d52d853"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 86694, "scanner": "repobility-docker", "fingerprint": "8a68a0a43fb9b3f41e37a078a99ab160b5ecc2700a282306de634696db41bc34", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "n8n", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8a68a0a43fb9b3f41e37a078a99ab160b5ecc2700a282306de634696db41bc34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 86693, "scanner": "repobility-docker", "fingerprint": "475c85e6cbb311db9b1b14672a01b8d840f3dc92465626d7490e10317c8f6b9d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "n8n", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|475c85e6cbb311db9b1b14672a01b8d840f3dc92465626d7490e10317c8f6b9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai-stack/docker-compose.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 86690, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 86689, "scanner": "repobility-docker", "fingerprint": "5a420e03ee485bc232d906ba582b4355ab4b182a31e71926cb62c339d9fe375e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5a420e03ee485bc232d906ba582b4355ab4b182a31e71926cb62c339d9fe375e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 86688, "scanner": "repobility-docker", "fingerprint": "ae561ecfbae585f7c5142fb000d13cdc32b70b15bf79468d5b80b0cdd764190e", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ae561ecfbae585f7c5142fb000d13cdc32b70b15bf79468d5b80b0cdd764190e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 86686, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b501d9843725f7aa936f8295cdb884d7d3829cec24685995c044214e86db9698", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/integration_hub.py", "duplicate_line": 281, "correlation_key": "fp|b501d9843725f7aa936f8295cdb884d7d3829cec24685995c044214e86db9698"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/user_management.py"}, "region": {"startLine": 410}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 86685, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4851199503a8b9b06a8696850d099d33c8e6a2c178576d8d3053c1d710d178fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/analytics_engine.py", "duplicate_line": 328, "correlation_key": "fp|4851199503a8b9b06a8696850d099d33c8e6a2c178576d8d3053c1d710d178fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 86684, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba75a1cac189200caafcb2a29fdbf7954c7f6308c32a9cb7be86b6280c766405", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/generate_search_index.py", "duplicate_line": 108, "correlation_key": "fp|ba75a1cac189200caafcb2a29fdbf7954c7f6308c32a9cb7be86b6280c766405"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/update_readme_stats.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 86682, "scanner": "repobility-threat-engine", "fingerprint": "eb65162b1fe97ca88ce15be4ef17d703e5be73b93317122c3af323464e4b6440", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb65162b1fe97ca88ce15be4ef17d703e5be73b93317122c3af323464e4b6440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.js"}, "region": {"startLine": 322}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 86681, "scanner": "repobility-threat-engine", "fingerprint": "4b730d2b67b552cbc49d5ae6e2a3934f6e5c75f23b3e116d1ca070ae10c7dcc5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b730d2b67b552cbc49d5ae6e2a3934f6e5c75f23b3e116d1ca070ae10c7dcc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/deploy.sh"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 86680, "scanner": "repobility-threat-engine", "fingerprint": "c08d50b3bd461d0bb678f10aa59ca26e204c357e38d91e790343d69f7648ed65", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c08d50b3bd461d0bb678f10aa59ca26e204c357e38d91e790343d69f7648ed65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "run.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 86678, "scanner": "repobility-threat-engine", "fingerprint": "489e69dd2e7aa3fc664ac7fdf67e8423c436f56715249752a2b715cdfdebb712", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|489e69dd2e7aa3fc664ac7fdf67e8423c436f56715249752a2b715cdfdebb712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "medcards-ai/src/types/database.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 86677, "scanner": "repobility-threat-engine", "fingerprint": "8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 86676, "scanner": "repobility-threat-engine", "fingerprint": "0a8c80fb10fec7f97bc35c579d772a1f6295f11be2e3e519cf5ab6e02290be5d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a8c80fb10fec7f97bc35c579d772a1f6295f11be2e3e519cf5ab6e02290be5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/init-db.