{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR013", "name": "Dockerfile ADD downloads remote content", "shortDescription": {"text": "Dockerfile ADD downloads remote content"}, "fullDescription": {"text": "ADD can fetch remote URLs without checksum verification. This makes builds dependent on mutable network content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-PY", "name": "Python package `packaging` is 1 major version(s) behind (25.0 -> 26.2)", "shortDescription": {"text": "Python package `packaging` is 1 major version(s) behind (25.0 -> 26.2)"}, "fullDescription": {"text": "`packaging==25.0` is 1 major version(s) behind the latest stable release on PyPI (26.2). Pinned-but-stale Python dependencies drift away from upstream security and bugfix releases. This is the version-currency signal Dependabot raises."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `ultralytics` has no version pin", "shortDescription": {"text": "requirements.txt: `ultralytics` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `set_imgsz` (list)", "shortDescription": {"text": "Mutable default argument in `set_imgsz` (list)"}, "fullDescription": {"text": "`def set_imgsz(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 11 more): Same pattern found in 11 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 11 more): Same pattern found in 11 additional files. Revi", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader (and 11 more): Same pattern found in 11 additional files. Review if needed", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED020", "name": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / s", "shortDescription": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED119", "name": "Dockerfile `ADD https://github.com/ultralytics/assets/releases/download/v8.4.0/yolo26n.pt`", "shortDescription": {"text": "Dockerfile `ADD https://github.com/ultralytics/assets/releases/download/v8.4.0/yolo26n.pt`"}, "fullDescription": {"text": "Dockerfile `ADD <url>` downloads a remote artifact into the image with no integrity check. If the host or DNS is compromised between layers \u2014 or if the URL serves a different file later \u2014 malicious content gets baked into the image."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `pytorch/pytorch:2.11.0-cuda12.8-cudnn9-runtime` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `pytorch/pytorch:2.11.0-cuda12.8-cudnn9-runtime` not pinned by digest"}, "fullDescription": {"text": "`FROM pytorch/pytorch:2.11.0-cuda12.8-cudnn9-runtime` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.is_fused` used but never assigned in __init__", "shortDescription": {"text": "`self.is_fused` used but never assigned in __init__"}, "fullDescription": {"text": "Method `fuse` of class `BaseModel` reads `self.is_fused`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_youtube", "shortDescription": {"text": "Phantom test coverage: test_youtube"}, "fullDescription": {"text": "Test function `test_youtube` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "curl-auth-header", "name": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed r", "shortDescription": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED102", "name": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command i", "shortDescription": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "fullDescription": {"text": "Use the list form of subprocess (e.g. subprocess.run([\"cmd\", arg1, arg2])) with shell=False. Never combine shell=True with string interpolation."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.BRAVE_API_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.BRAVE_API_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.BRAVE_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `string` used but not imported", "shortDescription": {"text": "Missing import: `string` used but not imported"}, "fullDescription": {"text": "The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/898"}, "properties": {"repository": "ultralytics/ultralytics", "repoUrl": "https://github.com/ultralytics/ultralytics", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 83699, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 83698, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Flask"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 83676, "scanner": "repobility-docker", "fingerprint": "1ab3c63319caa897c3a50a40728af6cf5344bfdebfd0ba5d0ed855fe90a604c5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "pytorch/pytorch:2.11.0-cuda12.8-cudnn9-runtime", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1ab3c63319caa897c3a50a40728af6cf5344bfdebfd0ba5d0ed855fe90a604c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 83674, "scanner": "repobility-docker", "fingerprint": "2fc0b5f45f08fd18f63eb7ed7bfc118867ac613c4589c46de2714776638de848", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2fc0b5f45f08fd18f63eb7ed7bfc118867ac613c4589c46de2714776638de848"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 83673, "scanner": "repobility-docker", "fingerprint": "adb479bd150a48d098006024b8670f9d03717ae5bf897b3822114439128248ce", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|adb479bd150a48d098006024b8670f9d03717ae5bf897b3822114439128248ce", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 40}}}]}, {"ruleId": "DKR013", "level": "warning", "message": {"text": "Dockerfile ADD downloads remote content"}, "properties": {"repobilityId": 83672, "scanner": "repobility-docker", "fingerprint": "3be2e71dd45a792f4b2d893894775a0bbc4859982d3a31651905ad4a0442f7c5", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "ADD instruction references a remote URL.", "evidence": {"rule_id": "DKR013", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|3be2e71dd45a792f4b2d893894775a0bbc4859982d3a31651905ad4a0442f7c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 83671, "scanner": "repobility-threat-engine", "fingerprint": "4754113e4a03a8059114bf9afd90d5d924aa38e0e6d49c6372eebf070586fe6a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        with Image.open(filename) as img:\n            if flags == cv2.IMREAD_GRAYSCALE:", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4754113e4a03a8059114bf9afd90d5d924aa38e0e6d49c6372eebf070586fe6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/patches.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 83668, "scanner": "repobility-threat-engine", "fingerprint": "b45728cee44bbedde4771d54b3d33956c2a3d11f6df57fe3035b756b539436c5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b45728cee44bbedde4771d54b3d33956c2a3d11f6df57fe3035b756b539436c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/events.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 83667, "scanner": "repobility-threat-engine", "fingerprint": "15d89c594a78f27582922752e1bbc448026e1324ccd356486430552bba6201ff", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|15d89c594a78f27582922752e1bbc448026e1324ccd356486430552bba6201ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/autodevice.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 83666, "scanner": "repobility-threat-engine", "fingerprint": "153e3d79cb35b35c5d1d6d721837f4da18bd9406b22157b748aef65a3d264352", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "key=lambda x: (x.get(\"utilization\", 101), -x.get(\"memory_free\", 0), random.random", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|178|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/autodevice.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 83664, "scanner": "repobility-threat-engine", "fingerprint": "2ebb3f49b4f2da8b4877c078c3e75fb83bf15c59a15072219ad37799d2c38c7f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2ebb3f49b4f2da8b4877c078c3e75fb83bf15c59a15072219ad37799d2c38c7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/solutions/similarity_search.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 83659, "scanner": "repobility-threat-engine", "fingerprint": "d707d03f846e60f304e66e1342a0f7c666796c00185b935ed6382274b43e543e", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(f\"onnxslim {f} {f} && open {f}\", shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|17|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/modules/__init__.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 83657, "scanner": "repobility-threat-engine", "fingerprint": "4baf23ec591a2114209ff6d00f76f7542d215e173cf0c5a0623b8f0ef3581405", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.jit.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|122|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/backends/pytorch.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 83656, "scanner": "repobility-threat-engine", "fingerprint": "1c691de4cdcdcc5f8d42740ed8ee2051034c16544e76d73559d653104fb0e752", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|203|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/yoloe/train.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 83655, "scanner": "repobility-threat-engine", "fingerprint": "2888c50fc2a0a67ead8bacfa1ce77fa094d1fb8639611013392118490cea63a8", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|153|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/world/train.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 83639, "scanner": "repobility-threat-engine", "fingerprint": "98d73b7f19452699cc739f674e742a9fb96cfe2469077928a57c69b57d8850b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "api_key=\"<redacted>", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|98d73b7f19452699cc739f674e742a9fb96cfe2469077928a57c69b57d8850b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 83635, "scanner": "repobility-threat-engine", "fingerprint": "81fa3adb6b796f56205083494d8e8a70a7e8d77ceca4edfda94b5147333b8360", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "LOGGER.info(f\"{PREFIX}{form", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|81fa3adb6b796f56205083494d8e8a70a7e8d77ceca4edfda94b5147333b8360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/__init__.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 83614, "scanner": "repobility-threat-engine", "fingerprint": "080f98cd723d6fc24bbd8874abd73fa1bfd7773f355d06064a9776859bc23ddd", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|58|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Segmentation-ONNXRuntime-Python/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 83613, "scanner": "repobility-threat-engine", "fingerprint": "58d8ec7f03f95b8d9b367408e2597e0243a05675f66fe76a29fd33beca3286da", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|13|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/main.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 83612, "scanner": "repobility-threat-engine", "fingerprint": "07622b3a1fcf348937e17299920fbc129669b7d4c5f167fa87e1355ff72d6bb8", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|63|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/main.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 83586, "scanner": "repobility-threat-engine", "fingerprint": "8825be16be7ecc7a5658c3c98880177c720d87637a5d1aae5405af7f270399c3", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(\"https://ultralytics.com\", \"_blank\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|68|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/chart-widget.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 83577, "scanner": "repobility-agent-runtime", "fingerprint": "c4a58e616386df10f6c7a4d6cb84e2533c5054bea2e21893bacd81c1f2768995", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c4a58e616386df10f6c7a4d6cb84e2533c5054bea2e21893bacd81c1f2768995"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/scripts/get_imagenet.sh"}, "region": {"startLine": 45}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `packaging` is 1 major version(s) behind (25.0 -> 26.2)"}, "properties": {"repobilityId": 83573, "scanner": "repobility-dependency-currency", "fingerprint": "6e567feac0e6758811959972006752b3e494b51b6eda3dcedc457f80e5fbdd76", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "packaging", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "26.2", "correlation_key": "fp|6e567feac0e6758811959972006752b3e494b51b6eda3dcedc457f80e5fbdd76", "current_version": "25.