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 86675, "scanner": "repobility-threat-engine", "fingerprint": "ca9a4cc9acbe3f915800491262318118b827e4b3d0777785f7091bf1dbc2dc08", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca9a4cc9acbe3f915800491262318118b827e4b3d0777785f7091bf1dbc2dc08"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/index-workflows.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 86674, "scanner": "repobility-threat-engine", "fingerprint": "700cb4114bc62dc9be50f32c94ead5b288b9a0fe42da3dd62007379cf90360c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|700cb4114bc62dc9be50f32c94ead5b288b9a0fe42da3dd62007379cf90360c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/js/app.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86806, "scanner": "repobility-supply-chain", "fingerprint": "d3bcd753fb0f7986901aef0c1118adc4cca81a0c3dd04d71aeb5205ce5dea126", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3bcd753fb0f7986901aef0c1118adc4cca81a0c3dd04d71aeb5205ce5dea126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-deploy.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-pages-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-pages-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86805, "scanner": "repobility-supply-chain", "fingerprint": "795d6c3cd22b2ecb600fed9c45718d965cb4ebc2f9df878aa36a55633f14fd23", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|795d6c3cd22b2ecb600fed9c45718d965cb4ebc2f9df878aa36a55633f14fd23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-deploy.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/configure-pages` pinned to mutable ref `@v5`: `uses: actions/configure-pages@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86804, "scanner": "repobility-supply-chain", "fingerprint": "aad66d8323e5c5e83995c0106b9411ec3b87a5568e66a18518fdf84ae494a562", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aad66d8323e5c5e83995c0106b9411ec3b87a5568e66a18518fdf84ae494a562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-deploy.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86803, "scanner": "repobility-supply-chain", "fingerprint": "001a827a207717b19a0227bbda06320bb3c6b4304a65032b44f5f387359c0439", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|001a827a207717b19a0227bbda06320bb3c6b4304a65032b44f5f387359c0439"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pages-deploy.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86802, "scanner": "repobility-supply-chain", "fingerprint": "bb8c41e4306356c433e100ee22ef42f2867385edf2c34e046ea41dbca5a3023d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb8c41e4306356c433e100ee22ef42f2867385edf2c34e046ea41dbca5a3023d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86801, "scanner": "repobility-supply-chain", "fingerprint": "1507975bb85629751463cbe3c39106432354536a05e1e54addb4014490feb30b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1507975bb85629751463cbe3c39106432354536a05e1e54addb4014490feb30b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86800, "scanner": "repobility-supply-chain", "fingerprint": "5535c98c8372c480051620f10e851f83094ff5344917db1c74a298fd3ab0922e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5535c98c8372c480051620f10e851f83094ff5344917db1c74a298fd3ab0922e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `github/codeql-action/upload-sarif` pinned to mutable ref `@v3`: `uses: github/codeql-action/upload-sarif@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86799, "scanner": "repobility-supply-chain", "fingerprint": "7c1b75e9d531bd4ecacaf71d3a1d52180a2aeceb754166fb2e099f9cede1f571", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c1b75e9d531bd4ecacaf71d3a1d52180a2aeceb754166fb2e099f9cede1f571"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `aquasecurity/trivy-action` pinned to mutable ref `@master`: `uses: aquasecurity/trivy-action@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86798, "scanner": "repobility-supply-chain", "fingerprint": "869460189747235b6bdee801d0172b8a3a6de0bd09ef871eda43304365aad354", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|869460189747235b6bdee801d0172b8a3a6de0bd09ef871eda43304365aad354"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86797, "scanner": "repobility-supply-chain", "fingerprint": "575d1ca3bb37bbe312d76ca6b951c46886565c7a1a9048eb4ada2ffdb8a5d46c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|575d1ca3bb37bbe312d76ca6b951c46886565c7a1a9048eb4ada2ffdb8a5d46c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86796, "scanner": "repobility-supply-chain", "fingerprint": "a9ce2edef5ae7b45af223cf613b19a98f0b7a531c4cbfc1dfcd54c7f867fa984", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9ce2edef5ae7b45af223cf613b19a98f0b7a531c4cbfc1dfcd54c7f867fa984"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86795, "scanner": "repobility-supply-chain", "fingerprint": "28d1d16799677f95fd5a3b2bed5d8a4a6c23935b1f88fbfc4bc5750aa87602b5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28d1d16799677f95fd5a3b2bed5d8a4a6c23935b1f88fbfc4bc5750aa87602b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86794, "scanner": "repobility-supply-chain", "fingerprint": "0b0fb17774fefd8ca622b7432a058691472dd646d8bc2eaefb9c0b1142790590", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b0fb17774fefd8ca622b7432a058691472dd646d8bc2eaefb9c0b1142790590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-cd.