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 11}}}]}, {"ruleId": "DEPCUR-PY", "level": "warning", "message": {"text": "Python package `certifi` is 1 major version(s) behind (2025.4.26 -> 2026.5.20)"}, "properties": {"repobilityId": 83567, "scanner": "repobility-dependency-currency", "fingerprint": "22adc15abc2ae52024ee4c708173a387c4f13335dddda905a5a4305303a03e3a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "certifi", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2026.5.20", "correlation_key": "fp|22adc15abc2ae52024ee4c708173a387c4f13335dddda905a5a4305303a03e3a", "current_version": "2025.4.26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `ultralytics` has no version pin"}, "properties": {"repobilityId": 83531, "scanner": "repobility-supply-chain", "fingerprint": "7408372801732bd6884e67e297d505e671eb821067b04b9393c95439a265870e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7408372801732bd6884e67e297d505e671eb821067b04b9393c95439a265870e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `onnxruntime` has no version pin"}, "properties": {"repobilityId": 83530, "scanner": "repobility-supply-chain", "fingerprint": "fbcb38f26cbf727a29e5a07c29188c2e58d6723b869f04ab54a0580bee40df92", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fbcb38f26cbf727a29e5a07c29188c2e58d6723b869f04ab54a0580bee40df92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `opencv-python` has no version pin"}, "properties": {"repobilityId": 83529, "scanner": "repobility-supply-chain", "fingerprint": "54f90430a451d310ce7f0471f8d1cb331fc319271aad1094433aa21f6f6772c5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54f90430a451d310ce7f0471f8d1cb331fc319271aad1094433aa21f6f6772c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy` has no version pin"}, "properties": {"repobilityId": 83528, "scanner": "repobility-supply-chain", "fingerprint": "3426f0a074a5ed324c999d091b2215f8822ade41ab2be4a99da9b52880d2bdcf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3426f0a074a5ed324c999d091b2215f8822ade41ab2be4a99da9b52880d2bdcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `transformers` has no version pin"}, "properties": {"repobilityId": 83527, "scanner": "repobility-supply-chain", "fingerprint": "b278ee1d2fa208f51ffe2471f8735cd1a9bd6e496df669d53781ab6fdba31d0f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b278ee1d2fa208f51ffe2471f8735cd1a9bd6e496df669d53781ab6fdba31d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Action-Recognition/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `ultralytics` has no version pin"}, "properties": {"repobilityId": 83526, "scanner": "repobility-supply-chain", "fingerprint": "8fe0f8ccf245ea25d0aea53cdee9b9c8c7c4a9b7836e6ad5cff5f8ca647c8da2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8fe0f8ccf245ea25d0aea53cdee9b9c8c7c4a9b7836e6ad5cff5f8ca647c8da2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Action-Recognition/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `ultralytics` has no version pin"}, "properties": {"repobilityId": 83525, "scanner": "repobility-supply-chain", "fingerprint": "a08ed359997c7e5505ed5cf7b02b3d7bb582dec864d9df4c27acca19c28d5c5d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a08ed359997c7e5505ed5cf7b02b3d7bb582dec864d9df4c27acca19c28d5c5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `opencv-python` has no version pin"}, "properties": {"repobilityId": 83524, "scanner": "repobility-supply-chain", "fingerprint": "d8bbbb649702313ca689e954c95c82c1e6be11eb1a0b712753790c3158cfb79a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8bbbb649702313ca689e954c95c82c1e6be11eb1a0b712753790c3158cfb79a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy` has no version pin"}, "properties": {"repobilityId": 83523, "scanner": "repobility-supply-chain", "fingerprint": "9cbb1d86cc778683db3ec0efab225e908f522c05ca2b0b44f758886bdf7440d8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9cbb1d86cc778683db3ec0efab225e908f522c05ca2b0b44f758886bdf7440d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `set_imgsz` (list)"}, "properties": {"repobilityId": 83519, "scanner": "repobility-ast-engine", "fingerprint": "5ae72bde77a9a0966c0bd74302f4e208300bd1e71ba15efa6f9ca72b19606880", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ae72bde77a9a0966c0bd74302f4e208300bd1e71ba15efa6f9ca72b19606880"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/sam3/vitdet.py"}, "region": {"startLine": 543}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `set_imgsz` (list)"}, "properties": {"repobilityId": 83518, "scanner": "repobility-ast-engine", "fingerprint": "1a4c4f80002a02a5458ae50a27bcbf605caa2148e29276fa2078f2988bf951a6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a4c4f80002a02a5458ae50a27bcbf605caa2148e29276fa2078f2988bf951a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/sam3/necks.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `set_imgsz` (list)"}, "properties": {"repobilityId": 83517, "scanner": "repobility-ast-engine", "fingerprint": "2f3613ccab3ccc744cd1b93aa345f53a41b3fd697fba2fe850090552bd08befd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f3613ccab3ccc744cd1b93aa345f53a41b3fd697fba2fe850090552bd08befd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/sam3/vl_combiner.py"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `set_imgsz` (list)"}, "properties": {"repobilityId": 83516, "scanner": "repobility-ast-engine", "fingerprint": "63cad2a1476a78fcf5f5b400e54bbbcde4b68fca0b9f71d40403d92129b22102", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63cad2a1476a78fcf5f5b400e54bbbcde4b68fca0b9f71d40403d92129b22102"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/modules/tiny_encoder.py"}, "region": {"startLine": 965}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `predict` (dict)"}, "properties": {"repobilityId": 83515, "scanner": "repobility-ast-engine", "fingerprint": "089ab883550b327f477a64d41f6f2c957983c2801d92edb22979d4006b25d1df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|089ab883550b327f477a64d41f6f2c957983c2801d92edb22979d4006b25d1df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/model.py"}, "region": {"startLine": 359}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 83514, "scanner": "repobility-ast-engine", "fingerprint": "54759e1ad2d0d365230f35173003135ef989bb6a01dcc3f4d3c170539a434c4a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54759e1ad2d0d365230f35173003135ef989bb6a01dcc3f4d3c170539a434c4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/tal.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83513, "scanner": "repobility-ast-engine", "fingerprint": "c0e805c1668eef9059b7a8356bcf9dd27a7ac201d9fb1a5d8644cb9f1cc25b64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0e805c1668eef9059b7a8356bcf9dd27a7ac201d9fb1a5d8644cb9f1cc25b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/__init__.py"}, "region": {"startLine": 632}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83512, "scanner": "repobility-ast-engine", "fingerprint": "7172e91997885c0ec10a8ff2cf69f1f6c158c6f0b57787b2164f59b461d20128", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7172e91997885c0ec10a8ff2cf69f1f6c158c6f0b57787b2164f59b461d20128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/__init__.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83511, "scanner": "repobility-ast-engine", "fingerprint": "f302cb5ed199e53879a474b68fd02e6064fa1ce0a562cc5fc1eeee30b84571dd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f302cb5ed199e53879a474b68fd02e6064fa1ce0a562cc5fc1eeee30b84571dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/__init__.py"}, "region": {"startLine": 770}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83509, "scanner": "repobility-ast-engine", "fingerprint": "6945820da4fc2c617a12460a5c9d741d5e72c5826765044c497014c4b639d6a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6945820da4fc2c617a12460a5c9d741d5e72c5826765044c497014c4b639d6a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/benchmarks.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83508, "scanner": "repobility-ast-engine", "fingerprint": "b3e1536d400eca9fae6894163da907101aba639267a3884ad5c6319f8be6a1e5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3e1536d400eca9fae6894163da907101aba639267a3884ad5c6319f8be6a1e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/cpu.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 83507, "scanner": "repobility-ast-engine", "fingerprint": "7d4907cde267592c1f17907e9f86900cc8d6021c5be8ec9b87cf68664de8a716", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d4907cde267592c1f17907e9f86900cc8d6021c5be8ec9b87cf68664de8a716"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 1661}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 83506, "scanner": "repobility-ast-engine", "fingerprint": "3f9b6b67c2bcb5c206f41e05d63e8f15e3287a2a5f6e1867f7f0bd5f02a21d3f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f9b6b67c2bcb5c206f41e05d63e8f15e3287a2a5f6e1867f7f0bd5f02a21d3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 1437}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 83505, "scanner": "repobility-ast-engine", "fingerprint": "4b4eda7698a40fc645d007f755dc11b760963bd9396cfdf7239df39744e50448", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b4eda7698a40fc645d007f755dc11b760963bd9396cfdf7239df39744e50448"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 1286}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 83504, "scanner": "repobility-ast-engine", "fingerprint": "20da1ae9ebf442a67c695ecae13c4c15efc984be855561e5f1cd655dd9171973", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20da1ae9ebf442a67c695ecae13c4c15efc984be855561e5f1cd655dd9171973"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 1117}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (dict)"}, "properties": {"repobilityId": 83503, "scanner": "repobility-ast-engine", "fingerprint": "7b048e509c10550b49545e9098050cfe1bb5e1c4d2f8e425a9fac4c74874f440", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b048e509c10550b49545e9098050cfe1bb5e1c4d2f8e425a9fac4c74874f440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `ap_per_class` (dict)"}, "properties": {"repobilityId": 83502, "scanner": "repobility-ast-engine", "fingerprint": "78bd6492191eadb4ea9b68c9439ccca4b2addbcb5a075fb96976f3f6c91d1693", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|78bd6492191eadb4ea9b68c9439ccca4b2addbcb5a075fb96976f3f6c91d1693"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 788}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `plot_mc_curve` (dict)"}, "properties": {"repobilityId": 83501, "scanner": "repobility-ast-engine", "fingerprint": "90a1f509e95e6bafbc4cbf0d0c78ce414eee14fa97f54d9aeee55a7183fb8be9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|90a1f509e95e6bafbc4cbf0d0c78ce414eee14fa97f54d9aeee55a7183fb8be9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 711}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `plot_pr_curve` (dict)"}, "properties": {"repobilityId": 83500, "scanner": "repobility-ast-engine", "fingerprint": "31e7e0213a20cb247a6711d919992578b431f3fff52cd7cbedf1061e5ff13c0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31e7e0213a20cb247a6711d919992578b431f3fff52cd7cbedf1061e5ff13c0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/metrics.py"}, "region": {"startLine": 666}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83499, "scanner": "repobility-ast-engine", "fingerprint": "24777702edfcbd5cc4684b9ae5ece9af0a4689dff829c655c299fec3de2183e1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24777702edfcbd5cc4684b9ae5ece9af0a4689dff829c655c299fec3de2183e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/checks.py"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83498, "scanner": "repobility-ast-engine", "fingerprint": "c39fe3d779e5d07e9854b30b82e0b939aed5dde80d39fbbfd76d9da2519a3e7f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c39fe3d779e5d07e9854b30b82e0b939aed5dde80d39fbbfd76d9da2519a3e7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/checks.py"}, "region": {"startLine": 1038}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83497, "scanner": "repobility-ast-engine", "fingerprint": "23aec0f9a9c004b2cd45945692bf807b281b226067e1c6736d8f2f4100105f02", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23aec0f9a9c004b2cd45945692bf807b281b226067e1c6736d8f2f4100105f02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/checks.py"}, "region": {"startLine": 939}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83496, "scanner": "repobility-ast-engine", "fingerprint": "e14ce459a9546b259b461674cea5dba8322d3d4899d6b71d081a7b9c6fc12bdd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e14ce459a9546b259b461674cea5dba8322d3d4899d6b71d081a7b9c6fc12bdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/checks.py"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83495, "scanner": "repobility-ast-engine", "fingerprint": "8308493f68c3e14aae55430c344168799da951d371dff96a4723e616fed2ca3a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8308493f68c3e14aae55430c344168799da951d371dff96a4723e616fed2ca3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/tuner.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83494, "scanner": "repobility-ast-engine", "fingerprint": "f1c5a8d20e393506bdede61fdedcc3cdef231ed54bf6c6ae1e3b99c99417e9fc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1c5a8d20e393506bdede61fdedcc3cdef231ed54bf6c6ae1e3b99c99417e9fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/patches.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83493, "scanner": "repobility-ast-engine", "fingerprint": "5234d78bb0d91f396d2d76c641411ea95108182cc83d137fa079c31fd6c57773", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5234d78bb0d91f396d2d76c641411ea95108182cc83d137fa079c31fd6c57773"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/patches.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83492, "scanner": "repobility-ast-engine", "fingerprint": "cfb83d01260296aac1a86d72cd5b16923bb1e447844163ccdf18b78655180b0f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfb83d01260296aac1a86d72cd5b16923bb1e447844163ccdf18b78655180b0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/patches.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83491, "scanner": "repobility-ast-engine", "fingerprint": "87677ef81f52d7f48e9722740b8deffad486e06d7286ab990f6a6a07ed8120a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87677ef81f52d7f48e9722740b8deffad486e06d7286ab990f6a6a07ed8120a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/trackers/byte_tracker.py"}, "region": {"startLine": 320}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83490, "scanner": "repobility-ast-engine", "fingerprint": "704b128d64fdb52672bfb44ba0cbc4140eee275dc80ace55570b9df335ccab2b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|704b128d64fdb52672bfb44ba0cbc4140eee275dc80ace55570b9df335ccab2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/cfg/__init__.py"}, "region": {"startLine": 868}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83489, "scanner": "repobility-ast-engine", "fingerprint": "8111313564d7a51e44e49f9cca557869bcf9e50f9de02cc57d3d765f98ae00f5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8111313564d7a51e44e49f9cca557869bcf9e50f9de02cc57d3d765f98ae00f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/engine/trainer.py"}, "region": {"startLine": 636}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83488, "scanner": "repobility-ast-engine", "fingerprint": "e33d585bc1709a3110d90add1c501db1e792db63b1e8e7c2e3ff86c95b647996", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e33d585bc1709a3110d90add1c501db1e792db63b1e8e7c2e3ff86c95b647996"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/engine/tuner.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83487, "scanner": "repobility-ast-engine", "fingerprint": "4311dd14886b0245ac6832dac0305865f05417a8deca9e1977c884594e7912d0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4311dd14886b0245ac6832dac0305865f05417a8deca9e1977c884594e7912d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/utils.py"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83486, "scanner": "repobility-ast-engine", "fingerprint": "fcda32caa9d259792af07c252f364691a9acf79b41edb5680aec903f759f6de0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fcda32caa9d259792af07c252f364691a9acf79b41edb5680aec903f759f6de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/utils.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83485, "scanner": "repobility-ast-engine", "fingerprint": "363d04f9aed6690366f76ce1ac3d77a7356eb4480c739ab75871b357a22d6b64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|363d04f9aed6690366f76ce1ac3d77a7356eb4480c739ab75871b357a22d6b64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/utils.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 83484, "scanner": "repobility-ast-engine", "fingerprint": "534c82a9d451d4643b3f0e7893fb077e9d95899fb9467c00ad0e469e31f1553e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|534c82a9d451d4643b3f0e7893fb077e9d95899fb9467c00ad0e469e31f1553e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/augment.py"}, "region": {"startLine": 2594}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83458, "scanner": "repobility-ast-engine", "fingerprint": "cdf84e3ab443d12c923d0cb7c1b034f02d7ab95f2421bf832e9bafbf959e6b1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdf84e3ab443d12c923d0cb7c1b034f02d7ab95f2421bf832e9bafbf959e6b1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_exports.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83432, "scanner": "repobility-ast-engine", "fingerprint": "9012cd0160acf5fd783d774a8c9e3b3c83b8acf12e0450d4b17caee8192cd839", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9012cd0160acf5fd783d774a8c9e3b3c83b8acf12e0450d4b17caee8192cd839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/build_docs.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83431, "scanner": "repobility-ast-engine", "fingerprint": "9160e2ff5333b602c9147862a1ad2cb6f1c5ec3c854f9870549545317988b5f9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9160e2ff5333b602c9147862a1ad2cb6f1c5ec3c854f9870549545317988b5f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/build_docs.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83430, "scanner": "repobility-ast-engine", "fingerprint": "3098ea57aa4f581680c6d46677cc453c93ed12d31494f220a4e7ce9840e0269d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3098ea57aa4f581680c6d46677cc453c93ed12d31494f220a4e7ce9840e0269d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/build_reference.py"}, "region": {"startLine": 632}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 83429, "scanner": "repobility-ast-engine", "fingerprint": "3a0c7fb484a488ae61c9d57b7eb578112af5e22094ed946e1e6f62bf5ef4a739", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a0c7fb484a488ae61c9d57b7eb578112af5e22094ed946e1e6f62bf5ef4a739"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/build_reference.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 83700, "scanner": "repobility-web-presence", "fingerprint": "db4d66358cbf7df441fea68e5b6c8eebf40045453004395f131f6153122e80d2", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|db4d66358cbf7df441fea68e5b6c8eebf40045453004395f131f6153122e80d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/links.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 83677, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 83675, "scanner": "repobility-docker", "fingerprint": "15f701b319bd038c93d8bf7e46d896aa241e64f56ed03cc9f20ca16ecf40edfe", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|15f701b319bd038c93d8bf7e46d896aa241e64f56ed03cc9f20ca16ecf40edfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, if=3, nested_bonus=2, ternary=1, while=1."}, "properties": {"repobilityId": 83598, "scanner": "repobility-threat-engine", "fingerprint": "28af83e3bc90bc3a9eaf11a3f0f11a1b0dadeaab746aa5c41c023f63eb696e65", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "break": 2, "while": 1, "ternary": 1, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|28af83e3bc90bc3a9eaf11a3f0f11a1b0dadeaab746aa5c41c023f63eb696e65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLO-Axelera-Python/yolo11-seg.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `draw_segmentation` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=1, if=3, nested_bonus=5, ternary=1."}, "properties": {"repobilityId": 83597, "scanner": "repobility-threat-engine", "fingerprint": "27f9ca74631242ce6274389539419d61bd745674a20e9fc46fbc4903052068ae", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "draw_segmentation", "breakdown": {"if": 3, "for": 1, "ternary": 1, "continue": 1, "nested_bonus": 5}, "complexity": 11, "correlation_key": "fp|27f9ca74631242ce6274389539419d61bd745674a20e9fc46fbc4903052068ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLO-Axelera-Python/yolo11-seg.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 83578, "scanner": "repobility-threat-engine", "fingerprint": "ad32cd26a582a1789824eb1c66823fbefadffe7062e617f5f3ea7c7b3567c523", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = t", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|17|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/chart-widget.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `opencv-python` is minor version(s) behind (4.11.0.86 -> 4.13.0.92)"}, "properties": {"repobilityId": 83576, "scanner": "repobility-dependency-currency", "fingerprint": "3a5a2c7db729e6428122689590934cecb740602ac5c994a866a069c24ed317a1", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "opencv-python", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "4.13.0.92", "correlation_key": "fp|3a5a2c7db729e6428122689590934cecb740602ac5c994a866a069c24ed317a1", "current_version": "4.11.0.86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `typing-extensions` is minor version(s) behind (4.14.0 -> 4.15.0)"}, "properties": {"repobilityId": 83575, "scanner": "repobility-dependency-currency", "fingerprint": "a7ac2f810bbc86bd71874175b030c767a7ed7bd6ae9440710f51f91932af01bf", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "typing-extensions", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "4.15.0", "correlation_key": "fp|a7ac2f810bbc86bd71874175b030c767a7ed7bd6ae9440710f51f91932af01bf", "current_version": "4.14.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `requests` is minor version(s) behind (2.33.0 -> 2.34.2)"}, "properties": {"repobilityId": 83574, "scanner": "repobility-dependency-currency", "fingerprint": "c58f841d8bc70b4546def40a887d23f2497019b87fa3179642b43c0c0c82daef", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "requests", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "2.34.2", "correlation_key": "fp|c58f841d8bc70b4546def40a887d23f2497019b87fa3179642b43c0c0c82daef", "current_version": "2.33.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `onnxruntime` is minor version(s) behind (1.19.2 -> 1.26.0)"}, "properties": {"repobilityId": 83572, "scanner": "repobility-dependency-currency", "fingerprint": "3605acff5c2568a9f209a02ea99ed4bbb50650188dd97fad3dc0a7d7906f1380", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "onnxruntime", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.26.0", "correlation_key": "fp|3605acff5c2568a9f209a02ea99ed4bbb50650188dd97fad3dc0a7d7906f1380", "current_version": "1.19.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 10}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `mpmath` is minor version(s) behind (1.3.0 -> 1.4.1)"}, "properties": {"repobilityId": 83571, "scanner": "repobility-dependency-currency", "fingerprint": "ce4cf5a0c99eaef1a5756cf2b72720523038454ea296e4b493ac6e6a19138f6f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "mpmath", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "1.4.1", "correlation_key": "fp|ce4cf5a0c99eaef1a5756cf2b72720523038454ea296e4b493ac6e6a19138f6f", "current_version": "1.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `idna` is minor version(s) behind (3.15 -> 3.18)"}, "properties": {"repobilityId": 83570, "scanner": "repobility-dependency-currency", "fingerprint": "7970cb43e4a9db6baac8d335fef81d84df58752e84ac56a6cf8dfacd28fde75f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "idna", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.18", "correlation_key": "fp|7970cb43e4a9db6baac8d335fef81d84df58752e84ac56a6cf8dfacd28fde75f", "current_version": "3.15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "DEPCUR-PY", "level": "note", "message": {"text": "Python package `flatbuffers` is minor version(s) behind (25.2.10 -> 25.12.19)"}, "properties": {"repobilityId": 83569, "scanner": "repobility-dependency-currency", "fingerprint": "a3b001d450a38783d75c61aed051d8785542c95588d38075e6245a574754351c", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "flatbuffers", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "25.12.19", "correlation_key": "fp|a3b001d450a38783d75c61aed051d8785542c95588d38075e6245a574754351c", "current_version": "25.2.10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 83428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17d9838cc1f0b93a7d2cb4e70334537cb5ef745c567c909052a33860fc913477", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ultralytics/models/yolo/yoloe/train.py", "duplicate_line": 95, "correlation_key": "fp|17d9838cc1f0b93a7d2cb4e70334537cb5ef745c567c909052a33860fc913477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/yoloe/train_seg.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 83427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "773bd9a84bdc2caa4c478e076c12b3fe0745125eee4acd8fbfffb519e510bc9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ultralytics/models/sam/build.py", "duplicate_line": 242, "correlation_key": "fp|773bd9a84bdc2caa4c478e076c12b3fe0745125eee4acd8fbfffb519e510bc9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/build_sam3.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 83426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2b1ce56dcc6b6cd588fd37f5975a9e09aacf7f5cf2032371575127d93600eb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ultralytics/engine/predictor.py", "duplicate_line": 16, "correlation_key": "fp|c2b1ce56dcc6b6cd588fd37f5975a9e09aacf7f5cf2032371575127d93600eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/engine/validator.