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/deploy-pages` pinned to mutable ref `@v4`: `uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86793, "scanner": "repobility-supply-chain", "fingerprint": "fc6ea51b5d9f26afe6457dec4e91abc3e8ef2a2aa312bad7d3884323cba4477b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fc6ea51b5d9f26afe6457dec4e91abc3e8ef2a2aa312bad7d3884323cba4477b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pages.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-pages-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-pages-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86792, "scanner": "repobility-supply-chain", "fingerprint": "e6861d2568468b083694a792f73b8f4b9a56183bf70f63e00805702f8dfbd337", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6861d2568468b083694a792f73b8f4b9a56183bf70f63e00805702f8dfbd337"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pages.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/configure-pages` pinned to mutable ref `@v5`: `uses: actions/configure-pages@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86791, "scanner": "repobility-supply-chain", "fingerprint": "9f5ccc798268eccaebd87e5abcce2856a619135960753c7812c8b622c58dfc50", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f5ccc798268eccaebd87e5abcce2856a619135960753c7812c8b622c58dfc50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pages.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86790, "scanner": "repobility-supply-chain", "fingerprint": "3f430549b71f93c4dff11a353c4123861f03599cd13cff5bfffb7053c4058ca4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f430549b71f93c4dff11a353c4123861f03599cd13cff5bfffb7053c4058ca4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pages.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86789, "scanner": "repobility-supply-chain", "fingerprint": "c35604a6c8121080bb35cdb9b85111cea01aa317d44ee72d8c0cebbdfccf1bf7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c35604a6c8121080bb35cdb9b85111cea01aa317d44ee72d8c0cebbdfccf1bf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pages.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86788, "scanner": "repobility-supply-chain", "fingerprint": "d5e94f5932e62edb25045a64451251520f5d9bd01db11689f70a079b32287a58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d5e94f5932e62edb25045a64451251520f5d9bd01db11689f70a079b32287a58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86787, "scanner": "repobility-supply-chain", "fingerprint": "ebad692f7df4138442f769fa48dd78028a0bc9a92603f8ccc3d1bdb37d1f3d47", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ebad692f7df4138442f769fa48dd78028a0bc9a92603f8ccc3d1bdb37d1f3d47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86786, "scanner": "repobility-supply-chain", "fingerprint": "ffbcbc77ed189ed77849f7bba37b953d823fb325c688ac1e20092edba42c73f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ffbcbc77ed189ed77849f7bba37b953d823fb325c688ac1e20092edba42c73f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-readme.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 86785, "scanner": "repobility-supply-chain", "fingerprint": "0158d47a3a89562d5b6b691dc5780837b4d38c0cd5a9cf844d7d006a9a5ff225", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0158d47a3a89562d5b6b691dc5780837b4d38c0cd5a9cf844d7d006a9a5ff225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-readme.