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 83665, "scanner": "repobility-threat-engine", "fingerprint": "1611ef47f563f37005ccaeeea2819bf20d8e82f0b4fd71114fcc00b8e1c470c7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1611ef47f563f37005ccaeeea2819bf20d8e82f0b4fd71114fcc00b8e1c470c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/solutions/similarity_search.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 83663, "scanner": "repobility-threat-engine", "fingerprint": "a76e545bf8ff0ab7db187f4808254d3fe3c7a9449b784ba636d43c4329ba5cb7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a76e545bf8ff0ab7db187f4808254d3fe3c7a9449b784ba636d43c4329ba5cb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/solutions/security_alarm.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 83662, "scanner": "repobility-threat-engine", "fingerprint": "a2f5a9d9b7f8e778c17e173e7bfd146cc8425b0281cc1d3cff9ff99566779fe1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2f5a9d9b7f8e778c17e173e7bfd146cc8425b0281cc1d3cff9ff99566779fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/solutions/config.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 83658, "scanner": "repobility-threat-engine", "fingerprint": "aa76beac12056d5af1bf4b95ddaaa163735f3a82499334fcd54d26ab486513a5", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|aa76beac12056d5af1bf4b95ddaaa163735f3a82499334fcd54d26ab486513a5"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 83654, "scanner": "repobility-threat-engine", "fingerprint": "b2c1991fdc203afbdc7a96c9c03339fac3d994a7a82e2fb84f353159a3a52273", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2c1991fdc203afbdc7a96c9c03339fac3d994a7a82e2fb84f353159a3a52273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/backends/openvino.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 83653, "scanner": "repobility-threat-engine", "fingerprint": "c388db9dd39bfbb437e24e244914b270be4ce8c9e7403f64c51b3c98526a69cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c388db9dd39bfbb437e24e244914b270be4ce8c9e7403f64c51b3c98526a69cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/backends/ncnn.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 83652, "scanner": "repobility-threat-engine", "fingerprint": "cb2ef7f0a7b3a59d25539a174472e44c8964fa6dfe18db83a90a6938c4ee4a52", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb2ef7f0a7b3a59d25539a174472e44c8964fa6dfe18db83a90a6938c4ee4a52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/pose/val.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 83651, "scanner": "repobility-threat-engine", "fingerprint": "63475f3d692f137d86224f7a6e225d0a700e355ba9d6880f3f7875d570f8ac7b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|63475f3d692f137d86224f7a6e225d0a700e355ba9d6880f3f7875d570f8ac7b", "aggregated_count": 14}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 83650, "scanner": "repobility-threat-engine", "fingerprint": "1a0a46ab15c26bceea6f4751a1a80776352607a491086a6ee1f969420f3dd88c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a0a46ab15c26bceea6f4751a1a80776352607a491086a6ee1f969420f3dd88c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/sam3/necks.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 83649, "scanner": "repobility-threat-engine", "fingerprint": "d4c85c1dfdded15bd0ea3e0cc45da88a4cb2aa7d802a29378035781e97505232", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4c85c1dfdded15bd0ea3e0cc45da88a4cb2aa7d802a29378035781e97505232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/sam/model.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 83648, "scanner": "repobility-threat-engine", "fingerprint": "8a1988837b54add615060f52bd7a9d86059f3bec59ee49d647ecc3fd7a27c2dc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a1988837b54add615060f52bd7a9d86059f3bec59ee49d647ecc3fd7a27c2dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/google/__init__.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 83647, "scanner": "repobility-threat-engine", "fingerprint": "95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|95cc9797c40c926759aaa04a4225f0a4ae4f9faafb543c58446c2f46cd9cfe9e", "aggregated_count": 2}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83643, "scanner": "repobility-threat-engine", "fingerprint": "2a90f201efe0fa0c5dec20cc574f41ea779c24e8a2731e92a392ebdb37082c00", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2a90f201efe0fa0c5dec20cc574f41ea779c24e8a2731e92a392ebdb37082c00"}}}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 83638, "scanner": "repobility-threat-engine", "fingerprint": "e61b72f616a1ca161d7da43ffd63b9428d14bb7e13f444b0f456d5c508ac7ec3", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "api_key=\"<redacted>\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|ultralytics/hub/auth.py|3|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 83632, "scanner": "repobility-threat-engine", "fingerprint": "d2b655d4d697dca1937996338096c9c657b64615593ecab565c3bea39f8119ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d2b655d4d697dca1937996338096c9c657b64615593ecab565c3bea39f8119ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/data/scripts/get_coco.sh"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED040", "level": "none", "message": {"text": "[MINED040] Python Yaml Load Unsafe (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83631, "scanner": "repobility-threat-engine", "fingerprint": "5afbc4173f262dac6ec949ec9b8600f5fa8f35c278471d50b27cfa5c3867fe99", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5afbc4173f262dac6ec949ec9b8600f5fa8f35c278471d50b27cfa5c3867fe99", "aggregated_count": 11}}}, {"ruleId": "MINED018", "level": "none", "message": {"text": "[MINED018] Unsafe Deserialization Pickle (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83627, "scanner": "repobility-threat-engine", "fingerprint": "bd5d4f9e0f4c498bc162eb4d1ca73e4fcd4e72c70a27b98afc7a3c5945981e0a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bd5d4f9e0f4c498bc162eb4d1ca73e4fcd4e72c70a27b98afc7a3c5945981e0a", "aggregated_count": 11}}}, {"ruleId": "SEC116", "level": "none", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83623, "scanner": "repobility-threat-engine", "fingerprint": "e3786a282e83a720c069d09a38f11df1169a672e767a6569d220634e756c1312", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e3786a282e83a720c069d09a38f11df1169a672e767a6569d220634e756c1312"}}}, {"ruleId": "SEC079", "level": "none", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83619, "scanner": "repobility-threat-engine", "fingerprint": "a595c7d00de43d4c01473a1e092365baa81187710b2108172d1cd3d2d5306b1f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a595c7d00de43d4c01473a1e092365baa81187710b2108172d1cd3d2d5306b1f"}}}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 83615, "scanner": "repobility-threat-engine", "fingerprint": "95958ddca5d7438e354b43c39ec6912e0e51186f729ba5934ce067c7bbabd78b", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|95958ddca5d7438e354b43c39ec6912e0e51186f729ba5934ce067c7bbabd78b"}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 83611, "scanner": "repobility-threat-engine", "fingerprint": "5115278fe93cf374c33256eea7b158102e5b0d064433c773c154cce66628b8ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5115278fe93cf374c33256eea7b158102e5b0d064433c773c154cce66628b8ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime-Rust/src/lib.rs"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 83610, "scanner": "repobility-threat-engine", "fingerprint": "1d5d234848f2a40e0e7497fbff63d7b42893a6ab9d15b3ddcedf04ccfc074805", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d5d234848f2a40e0e7497fbff63d7b42893a6ab9d15b3ddcedf04ccfc074805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-MNN-CPP/main_interpreter.cpp"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 83609, "scanner": "repobility-threat-engine", "fingerprint": "fe4611a31a19b6a0a45b38addab2aa97803055673eecc78a922d712eaa6c10ba", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fe4611a31a19b6a0a45b38addab2aa97803055673eecc78a922d712eaa6c10ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-MNN-CPP/main.cpp"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 83608, "scanner": "repobility-threat-engine", "fingerprint": "f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f50747163d70dab1fa2519c9a96d374fa64771763e354f97facd6a46500faf29"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 83607, "scanner": "repobility-threat-engine", "fingerprint": "ea254366f25694117d6243879e27faf033077279987b8c3d148a8c597e7a7ffe", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|140|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/yoloe/train.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 83606, "scanner": "repobility-threat-engine", "fingerprint": "ee453ac56a64ebc6405b5bd4ccae43075422243e18a345c74b9f1f009b1aeb17", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|81|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/nas/model.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 83605, "scanner": "repobility-threat-engine", "fingerprint": "626b23c1173bbf07baf43a998d17d528ea59a8d03f07613c12fe756d1fb47286", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|222|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-LibTorch-CPP-Inference/main.cc"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 83604, "scanner": "repobility-threat-engine", "fingerprint": "3b051ec26d31531e4723423b069b3afcf2a65334f7e313391faab8517696b1b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b051ec26d31531e4723423b069b3afcf2a65334f7e313391faab8517696b1b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-CPP-Inference/main.cpp"}, "region": {"startLine": 11}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 67 more): Same pattern found in 67 additional files. Review if needed."}, "properties": {"repobilityId": 83600, "scanner": "repobility-threat-engine", "fingerprint": "c12f46d0db3b3c57269694af638bd86860039fc2aae360404b92fb6712afe87d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 67 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "draw_segmentation", "breakdown": {"if": 3, "for": 1, "ternary": 1, "continue": 1, "nested_bonus": 5}, "aggregated": true, "complexity": 11, "correlation_key": "fp|c12f46d0db3b3c57269694af638bd86860039fc2aae360404b92fb6712afe87d", "aggregated_count": 67}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 83596, "scanner": "repobility-threat-engine", "fingerprint": "1361ffa9c3e6bba8c756f3d556d7d430ee765c8d57ea666109adf6c3be4e2cb1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1361ffa9c3e6bba8c756f3d556d7d430ee765c8d57ea666109adf6c3be4e2cb1", "aggregated_count": 2}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 83595, "scanner": "repobility-threat-engine", "fingerprint": "fcfd54bcd13d569e749388f60822093c6266b70402ef38366dc61610aa3848af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fcfd54bcd13d569e749388f60822093c6266b70402ef38366dc61610aa3848af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 83594, "scanner": "repobility-threat-engine", "fingerprint": "80b7f36dd299d29dae7baba88272f112960fa09d3f39430247d0884b3ef2995f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80b7f36dd299d29dae7baba88272f112960fa09d3f39430247d0884b3ef2995f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 83593, "scanner": "repobility-threat-engine", "fingerprint": "e3fdfddae0df56e9ecceaf4b8d78fc890734a03e2698c7a9dee2673a7a27513e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e3fdfddae0df56e9ecceaf4b8d78fc890734a03e2698c7a9dee2673a7a27513e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/main.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 83592, "scanner": "repobility-threat-engine", "fingerprint": "130c5045baecd0b9524abd6870aed08fddb81812daa325ac97b261216d6966ee", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|130c5045baecd0b9524abd6870aed08fddb81812daa325ac97b261216d6966ee"}}}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 83591, "scanner": "repobility-threat-engine", "fingerprint": "ee4a7b9ef329e51f823bd2cc7a8f3c364936ab1528eeb8527b71f5ed6fd59679", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|ee4a7b9ef329e51f823bd2cc7a8f3c364936ab1528eeb8527b71f5ed6fd59679"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/main.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 83588, "scanner": "repobility-threat-engine", "fingerprint": "1a3dd36cf68c95f4bbbc330bf3e012f46cc155a58c63ecc8455a8bcf3e71bfbe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a3dd36cf68c95f4bbbc330bf3e012f46cc155a58c63ecc8455a8bcf3e71bfbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/giscus.js"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 83587, "scanner": "repobility-threat-engine", "fingerprint": "e4447731b2de154053d43727d2ccf2e4594487cb7a86d5d1f911ca338507c6ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4447731b2de154053d43727d2ccf2e4594487cb7a86d5d1f911ca338507c6ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/chart-widget.js"}, "region": {"startLine": 171}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 83583, "scanner": "repobility-threat-engine", "fingerprint": "4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4a4f0807e4b2a602904c2c23d95abb6f9e09448ebf29c9e0a18b9da6a89476f2"}}}, {"ruleId": "DEPCUR-PY", "level": "none", "message": {"text": "Python package `charset-normalizer` is patch version(s) behind (3.4.2 -> 3.4.7)"}, "properties": {"repobilityId": 83568, "scanner": "repobility-dependency-currency", "fingerprint": "2f08769078cab6ceab8890413976242761b900676b88af7f641a573d011490fe", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "charset-normalizer", "scanner": "repobility-dependency-currency", "ecosystem": "pypi", "languages": ["python"], "latest_version": "3.4.7", "correlation_key": "fp|2f08769078cab6ceab8890413976242761b900676b88af7f641a573d011490fe", "current_version": "3.4.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 83670, "scanner": "repobility-threat-engine", "fingerprint": "edb711121679df4f88a97d2c3d9543d871db363095102d51106356c7e1b7abf5", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"_batch(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|48|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/callbacks/dvc.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 83669, "scanner": "repobility-threat-engine", "fingerprint": "cce43fc1439a0622a95a35f6efbc8b963c575f00445781ed9c582a553910f4c5", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"_batch(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|29|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/callbacks/clearml.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 83660, "scanner": "repobility-threat-engine", "fingerprint": "00d87a3c8cd39c4543c33998ca99100624bda218d3efeaf94924d083e4770f9b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00d87a3c8cd39c4543c33998ca99100624bda218d3efeaf94924d083e4770f9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/modules/__init__.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 83646, "scanner": "repobility-threat-engine", "fingerprint": "de64d791d187ed1e5f68c21d1d8822911d7bd8760cca1cbc3ee478aeb3e10f95", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de64d791d187ed1e5f68c21d1d8822911d7bd8760cca1cbc3ee478aeb3e10f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/backends/tensorflow.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 83645, "scanner": "repobility-threat-engine", "fingerprint": "2c29a62135f63726f181fa2646db1240333b77c454c047533fd2622619be24fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2c29a62135f63726f181fa2646db1240333b77c454c047533fd2622619be24fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/backends/mnn.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 83644, "scanner": "repobility-threat-engine", "fingerprint": "6a899ae670d4533837dc9699c2fab555277f20bff171875f3ed13570497a26ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a899ae670d4533837dc9699c2fab555277f20bff171875f3ed13570497a26ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/google/__init__.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 83642, "scanner": "repobility-threat-engine", "fingerprint": "3e005fd6a77054d0b3d416759e41407711c5ab34359e1a9c014259d4db1d42e4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.save(txt_map, cache_path)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e005fd6a77054d0b3d416759e41407711c5ab34359e1a9c014259d4db1d42e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/world/train.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 83641, "scanner": "repobility-threat-engine", "fingerprint": "5c909f637a2b3e97a62dd0e9b1aef52a5f4fe77dfe753adb551f192dce287cc6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "result.update(keypoints=pred_kpts)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c909f637a2b3e97a62dd0e9b1aef52a5f4fe77dfe753adb551f192dce287cc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/models/yolo/pose/predict.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 83640, "scanner": "repobility-threat-engine", "fingerprint": "0bc2e8415eda4eafee3982b182f523793d71d03f95baa3a81381390b4ff40532", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "SETTINGS.update({\"api_key\": <redacted>})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bc2e8415eda4eafee3982b182f523793d71d03f95baa3a81381390b4ff40532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 83637, "scanner": "repobility-threat-engine", "fingerprint": "dbef0a5d2d51b096d8679ffd04a13629f7da0a4572d8331eac351a2efbd3fd3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dbef0a5d2d51b096d8679ffd04a13629f7da0a4572d8331eac351a2efbd3fd3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 83636, "scanner": "repobility-threat-engine", "fingerprint": "b3cb1d89adcacdbb55053221a85b9f6b28a7c00cfb0ae57d04695f35378c38f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3cb1d89adcacdbb55053221a85b9f6b28a7c00cfb0ae57d04695f35378c38f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/__init__.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 83634, "scanner": "repobility-threat-engine", "fingerprint": "ef5b60421b0fd5c7195146d57896db9bf47a9785f3d2c4e1cf3abdf327add7e0", "category": "credential_exposure", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Formatted expression outputs a credential-bearing value directly.", "evidence": {"match": "LOGGER.info(f\"{PREFIX}Get API key from {API_KEY_URL} and then run 'yolo login API_KEY'\")", "reason": "Formatted expression outputs a credential-bearing value directly.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.92, "correlation_key": "secret|ultralytics/hub/auth.py|8|logger.info f prefix get api key from api_key_url and then run yolo login api_key"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 83633, "scanner": "repobility-threat-engine", "fingerprint": "a0799cb6bf2dd01830f1eb657842f06855202810a7cf3a9cac51413988f761ed", "category": "credential_exposure", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Formatted expression outputs a credential-bearing value directly.", "evidence": {"match": "LOGGER.info(f\"{PREFIX}Get API key from {api_key_url} and then run 'yolo login API_KEY'\")", "reason": "Formatted expression outputs a credential-bearing value directly.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.92, "correlation_key": "secret|ultralytics/hub/__init__.py|6|logger.info f prefix get api key from api_key_url and then run yolo login api_key"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/__init__.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 83630, "scanner": "repobility-threat-engine", "fingerprint": "0f42a425786b078641048d591060d5cbba762b88817202a50039462552094223", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f42a425786b078641048d591060d5cbba762b88817202a50039462552094223"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Segmentation-ONNXRuntime-Python/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 83629, "scanner": "repobility-threat-engine", "fingerprint": "f3f34464dd2e1ebdfd294fb90ffe2752eeb2e75d63cfe6a4895c479fed452546", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f3f34464dd2e1ebdfd294fb90ffe2752eeb2e75d63cfe6a4895c479fed452546"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/main.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 83628, "scanner": "repobility-threat-engine", "fingerprint": "37aec3272ebc82e976ce3ddbe18f812d0a3214a16b466885f58cee6080e8d346", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37aec3272ebc82e976ce3ddbe18f812d0a3214a16b466885f58cee6080e8d346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/main.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83603, "scanner": "repobility-threat-engine", "fingerprint": "66d225509b325536bd9fcee70f354dae706a71117a5e5c6fb5afec1ae6b9be27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66d225509b325536bd9fcee70f354dae706a71117a5e5c6fb5afec1ae6b9be27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime-Rust/src/yolo_result.rs"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83602, "scanner": "repobility-threat-engine", "fingerprint": "059207c45ea6638685b364370827931ea25db1ab8db94241d5f12c2d89200cc5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|059207c45ea6638685b364370827931ea25db1ab8db94241d5f12c2d89200cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime-Rust/src/lib.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 83601, "scanner": "repobility-threat-engine", "fingerprint": "76debf8c5ad9b28031e75a6fd204365308464e1487ced9cfe32056436bd1beed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76debf8c5ad9b28031e75a6fd204365308464e1487ced9cfe32056436bd1beed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLO-Series-ONNXRuntime-Rust/src/main.rs"}, "region": {"startLine": 138}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=2, else=2, if=7, nested_bonus=14, or=1, ternary=5, while=1."}, "properties": {"repobilityId": 83599, "scanner": "repobility-threat-engine", "fingerprint": "984685a794e8232554f8434770024d82af8bada9643df70cb980fca277eb668f", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 32 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "or": 1, "else": 2, "break": 2, "while": 1, "ternary": 5, "nested_bonus": 14}, "complexity": 32, "correlation_key": "fp|984685a794e8232554f8434770024d82af8bada9643df70cb980fca277eb668f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLO-Axelera-Python/yolo26-pose-tracker.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 83590, "scanner": "repobility-threat-engine", "fingerprint": "02bc92149dd8477c37f6518ff5ebe58816de146c8a2166f879d706ee3ace2648", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|02bc92149dd8477c37f6518ff5ebe58816de146c8a2166f879d706ee3ace2648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/auth.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 83589, "scanner": "repobility-threat-engine", "fingerprint": "bce122b38f5c9d21bcc6769ee905151132347e426dbd0b0bfa47372506c4be5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bce122b38f5c9d21bcc6769ee905151132347e426dbd0b0bfa47372506c4be5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/hub/__init__.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 83585, "scanner": "repobility-threat-engine", "fingerprint": "8d8db78b37544c19785977e02962766256671bd783b43c3b709e9fd3da5eeff5", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `\n      <button class=\"ult-search-button\" title=\"Search documentation (${hotkey})\" aria", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8d8db78b37544c19785977e02962766256671bd783b43c3b709e9fd3da5eeff5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/extra.js"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 83584, "scanner": "repobility-threat-engine", "fingerprint": "9b69f319c1eaa4d57e3a1221c509d01f299e108faff507f5da34d2db34cb1f4c", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((h) => `\"${row[h] || \"\"}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b69f319c1eaa4d57e3a1221c509d01f299e108faff507f5da34d2db34cb1f4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/chart-widget.js"}, "region": {"startLine": 158}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83582, "scanner": "repobility-threat-engine", "fingerprint": "537ee85c5233b2bfc452ad27e39fb447df087a65e87781dbccc2fc12ceadaf01", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|537ee85c5233b2bfc452ad27e39fb447df087a65e87781dbccc2fc12ceadaf01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/RTDETR-ONNXRuntime-Python/main.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83581, "scanner": "repobility-threat-engine", "fingerprint": "7a0e36dd998a46dc9114001a541c0f75b078d458b41109820a4538f6104d3208", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a0e36dd998a46dc9114001a541c0f75b078d458b41109820a4538f6104d3208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/extra.