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20` not pinned by digest: `FROM node:20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 86784, "scanner": "repobility-supply-chain", "fingerprint": "0b716e66108663557378962ec19aa6aa5699fe10e1bf7eff56dc675bfd6f41a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b716e66108663557378962ec19aa6aa5699fe10e1bf7eff56dc675bfd6f41a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim-bookworm` not pinned by digest: `FROM python:3.11-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 86783, "scanner": "repobility-supply-chain", "fingerprint": "6b113b2e638299bedf25fe263e4ea2d50c211a85d0ab5734a6171782dc48520f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b113b2e638299bedf25fe263e4ea2d50c211a85d0ab5734a6171782dc48520f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /api/reindex has no auth: Express route POST /api/reindex declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 86782, "scanner": "repobility-route-auth", "fingerprint": "d7f50b4c41dba68a4e331ed9d5833fc61080a8ec63fb0e0a246f96e9b2cefa72", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|d7f50b4c41dba68a4e331ed9d5833fc61080a8ec63fb0e0a246f96e9b2cefa72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.js"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/workflows/{workflow_id}/download has no auth: Handler `track_workflow_download` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86781, "scanner": "repobility-route-auth", "fingerprint": "6fceee0dc081c89738f9a9b601321e095016236d659252444b02dd535a12589d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6fceee0dc081c89738f9a9b601321e095016236d659252444b02dd535a12589d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 488}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/workflows/{workflow_id}/view has no auth: Handler `track_workflow_view` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86780, "scanner": "repobility-route-auth", "fingerprint": "0f84e4a91cf39a29635585e78c5ff47da27eda2405a1fca4aaf2687f5dbb0099", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|0f84e4a91cf39a29635585e78c5ff47da27eda2405a1fca4aaf2687f5dbb0099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 482}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/workflows/{workflow_id}/rate has no auth: Handler `rate_workflow` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86779, "scanner": "repobility-route-auth", "fingerprint": "aca7133dbce25a1e6aafcbfcf6cca354c9408be63e369e1b5dbb72057f8de7cb", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|aca7133dbce25a1e6aafcbfcf6cca354c9408be63e369e1b5dbb72057f8de7cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 444}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/v2/analytics/custom has no auth: Handler `get_custom_analytics` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86778, "scanner": "repobility-route-auth", "fingerprint": "ea07b88e7c5e7e6f241f5de146061036d4c97e7bd5a4564176ba9613c600ed44", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ea07b88e7c5e7e6f241f5de146061036d4c97e7bd5a4564176ba9613c600ed44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/enhanced_api.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/v2/recommendations has no auth: Handler `get_workflow_recommendations` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86777, "scanner": "repobility-route-auth", "fingerprint": "b12d990da5f28aa7a35d7d126a944269aeb9386be6494d89326fdbe7a5264057", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b12d990da5f28aa7a35d7d126a944269aeb9386be6494d89326fdbe7a5264057"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/enhanced_api.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/v2/workflows/search has no auth: Handler `advanced_workflow_search` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86776, "scanner": "repobility-route-auth", "fingerprint": "c2b93fc65863710e7292d2665e6f0ef4cee288238c3a9573934374545ccd2ae6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c2b93fc65863710e7292d2665e6f0ef4cee288238c3a9573934374545ccd2ae6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/enhanced_api.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /auth/register has no auth: Handler `register_user` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86775, "scanner": "repobility-route-auth", "fingerprint": "d83ae1b1595a37f36cc35624de64c7f056a2055546b1d874d2d06ebd9f17235f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d83ae1b1595a37f36cc35624de64c7f056a2055546b1d874d2d06ebd9f17235f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/user_management.py"}, "region": {"startLine": 415}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /webhooks/{endpoint} has no auth: Handler `handle_webhook_endpoint` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86774, "scanner": "repobility-route-auth", "fingerprint": "50ba92cbb23b3fe28dcecbbdb82f419402a495f041fc05be702f252b5fb572f9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|50ba92cbb23b3fe28dcecbbdb82f419402a495f041fc05be702f252b5fb572f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 305}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /integrations/airtable/export has no auth: Handler `export_airtable` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86773, "scanner": "repobility-route-auth", "fingerprint": "f52ee720f7246643aa2265cff2ae63dca72e4d8e7b1556c289c1174571cffd07", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f52ee720f7246643aa2265cff2ae63dca72e4d8e7b1556c289c1174571cffd07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /integrations/discord/notify