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 83580, "scanner": "repobility-threat-engine", "fingerprint": "ed9b2c53c5727fb46ef64a8a13f12a51fcaa5281d38605eb3d2e0ca732385ad7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ed9b2c53c5727fb46ef64a8a13f12a51fcaa5281d38605eb3d2e0ca732385ad7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/chart-widget.js"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 83579, "scanner": "repobility-threat-engine", "fingerprint": "2a3da1cd71272c7a6ca6ed34525d6054de5d30bdfff39e3974b98930fce2b846", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|85|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/overrides/javascript/extra.js"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 83556, "scanner": "repobility-supply-chain", "fingerprint": "26a40cc529b2a1e44d99428fae7548cdc1f86bd9a1c0ab49b0f156775c6905c0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26a40cc529b2a1e44d99428fae7548cdc1f86bd9a1c0ab49b0f156775c6905c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83555, "scanner": "repobility-supply-chain", "fingerprint": "2a023504e9fc7dd1a1abdbfbe03fec76dc81ec94357a451d52d803bb0b6ba77b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a023504e9fc7dd1a1abdbfbe03fec76dc81ec94357a451d52d803bb0b6ba77b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 295}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83554, "scanner": "repobility-supply-chain", "fingerprint": "c3428c1e95a8ccd17cb9930af1ccee70a289a89101fc3f77ac874529c35c2a51", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c3428c1e95a8ccd17cb9930af1ccee70a289a89101fc3f77ac874529c35c2a51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83553, "scanner": "repobility-supply-chain", "fingerprint": "12c103a7269be75a78da7a4917d8405813786845a33bfb7144845a9e4a654b96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|12c103a7269be75a78da7a4917d8405813786845a33bfb7144845a9e4a654b96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 83552, "scanner": "repobility-supply-chain", "fingerprint": "a09bc0c053f6cb6d109453f7bf8746c365be54c30810cf9c9316b58d41d09906", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a09bc0c053f6cb6d109453f7bf8746c365be54c30810cf9c9316b58d41d09906"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 83551, "scanner": "repobility-supply-chain", "fingerprint": "d45836cf42aac6bbb025ac364e0df848463a067d0dbf31b97c31adb9bc50a4b9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d45836cf42aac6bbb025ac364e0df848463a067d0dbf31b97c31adb9bc50a4b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83550, "scanner": "repobility-supply-chain", "fingerprint": "6d607fdf743c2d273ecf12b7723e1764174d24872e5e9afdd335effb64dc8d24", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d607fdf743c2d273ecf12b7723e1764174d24872e5e9afdd335effb64dc8d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83549, "scanner": "repobility-supply-chain", "fingerprint": "7a731913211fad6105f8c807e8be24a1abcf584d9d10b45769e2035d8dd4e1bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a731913211fad6105f8c807e8be24a1abcf584d9d10b45769e2035d8dd4e1bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83548, "scanner": "repobility-supply-chain", "fingerprint": "86c5787904498a3a585bdb606d5f276db1035b2a33c5925cd9209873b1e0a4c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|86c5787904498a3a585bdb606d5f276db1035b2a33c5925cd9209873b1e0a4c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 83547, "scanner": "repobility-supply-chain", "fingerprint": "5d2cacc2ea4fb27da98b07c16999b41b8a53950429d41e563fcc8c79ac16cd3c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d2cacc2ea4fb27da98b07c16999b41b8a53950429d41e563fcc8c79ac16cd3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83546, "scanner": "repobility-supply-chain", "fingerprint": "cc5e159e8f34b1b54305a2f83f3ed099889bfb972980b54a683db2f686c609e6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc5e159e8f34b1b54305a2f83f3ed099889bfb972980b54a683db2f686c609e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83545, "scanner": "repobility-supply-chain", "fingerprint": "48bfb5885c88171033b5b7b538fdebbb724ed223a58f12eb17174e2542fdcd1e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48bfb5885c88171033b5b7b538fdebbb724ed223a58f12eb17174e2542fdcd1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `contributor-assistant/github-action` pinned to mutable ref `@v2.6.1`"}, "properties": {"repobilityId": 83544, "scanner": "repobility-supply-chain", "fingerprint": "22f690750dd2365c2c71595ccf201d64f07e109c9ed9c86cb23582a655a00286", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22f690750dd2365c2c71595ccf201d64f07e109c9ed9c86cb23582a655a00286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cla.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `slackapi/slack-github-action` pinned to mutable ref `@v3.0.3`"}, "properties": {"repobilityId": 83543, "scanner": "repobility-supply-chain", "fingerprint": "ec97a3feb586ce1d35f40035091e48c5fd5efc07b8876e6c1cab95d75b4af09d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec97a3feb586ce1d35f40035091e48c5fd5efc07b8876e6c1cab95d75b4af09d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 310}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83542, "scanner": "repobility-supply-chain", "fingerprint": "11df4b561624517a408e4a21ca804cedb1fb795fd8a69ad0003ebe307080c04b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11df4b561624517a408e4a21ca804cedb1fb795fd8a69ad0003ebe307080c04b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83541, "scanner": "repobility-supply-chain", "fingerprint": "36f060b54994f9a6264273ede64988b77e1dbec63ffd0b3e0fc32b38aeff67b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36f060b54994f9a6264273ede64988b77e1dbec63ffd0b3e0fc32b38aeff67b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 208}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83540, "scanner": "repobility-supply-chain", "fingerprint": "d5131bc8617d4d1ce8eddc6f0323809b5d1069d3b410dc5c388b9b660d4a2a2c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d5131bc8617d4d1ce8eddc6f0323809b5d1069d3b410dc5c388b9b660d4a2a2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83539, "scanner": "repobility-supply-chain", "fingerprint": "bea3485ed20a22223888999b28fe309349ca2ff0560ffc1f5aaff6c32e746ee1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bea3485ed20a22223888999b28fe309349ca2ff0560ffc1f5aaff6c32e746ee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83538, "scanner": "repobility-supply-chain", "fingerprint": "4be2162eeba20663fedd01c5bb810bc8e039b252729e5bceaf1169131f6df9a3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4be2162eeba20663fedd01c5bb810bc8e039b252729e5bceaf1169131f6df9a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83537, "scanner": "repobility-supply-chain", "fingerprint": "682243bcb0317ff260f040c540d78671f268d2a5011d914c836b0b542748f59b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|682243bcb0317ff260f040c540d78671f268d2a5011d914c836b0b542748f59b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83536, "scanner": "repobility-supply-chain", "fingerprint": "530bf910d0a490877ca861e9cbb4063f0367fd2520e6f0b9d9479721929692e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|530bf910d0a490877ca861e9cbb4063f0367fd2520e6f0b9d9479721929692e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/cleanup-disk` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83535, "scanner": "repobility-supply-chain", "fingerprint": "0aa060d9cbfb7e4594edb4dc004a32eb32a47b6ef6e3a9204df0f928119c5690", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0aa060d9cbfb7e4594edb4dc004a32eb32a47b6ef6e3a9204df0f928119c5690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83534, "scanner": "repobility-supply-chain", "fingerprint": "d3bcec6225dbe770907395efdb07515f68b184c016ed12a66b0ab00078d59b8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3bcec6225dbe770907395efdb07515f68b184c016ed12a66b0ab00078d59b8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/links.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ultralytics/actions/retry` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 83533, "scanner": "repobility-supply-chain", "fingerprint": "9340fed44a50c8c29efeb7578c4ba231ca2a6c264db4a1dc4016275b2bdb6c23", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9340fed44a50c8c29efeb7578c4ba231ca2a6c264db4a1dc4016275b2bdb6c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/links.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 83532, "scanner": "repobility-supply-chain", "fingerprint": "feaef378d6393a78ef080b7d922a7b0febf48629054647480d9fa3e1a4eebd75", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|feaef378d6393a78ef080b7d922a7b0febf48629054647480d9fa3e1a4eebd75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/links.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED119", "level": "error", "message": {"text": "Dockerfile `ADD https://github.com/ultralytics/assets/releases/download/v8.4.0/yolo26n.pt`"}, "properties": {"repobilityId": 83522, "scanner": "repobility-supply-chain", "fingerprint": "6f3b2eeb361c74a968ba53dc57ed2e82e03a89310e190056f9836f673517a92b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-add-remote-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829", "CWE-494"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f3b2eeb361c74a968ba53dc57ed2e82e03a89310e190056f9836f673517a92b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED119", "level": "error", "message": {"text": "Dockerfile `ADD https://github.com/ultralytics/assets/releases/download/v0.0.0/Arial.ttf`"}, "properties": {"repobilityId": 83521, "scanner": "repobility-supply-chain", "fingerprint": "7c151b1e8695c2d5193d046ab3b8aa4bcd99192e5fb9cd4e1c664d6007c9b9ae", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-add-remote-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829", "CWE-494"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c151b1e8695c2d5193d046ab3b8aa4bcd99192e5fb9cd4e1c664d6007c9b9ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `pytorch/pytorch:2.11.0-cuda12.8-cudnn9-runtime` not pinned by digest"}, "properties": {"repobilityId": 83520, "scanner": "repobility-supply-chain", "fingerprint": "77cb0a344565a294069c8741ef3c8692ff0e6744b328ece553a3fb4432d24763", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77cb0a344565a294069c8741ef3c8692ff0e6744b328ece553a3fb4432d24763"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.is_fused` used but never assigned in __init__"}, "properties": {"repobilityId": 83483, "scanner": "repobility-ast-engine", "fingerprint": "1451348bf665438a723f3dcff784fed78ee5077b9317c4ac7090ac22a71a4b4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1451348bf665438a723f3dcff784fed78ee5077b9317c4ac7090ac22a71a4b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 83482, "scanner": "repobility-ast-engine", "fingerprint": "aaae56e69e8e353b6fd82bd57f634c158e9b45494313e09ccad0547b30c6e9c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaae56e69e8e353b6fd82bd57f634c158e9b45494313e09ccad0547b30c6e9c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 83481, "scanner": "repobility-ast-engine", "fingerprint": "fb86118a614343d4ee366529aa8aa4701f7499c22d49b73facb5cdbb31a04025", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb86118a614343d4ee366529aa8aa4701f7499c22d49b73facb5cdbb31a04025"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._predict_once` used but never assigned in __init__"}, "properties": {"repobilityId": 83480, "scanner": "repobility-ast-engine", "fingerprint": "a82f40d96a5454cedb32a87f382f10ce9a97c58fc42196e78b47c5565b74edf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a82f40d96a5454cedb32a87f382f10ce9a97c58fc42196e78b47c5565b74edf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.save` used but never assigned in __init__"}, "properties": {"repobilityId": 83479, "scanner": "repobility-ast-engine", "fingerprint": "a6620da6074ea400c492654c195f4a7682bc3c691abee0af0ef6f06de4a795c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6620da6074ea400c492654c195f4a7682bc3c691abee0af0ef6f06de4a795c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._profile_one_layer` used but never assigned in __init__"}, "properties": {"repobilityId": 83478, "scanner": "repobility-ast-engine", "fingerprint": "1ee3f2d333f9b89fa7c8d0b03291f82bb3c4f3c88cf20d7d1ea65a0ffd73aec9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ee3f2d333f9b89fa7c8d0b03291f82bb3c4f3c88cf20d7d1ea65a0ffd73aec9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 83477, "scanner": "repobility-ast-engine", "fingerprint": "ef88b06df06588ba9c3a9e13e2745ed2f396c3781bb4c6f0a76cd53ef52a8bd6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef88b06df06588ba9c3a9e13e2745ed2f396c3781bb4c6f0a76cd53ef52a8bd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._predict_augment` used but never assigned in __init__"}, "properties": {"repobilityId": 83476, "scanner": "repobility-ast-engine", "fingerprint": "306016fdd22049865268ffd591a38fcc5ba7a44b4d7f65d099a2647e5aa8df5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|306016fdd22049865268ffd591a38fcc5ba7a44b4d7f65d099a2647e5aa8df5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._predict_once` used but never assigned in __init__"}, "properties": {"repobilityId": 83475, "scanner": "repobility-ast-engine", "fingerprint": "232fee38cd45ddc09cbbb45ad3a64e61025d3b230d5669a67203fc6bb0673969", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|232fee38cd45ddc09cbbb45ad3a64e61025d3b230d5669a67203fc6bb0673969"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.loss` used but never assigned in __init__"}, "properties": {"repobilityId": 83474, "scanner": "repobility-ast-engine", "fingerprint": "2e0a3b2c779df7a6f0e6bf34df05c025b30bb2cd20f566c3d6f4e068713fca77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e0a3b2c779df7a6f0e6bf34df05c025b30bb2cd20f566c3d6f4e068713fca77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.predict` used but never assigned in __init__"}, "properties": {"repobilityId": 83473, "scanner": "repobility-ast-engine", "fingerprint": "9cf2f83f7f2fb6441b852c41b940494fc3a439ea61d23490245618f7a2efdfce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9cf2f83f7f2fb6441b852c41b940494fc3a439ea61d23490245618f7a2efdfce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/tasks.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.device` used but never assigned in __init__"}, "properties": {"repobilityId": 83472, "scanner": "repobility-ast-engine", "fingerprint": "c0c047784ce7e1f02a2691beaf3e506e62bfa56cca3606e49e6775c18268afbb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0c047784ce7e1f02a2691beaf3e506e62bfa56cca3606e49e6775c18268afbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.fp16` used but never assigned in __init__"}, "properties": {"repobilityId": 83471, "scanner": "repobility-ast-engine", "fingerprint": "b49d8d2303d29d04cbe858a15a6eaf631548474b855a3e8dd74e4beadea1211e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b49d8d2303d29d04cbe858a15a6eaf631548474b855a3e8dd74e4beadea1211e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.device` used but never assigned in __init__"}, "properties": {"repobilityId": 83470, "scanner": "repobility-ast-engine", "fingerprint": "f9d47c59e050110037ec979801435aebcff7e6600e8a906ac9e00a18b21ae69e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9d47c59e050110037ec979801435aebcff7e6600e8a906ac9e00a18b21ae69e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.forward` used but never assigned in __init__"}, "properties": {"repobilityId": 83469, "scanner": "repobility-ast-engine", "fingerprint": "c5dcdf413f957fb21d144594d9746540dfef85e3812595b953258d81e7207837", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5dcdf413f957fb21d144594d9746540dfef85e3812595b953258d81e7207837"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.device` used but never assigned in __init__"}, "properties": {"repobilityId": 83468, "scanner": "repobility-ast-engine", "fingerprint": "59cd267358d37ee4021e464fa180103e116539c69ca3a2d826a6a74665acb51f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59cd267358d37ee4021e464fa180103e116539c69ca3a2d826a6a74665acb51f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.device` used but never assigned in __init__"}, "properties": {"repobilityId": 83467, "scanner": "repobility-ast-engine", "fingerprint": "cf04630364b1eb33873a319af08cd9908e20a8cebf93e09d8cb2855a0afdc66b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf04630364b1eb33873a319af08cd9908e20a8cebf93e09d8cb2855a0afdc66b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.task` used but never assigned in __init__"}, "properties": {"repobilityId": 83466, "scanner": "repobility-ast-engine", "fingerprint": "86fbb9de2d958a2ba211053d452692154400487a3aefe57f7015c16137138d01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86fbb9de2d958a2ba211053d452692154400487a3aefe57f7015c16137138d01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.names` used but never assigned in __init__"}, "properties": {"repobilityId": 83465, "scanner": "repobility-ast-engine", "fingerprint": "6347b613413e10d74cb0ef5d41f3cd683cc677ea46fb569866ad1f0a5d1049dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6347b613413e10d74cb0ef5d41f3cd683cc677ea46fb569866ad1f0a5d1049dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 282}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.from_numpy` used but never assigned in __init__"}, "properties": {"repobilityId": 83464, "scanner": "repobility-ast-engine", "fingerprint": "1a89432bcd1e8171b68e6f86c022bffcca052cfb651a8c06b214a04eb4a255da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a89432bcd1e8171b68e6f86c022bffcca052cfb651a8c06b214a04eb4a255da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.from_numpy` used but never assigned in __init__"}, "properties": {"repobilityId": 83463, "scanner": "repobility-ast-engine", "fingerprint": "42578533918dae9d154c1ca5994e44749d76970be6f122a8620056a38875e0c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42578533918dae9d154c1ca5994e44749d76970be6f122a8620056a38875e0c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.names` used but never assigned in __init__"}, "properties": {"repobilityId": 83462, "scanner": "repobility-ast-engine", "fingerprint": "98ee4a89513387c61b652ded21dddc8e9edd125bfd3dab51e60f3bd475e1b1fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98ee4a89513387c61b652ded21dddc8e9edd125bfd3dab51e60f3bd475e1b1fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/autobackend.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.image_preprocess` used but never assigned in __init__"}, "properties": {"repobilityId": 83461, "scanner": "repobility-ast-engine", "fingerprint": "ca3b0e1947b0379c733c5a3b8d47877b797e2f1b06d3a09051f6b5396a882564", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca3b0e1947b0379c733c5a3b8d47877b797e2f1b06d3a09051f6b5396a882564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/text_model.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 83460, "scanner": "repobility-ast-engine", "fingerprint": "93fcdde501d2de1d8e9fc33e457c5666b603c45b966db35cf0922525c45f4252", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93fcdde501d2de1d8e9fc33e457c5666b603c45b966db35cf0922525c45f4252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/text_model.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model` used but never assigned in __init__"}, "properties": {"repobilityId": 83459, "scanner": "repobility-ast-engine", "fingerprint": "220ca9c101c994b3fb3c45b16486dc60a0e97778f4d4e95b4b312df386b24cf4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|220ca9c101c994b3fb3c45b16486dc60a0e97778f4d4e95b4b312df386b24cf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/text_model.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_youtube"}, "properties": {"repobilityId": 83457, "scanner": "repobility-ast-engine", "fingerprint": "4276fac71b7d0c92a2873aa44c47efe4d650410f308f6f72b4ccbefa10b40d2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4276fac71b7d0c92a2873aa44c47efe4d650410f308f6f72b4ccbefa10b40d2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_python.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_predict_visualize"}, "properties": {"repobilityId": 83456, "scanner": "repobility-ast-engine", "fingerprint": "54ee53a541a3731c9344ef8456395f361390c4676a4bcb5d56b3ba4ceacbc240", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|54ee53a541a3731c9344ef8456395f361390c4676a4bcb5d56b3ba4ceacbc240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_python.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_model_profile"}, "properties": {"repobilityId": 83455, "scanner": "repobility-ast-engine", "fingerprint": "29836cd49f7abb7d193c608d332b52e5850ac3c25045dc43a95a0d6842b90b56", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29836cd49f7abb7d193c608d332b52e5850ac3c25045dc43a95a0d6842b90b56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_python.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_model_methods"}, "properties": {"repobilityId": 83454, "scanner": "repobility-ast-engine", "fingerprint": "cf9cfd1ca80b7aca30b9d746aacf0c22ef086507a309803b6b3b0b4d21342022", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf9cfd1ca80b7aca30b9d746aacf0c22ef086507a309803b6b3b0b4d21342022"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_python.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_model_forward"}, "properties": {"repobilityId": 83453, "scanner": "repobility-ast-engine", "fingerprint": "e6bedb5f69701db173b0db421259dc069ffa8f6d09287ac17c31fae1de67e2d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6bedb5f69701db173b0db421259dc069ffa8f6d09287ac17c31fae1de67e2d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_python.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_solutions"}, "properties": {"repobilityId": 83452, "scanner": "repobility-ast-engine", "fingerprint": "5ea126c6bd46aa38df57f05f9b9d8ef9fca550746ce6211e079e3e013117ce5a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ea126c6bd46aa38df57f05f9b9d8ef9fca550746ce6211e079e3e013117ce5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_train_gpu"}, "properties": {"repobilityId": 83451, "scanner": "repobility-ast-engine", "fingerprint": "a6ceaced6c5eb23dd40f94d3d5fc366f86045e673357d5192f97f4a707534acf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6ceaced6c5eb23dd40f94d3d5fc366f86045e673357d5192f97f4a707534acf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_mobilesam"}, "properties": {"repobilityId": 83450, "scanner": "repobility-ast-engine", "fingerprint": "8456d3687bb426fcd42cdf07bbf0a0c39d89850106a1e8cf385f0788eb7ef14d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8456d3687bb426fcd42cdf07bbf0a0c39d89850106a1e8cf385f0788eb7ef14d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_fastsam"}, "properties": {"repobilityId": 83449, "scanner": "repobility-ast-engine", "fingerprint": "da8299741176ad0d15567a994a84aebfea0cd910c1d1c6fc2d7a98af2ffd33fb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da8299741176ad0d15567a994a84aebfea0cd910c1d1c6fc2d7a98af2ffd33fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rtdetr"}, "properties": {"repobilityId": 83448, "scanner": "repobility-ast-engine", "fingerprint": "74128973fc92555cef1199b93f80173683c3931a62d964741e4f13ed65511e3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74128973fc92555cef1199b93f80173683c3931a62d964741e4f13ed65511e3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_export"}, "properties": {"repobilityId": 83447, "scanner": "repobility-ast-engine", "fingerprint": "8dff6d12137141f101f0d2e0223c36b02ed93022e3960b1bb921172a093dfb2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8dff6d12137141f101f0d2e0223c36b02ed93022e3960b1bb921172a093dfb2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_predict"}, "properties": {"repobilityId": 83446, "scanner": "repobility-ast-engine", "fingerprint": "e7dca4e2a3cf045a897385128ac3e279bbe7313a5f79a7fd52a2c49c0451903d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7dca4e2a3cf045a897385128ac3e279bbe7313a5f79a7fd52a2c49c0451903d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_val"}, "properties": {"repobilityId": 83445, "scanner": "repobility-ast-engine", "fingerprint": "36b78818a9fdbf503ef9f032d4a541efdee7b3d0ff888518a0dd6568a82b2a35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36b78818a9fdbf503ef9f032d4a541efdee7b3d0ff888518a0dd6568a82b2a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_train"}, "properties": {"repobilityId": 83444, "scanner": "repobility-ast-engine", "fingerprint": "a6c22d3bb0f16283511d4269df0e33c6fd03d16e721bae4da39d2d15b5fa79be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6c22d3bb0f16283511d4269df0e33c6fd03d16e721bae4da39d2d15b5fa79be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_special_modes"}, "properties": {"repobilityId": 83443, "scanner": "repobility-ast-engine", "fingerprint": "656b7daf302774c8a5db24aa2413ff2a2cee6399b5011aabe5435efe905d2339", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|656b7daf302774c8a5db24aa2413ff2a2cee6399b5011aabe5435efe905d2339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cli.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_predict_sam"}, "properties": {"repobilityId": 83442, "scanner": "repobility-ast-engine", "fingerprint": "f5967eccc49d92b92dfdfa2b169ec28c96a403255e64369fd325b14520896fd2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f5967eccc49d92b92dfdfa2b169ec28c96a403255e64369fd325b14520896fd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cuda.py"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_utils_benchmarks"}, "properties": {"repobilityId": 83441, "scanner": "repobility-ast-engine", "fingerprint": "b56f2b20ce47e33d8d11bb7e3d793fb4f297ffbb2ca1c9e452791b4bb0bbb355", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b56f2b20ce47e33d8d11bb7e3d793fb4f297ffbb2ca1c9e452791b4bb0bbb355"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cuda.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_autobatch"}, "properties": {"repobilityId": 83440, "scanner": "repobility-ast-engine", "fingerprint": "7e090f9f1b9a133f2fbb9bc180ec676ce95e0016f119a31156a4d0f24a037126", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e090f9f1b9a133f2fbb9bc180ec676ce95e0016f119a31156a4d0f24a037126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cuda.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_export_engine_matrix"}, "properties": {"repobilityId": 83439, "scanner": "repobility-ast-engine", "fingerprint": "c6866171269eec29eaf5cb129e1d8f19bde0c911d1098e82d0b419162e56e945", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6866171269eec29eaf5cb129e1d8f19bde0c911d1098e82d0b419162e56e945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cuda.