has no auth: Handler `notify_discord` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86772, "scanner": "repobility-route-auth", "fingerprint": "4c4b8c7ea493159156b71735e075c3b2ba71b9f186dc8d9e214f0fe3d91dc167", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4c4b8c7ea493159156b71735e075c3b2ba71b9f186dc8d9e214f0fe3d91dc167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /integrations/slack/notify has no auth: Handler `notify_slack` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86771, "scanner": "repobility-route-auth", "fingerprint": "e5fc906466b44f996d516759745ab6fbab3ac7ed4136f269e441162e67f22682", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e5fc906466b44f996d516759745ab6fbab3ac7ed4136f269e441162e67f22682"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/integration_hub.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /chat has no auth: Handler `chat_with_assistant` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86770, "scanner": "repobility-route-auth", "fingerprint": "b37c8922d1689827987d6630a24af88d58ff8f9a8655fa6e0b2e7b081e78a64e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b37c8922d1689827987d6630a24af88d58ff8f9a8655fa6e0b2e7b081e78a64e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai_assistant.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /monitor/alerts/{alert_id}/resolve has no auth: Handler `resolve_alert` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86769, "scanner": "repobility-route-auth", "fingerprint": "2508cc6731c74b7897e08925aa6d5b4e8c0130f676da56167249cc378f0df29f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2508cc6731c74b7897e08925aa6d5b4e8c0130f676da56167249cc378f0df29f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/reindex has no auth: Handler `reindex_workflows` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 86768, "scanner": "repobility-route-auth", "fingerprint": "2a8d087c3fdbb6f5f5b7d30decb5845bbec7e3fa910db44aa3ae8713ce4fb472", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2a8d087c3fdbb6f5f5b7d30decb5845bbec7e3fa910db44aa3ae8713ce4fb472"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api_server.py"}, "region": {"startLine": 574}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_db_connection` used but never assigned in __init__: Method `search_workflows_intelligent` of class `WorkflowAssistant` reads `self.get_db_connection`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86756, "scanner": "repobility-ast-engine", "fingerprint": "8baa66d8311182a51207c6ff45ec94dd526179a31e3fb6c9c1d150f683c4caaa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8baa66d8311182a51207c6ff45ec94dd526179a31e3fb6c9c1d150f683c4caaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ai_assistant.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._broadcast_to_websockets` used but never assigned in __init__: Method `_broadcast_alert` of class `PerformanceMonitor` reads `self._broadcast_to_websockets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86752, "scanner": "repobility-ast-engine", "fingerprint": "9076628a784ea32c471e0424cee5785d8ab15d7530625473e00b65f0baa27de3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9076628a784ea32c471e0424cee5785d8ab15d7530625473e00b65f0baa27de3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._broadcast_to_websockets` used but never assigned in __init__: Method `_broadcast_metrics` of class `PerformanceMonitor` reads `self._broadcast_to_websockets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86751, "scanner": "repobility-ast-engine", "fingerprint": "35c9377018acbfd250b8ab79f51205dafa5aad784828078b439844605a75071d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|35c9377018acbfd250b8ab79f51205dafa5aad784828078b439844605a75071d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._broadcast_alert` used but never assigned in __init__: Method `_create_alert` of class `PerformanceMonitor` reads `self._broadcast_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86750, "scanner": "repobility-ast-engine", "fingerprint": "4a34813e83022a8dd6671176ae2c8c8719f2306d166211bdb8d99b3a465ca6dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a34813e83022a8dd6671176ae2c8c8719f2306d166211bdb8d99b3a465ca6dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_alert` used but never assigned in __init__: Method `_check_alerts` of class `PerformanceMonitor` reads `self._create_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86749, "scanner": "repobility-ast-engine", "fingerprint": "fde9e9fd05a7eef9d51c0e1bae583c14d1db7f7792f781d2d0408df4363dad30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fde9e9fd05a7eef9d51c0e1bae583c14d1db7f7792f781d2d0408df4363dad30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_alert` used but never assigned in __init__: Method `_check_alerts` of class `PerformanceMonitor` reads `self._create_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86748, "scanner": "repobility-ast-engine", "fingerprint": "510fe8c309528392dee1a18b7bbc6b0e485740d29018fc1065d078444e85f964", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|510fe8c309528392dee1a18b7bbc6b0e485740d29018fc1065d078444e85f964"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_alert` used but never assigned in __init__: Method `_check_alerts` of class `PerformanceMonitor` reads `self._create_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86747, "scanner": "repobility-ast-engine", "fingerprint": "ecfc46a526892b951e9c008368c66b0c7bd4013b38a4bc2b73109efc37fa28cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecfc46a526892b951e9c008368c66b0c7bd4013b38a4bc2b73109efc37fa28cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_alert` used but never assigned in __init__: Method `_check_alerts` of class `PerformanceMonitor` reads `self._create_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86746, "scanner": "repobility-ast-engine", "fingerprint": "7904818b54185c538a098c7bd0733fe4cffa5c8d23b181b32f70b61eb3833b53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7904818b54185c538a098c7bd0733fe4cffa5c8d23b181b32f70b61eb3833b53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._create_alert` used but never assigned in __init__: Method `_check_alerts` of class `PerformanceMonitor` reads `self._create_alert`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86745, "scanner": "repobility-ast-engine", "fingerprint": "997c2168280cb411a1a68f9969680a3953a4a82bea43f015cec8a0297d29b291", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|997c2168280cb411a1a68f9969680a3953a4a82bea43f015cec8a0297d29b291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._measure_api_time` used but never assigned in __init__: Method `_collect_metrics` of class `PerformanceMonitor` reads `self._measure_api_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86744, "scanner": "repobility-ast-engine", "fingerprint": "509f84ae72767a6790304632c18f7006bae02bc320bd73f819c08e805cda3277", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|509f84ae72767a6790304632c18f7006bae02bc320bd73f819c08e805cda3277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._measure_api_time` used but never assigned in __init__: Method `_collect_metrics` of class `PerformanceMonitor` reads `self._measure_api_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86743, "scanner": "repobility-ast-engine", "fingerprint": "5af7ff70b35042da37e2f4b3381406628802524a3559e35a2c7207a9d7de4e50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5af7ff70b35042da37e2f4b3381406628802524a3559e35a2c7207a9d7de4e50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._measure_api_time` used but never assigned in __init__: Method `_collect_metrics` of class `PerformanceMonitor` reads `self._measure_api_time`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86742, "scanner": "repobility-ast-engine", "fingerprint": "f8ce89a1bf503c722e2c3034a8b275eb049a8c8f87c1846a25d3475e8d54dabb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8ce89a1bf503c722e2c3034a8b275eb049a8c8f87c1846a25d3475e8d54dabb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._calculate_error_rate` used but never assigned in __init__: Method `_collect_metrics` of class `PerformanceMonitor` reads `self._calculate_error_rate`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86741, "scanner": "repobility-ast-engine", "fingerprint": "5e6818d54a53d2e7320b59b4673bd55bd739c9edbd615f62449d7f994918f433", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e6818d54a53d2e7320b59b4673bd55bd739c9edbd615f62449d7f994918f433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._get_workflow_executions` used but never assigned in __init__: Method `_collect_metrics` of class `PerformanceMonitor` reads `self._get_workflow_executions`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86740, "scanner": "repobility-ast-engine", "fingerprint": "ae68f3db74b5c0f22b0aa76cd9bb76470fc573d88ed0f60a70ca31518da641ad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae68f3db74b5c0f22b0aa76cd9bb76470fc573d88ed0f60a70ca31518da641ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._broadcast_metrics` used but never assigned in __init__: Method `_monitor_loop` of class `PerformanceMonitor` reads `self._broadcast_metrics`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86739, "scanner": "repobility-ast-engine", "fingerprint": "8c637fcb2f1db0ef2c1ee6ba7b60ca6e062036ded9ff4c4dfcc7a92abe39aa26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c637fcb2f1db0ef2c1ee6ba7b60ca6e062036ded9ff4c4dfcc7a92abe39aa26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._check_alerts` used but never assigned in __init__: Method `_monitor_loop` of class `PerformanceMonitor` reads `self._check_alerts`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86738, "scanner": "repobility-ast-engine", "fingerprint": "9241339f4168db937b2bfa1267fe1e4b4e0a192d6c4d134eced56582fa4538db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9241339f4168db937b2bfa1267fe1e4b4e0a192d6c4d134eced56582fa4538db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._collect_metrics` used but never assigned in __init__: Method `_monitor_loop` of class `PerformanceMonitor` reads `self._collect_metrics`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86737, "scanner": "repobility-ast-engine", "fingerprint": "76a39f67473fdeae2d08612141926bf89959ecea6d54c801d78c3d5586f61da0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|76a39f67473fdeae2d08612141926bf89959ecea6d54c801d78c3d5586f61da0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._monitor_loop` used but never assigned in __init__: Method `start_monitoring` of class `PerformanceMonitor` reads `self._monitor_loop`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86736, "scanner": "repobility-ast-engine", "fingerprint": "d98f4bf2b516eca4d579bab962aee4ea7312bd0d0af5de609d35edbbb6988f96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d98f4bf2b516eca4d579bab962aee4ea7312bd0d0af5de609d35edbbb6988f96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/performance_monitor.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_service_categories` used but never assigned in __init__: Method `search_by_category` of class `WorkflowDatabase` reads `self.get_service_categories`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86732, "scanner": "repobility-ast-engine", "fingerprint": "5008c97ed1ea23e891e31b25ce0ff0c5ee873eab281cb0e8871d91ed4ab2f428", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5008c97ed1ea23e891e31b25ce0ff0c5ee873eab281cb0e8871d91ed4ab2f428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 743}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_file_hash` used but never assigned in __init__: Method `index_all_workflows` of class `WorkflowDatabase` reads `self.get_file_hash`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86731, "scanner": "repobility-ast-engine", "fingerprint": "a92f6559651d5f06f601e358fcc9e97ac09f196ee385cf97f880258e17c52cc6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a92f6559651d5f06f601e358fcc9e97ac09f196ee385cf97f880258e17c52cc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.analyze_workflow_file` used but never assigned in __init__: Method `index_all_workflows` of class `WorkflowDatabase` reads `self.analyze_workflow_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86730, "scanner": "repobility-ast-engine", "fingerprint": "8aaee39f63f305e441fce97e2e3481952509c1ae7c8d8e139c656b26157e0b56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8aaee39f63f305e441fce97e2e3481952509c1ae7c8d8e139c656b26157e0b56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 492}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.generate_description` used but never assigned in __init__: Method `analyze_workflow_file` of class `WorkflowDatabase` reads `self.generate_description`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86729, "scanner": "repobility-ast-engine", "fingerprint": "551f068b0f6843af937f6c87add55cb917bc3bf4407bb6da3850dcb7eef94c8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|551f068b0f6843af937f6c87add55cb917bc3bf4407bb6da3850dcb7eef94c8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.format_workflow_name` used but never assigned in __init__: Method `analyze_workflow_file` of class `WorkflowDatabase` reads `self.format_workflow_name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86728, "scanner": "repobility-ast-engine", "fingerprint": "fbe6a81fa39b2ae44ac4fda2ebfe47faebbc0104e30eabe4b98a5bb03d9edf1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbe6a81fa39b2ae44ac4fda2ebfe47faebbc0104e30eabe4b98a5bb03d9edf1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.analyze_nodes` used but never assigned in __init__: Method `analyze_workflow_file` of class `WorkflowDatabase` reads `self.analyze_nodes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86727, "scanner": "repobility-ast-engine", "fingerprint": "ad5ba153db546f62b0463b7a8776b49a9e513cf205d1aa0f2b59e32a6c66d95d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad5ba153db546f62b0463b7a8776b49a9e513cf205d1aa0f2b59e32a6c66d95d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.get_file_hash` used but never assigned in __init__: Method `analyze_workflow_file` of class `WorkflowDatabase` reads `self.get_file_hash`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 86726, "scanner": "repobility-ast-engine", "fingerprint": "f0bb3a75286bece7623ba7339a00f72823845942d9c064fee4c08f95e457681e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0bb3a75286bece7623ba7339a00f72823845942d9c064fee4c08f95e457681e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflow_db.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_sample_workflows: Test function `test_sample_workflows` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 86718, "scanner": "repobility-ast-engine", "fingerprint": "a1656e38fdea9e651859283f02daa92912ed498c458637f980e08bcf049bb732", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1656e38fdea9e651859283f02daa92912ed498c458637f980e08bcf049bb732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test_workflows.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/workflows/{workflow_id}/download."}, "properties": {"repobilityId": 86709, "scanner": "repobility-access-control", "fingerprint": "c5812a06d5391cd5e66ceba732b6f897e403fbf4ae7bfc64d15fc34c29c4e63a", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/workflows/{workflow_id}/download", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|src/community_features.py|487|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 487}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/workflows/{workflow_id}/view."}, "properties": {"repobilityId": 86708, "scanner": "repobility-access-control", "fingerprint": "3b9fb316a1f1c6929bf9ec741ede6978170fc5c359ff4360ae15083525a76e80", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/workflows/{workflow_id}/view", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|src/community_features.py|481|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/workflows/{workflow_id}/stats."}, "properties": {"repobilityId": 86707, "scanner": "repobility-access-control", "fingerprint": "577d9ba0ea8546b9a605b09e4655b0d80840994dbb0b419d724d7e6129166415", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/workflows/{workflow_id}/stats", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|src/community_features.py|463|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 463}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/workflows/{workflow_id}/ratings."}, "properties": {"repobilityId": 86706, "scanner": "repobility-access-control", "fingerprint": "401afede32112465ece0b5ef5fab561fc23b59174d61ce62dad949e8a8eb3aeb", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/workflows/{workflow_id}/ratings", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|src/community_features.py|457|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 457}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 86683, "scanner": "repobility-threat-engine", "fingerprint": "5a3813c0f014fb687e762049eb19d82d812b5a6bf8b62a35556b32375c6147dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "app.post('/api/reindex', async (req, res) => {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5a3813c0f014fb687e762049eb19d82d812b5a6bf8b62a35556b32375c6147dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.js"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 86679, "scanner": "repobility-threat-engine", "fingerprint": "30baf12c82e982d5a0096ad967f872cd605a34de14ed28f2f0585bfbc393f771", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|30baf12c82e982d5a0096ad967f872cd605a34de14ed28f2f0585bfbc393f771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "run.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `collections` used but not imported: The file uses `collections.something(...)` but never imports `collections`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 86762, "scanner": "repobility-ast-engine", "fingerprint": "9d212ac92dc7dbb5f5632eca15bc807aaf7d1958d7160ecd1249d3f61b571e0a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d212ac92dc7dbb5f5632eca15bc807aaf7d1958d7160ecd1249d3f61b571e0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/community_features.py"}, "region": {"startLine": 393}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 86703, "scanner": "repobility-docker", "fingerprint": "9453dc36ff620ec6724af43fcf444fd21141cf3dcfe8ae095232c6cbe8a55425", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "reverse-proxy", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9453dc36ff620ec6724af43fcf444fd21141cf3dcfe8ae095232c6cbe8a55425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 25}}}]}]}]}