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_export_onnx_matrix"}, "properties": {"repobilityId": 83438, "scanner": "repobility-ast-engine", "fingerprint": "ef28e582ae028d9b2f7180620fc4d95caec3f41d6a84ba18258f36d9c3c6de7c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef28e582ae028d9b2f7180620fc4d95caec3f41d6a84ba18258f36d9c3c6de7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_cuda.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_display_output_method"}, "properties": {"repobilityId": 83437, "scanner": "repobility-ast-engine", "fingerprint": "7d8349c5c4ff76bdbddf93f02a8ccab774d39d4859fc2c0704c252acc0d363cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d8349c5c4ff76bdbddf93f02a8ccab774d39d4859fc2c0704c252acc0d363cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_solutions.py"}, "region": {"startLine": 351}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_object_crop_with_show_True"}, "properties": {"repobilityId": 83436, "scanner": "repobility-ast-engine", "fingerprint": "cf245179bf17b20ab8eff351e90ba08bb928cf649e987de668d50e95658a6a9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf245179bf17b20ab8eff351e90ba08bb928cf649e987de668d50e95658a6a9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_solutions.py"}, "region": {"startLine": 346}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_similarity_search"}, "properties": {"repobilityId": 83435, "scanner": "repobility-ast-engine", "fingerprint": "aaf025ebfec43b0f966b646b4a8b6a037283b1e553a996664feb6e05ff394a01", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaf025ebfec43b0f966b646b4a8b6a037283b1e553a996664feb6e05ff394a01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_solutions.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parking_json_none"}, "properties": {"repobilityId": 83434, "scanner": "repobility-ast-engine", "fingerprint": "1e54ab75699cf3087294a1b66e1f9659090fc96f69d249ff495c491077dea017", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e54ab75699cf3087294a1b66e1f9659090fc96f69d249ff495c491077dea017"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_solutions.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_solution"}, "properties": {"repobilityId": 83433, "scanner": "repobility-ast-engine", "fingerprint": "fd7a3928cf17fc0514e82f3a1393c3a8c86845275e69e6aff836b2d71f5ce801", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd7a3928cf17fc0514e82f3a1393c3a8c86845275e69e6aff836b2d71f5ce801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_solutions.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83697, "scanner": "gitleaks", "fingerprint": "e5e6bec911946ab547bf6084fba3ccc5fb0f9a7eeab83dc7ab03fbbc24fb3c9d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|221|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 2211}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83696, "scanner": "gitleaks", "fingerprint": "dd80bcf0682c63b6f53f4adae0a5ff44633fb744f09b5c1de15f01c4fe6a541c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|220|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 2204}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83695, "scanner": "gitleaks", "fingerprint": "113f6acbce13af7061bc7df9411432375657a4c39a6d0a1dfd4d84aa28406e6c", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X DELETE \\\n  -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|175|curl -x delete -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 1756}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83694, "scanner": "gitleaks", "fingerprint": "95e3d02239fefcee96581081d52643faeac25f8bb7b8d71b36c63fee356aefd7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|118|curl -x post -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 1184}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83693, "scanner": "gitleaks", "fingerprint": "8f161569e02b4387d0de2cc0f46151a16e3206e0bafd3348a2689252b470d1ce", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|91|curl -x post -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 914}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83692, "scanner": "gitleaks", "fingerprint": "acf71c972f23e2367c4b13f53aec0966b58423e3b07100eae676e0721eb0b30b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|82|curl -x post -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 826}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83691, "scanner": "gitleaks", "fingerprint": "39400d8dbdb7b9da10b8962f9dd13bd56c9475a4a651022d2fa3483c4ea1167a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|64|curl -x post -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 643}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83690, "scanner": "gitleaks", "fingerprint": "d4708f237212f361ab7e4061ca5dcd263cfce795cd267e9b9fcd256580cf9883", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|20|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 208}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83689, "scanner": "gitleaks", "fingerprint": "0c65ee5c66dd692096902b90ac609ec3327d42b067d9da3dfff9b90aca18ff23", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|8|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 82}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83688, "scanner": "gitleaks", "fingerprint": "936852d0aeafe99148b6c98cbbebc4d7f07d33a6c1de3a339c145bfca653bc90", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|1|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/api/index.md"}, "region": {"startLine": 17}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83687, "scanner": "gitleaks", "fingerprint": "10dc6d35128315e264bcaa50d5c778f1d98dd3a1318142bfba60ad8eb8a452e1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://your-endpoint-url/predict\" \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|docs/en/platform/index.md|19|curl -x post token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/index.md"}, "region": {"startLine": 195}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83686, "scanner": "gitleaks", "fingerprint": "fa6c467c0914d900936365ea0904380b2b0bc1c958caeed8840bf710243e4a31", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|10|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/account/api-keys.md"}, "region": {"startLine": 105}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83685, "scanner": "gitleaks", "fingerprint": "884e520680513077ec5c2542658efd232523da52c41bd8d7acf1046afdb67ed6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      \"https://predict-abc123.run.app/predict\" \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|33|curl -x post token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/deploy/endpoints.md"}, "region": {"startLine": 336}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83684, "scanner": "gitleaks", "fingerprint": "36d6bd753b5b4c06ebf99401d91e54cadbb4580e0de231e3099f2cfdff89eb4d", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \\\n      \"https://platform.ultralytics.com/api/models/MODEL_ID/predict\" \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|17|curl -x post token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/deploy/inference.md"}, "region": {"startLine": 177}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83683, "scanner": "gitleaks", "fingerprint": "bb79fc845cd95b7bf6473c4835f8cb6583b1b8dec50620e762d9d57d3bcf9af8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "curl -X POST -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|17|curl -x post -h authorization: bearer redacted", "duplicate_count": 1, "duplicate_rule_ids": ["curl-auth-header"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["2f71b82ee4f94f177d2dbd91efebe1efa1de076032c2b4138858a94d9b38334d", "bb79fc845cd95b7bf6473c4835f8cb6583b1b8dec50620e762d9d57d3bcf9af8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/account/activity.md"}, "region": {"startLine": 174}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83682, "scanner": "gitleaks", "fingerprint": "42261d6a4b8d67b315f9f35d142e720e090a222b18b3bf97698e768344f58214", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|14|curl -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/account/activity.md"}, "region": {"startLine": 150}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83681, "scanner": "gitleaks", "fingerprint": "793ffefd016cab25f957550ededfc0b3e20421d0386af8bb1af8295939662560", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://platform.ultralytics.com/api/models/{model_id}/predict\" \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|30|curl -x post token / model_id /predict -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/quickstart.md"}, "region": {"startLine": 305}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83680, "scanner": "gitleaks", "fingerprint": "456e780bdfd755eaac2f80d71e155ab9ccb3e45e274d3ecfa5e3118bddf680b1", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://predict-abc123.run.app/predict\" \\\n      -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|21|curl -x post token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/deploy/monitoring.md"}, "region": {"startLine": 213}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83679, "scanner": "gitleaks", "fingerprint": "2766c6e89f8f64593a0a03a0c4c1c64baec8f8c3f65c87626913daf8d3742431", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "curl -X POST -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|16|curl -x post -h authorization: bearer redacted", "duplicate_count": 1, "duplicate_rule_ids": ["curl-auth-header"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["22a0578502e12c57fb015e10dcdbd9cade6bf148fc0d1b0d688c836c37de3bbc", "2766c6e89f8f64593a0a03a0c4c1c64baec8f8c3f65c87626913daf8d3742431"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/account/trash.md"}, "region": {"startLine": 161}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 83678, "scanner": "gitleaks", "fingerprint": "df54e4b6e601fac0330dfe441f69d7f260aabf7b947cd7c990061093e2ba24c4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "curl -H \"Authorization: Bearer <redacted>\"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|15|curl -h authorization: bearer redacted", "duplicate_count": 1, "duplicate_rule_ids": ["curl-auth-header"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["6dda9534c161bf0bbe1ed7d2ee6157ab0473ad8a507f47a0ea3692b833e40223", "df54e4b6e601fac0330dfe441f69d7f260aabf7b947cd7c990061093e2ba24c4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/en/platform/account/trash.md"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED102", "level": "error", "message": {"text": "[MINED102] Shell Injection Via F-string: Shell command built via f-string or .format with non-constant input \u2014 command injection. An attacker controlling any interpolated value can execute arbitrary shell commands."}, "properties": {"repobilityId": 83661, "scanner": "repobility-threat-engine", "fingerprint": "c5f2c8622fee7439f0b562392ff536590bd6ea40bf0e9dc5d23318ff815999f6", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "shell-injection-format", "owasp": "A03:2021", "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-19T13:00:00.000000+00:00", "triaged_in_corpus": 1, "observations_count": 175, "ai_coder_pattern_id": 11}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c5f2c8622fee7439f0b562392ff536590bd6ea40bf0e9dc5d23318ff815999f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/nn/modules/__init__.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 83626, "scanner": "repobility-threat-engine", "fingerprint": "bd808c33d381c3cf5988d953f594b28d7ab94788fda37f8d57009dab3a6d4ae4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd808c33d381c3cf5988d953f594b28d7ab94788fda37f8d57009dab3a6d4ae4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Segmentation-ONNXRuntime-Python/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 83625, "scanner": "repobility-threat-engine", "fingerprint": "c573876859eea2a936fa87618f85110028c84650daf31b18dd89a27626194042", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c573876859eea2a936fa87618f85110028c84650daf31b18dd89a27626194042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/main.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 83624, "scanner": "repobility-threat-engine", "fingerprint": "b13710bd96392a46f4eb85f7f22f4fdd188438415655dc22828d64a745b318ca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b13710bd96392a46f4eb85f7f22f4fdd188438415655dc22828d64a745b318ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/main.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 83622, "scanner": "repobility-threat-engine", "fingerprint": "03340bb98d69fa427de1bb2c1afca1d5ef62f43b9b74cbc504fbf56ec369ccd8", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|58|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Segmentation-ONNXRuntime-Python/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 83621, "scanner": "repobility-threat-engine", "fingerprint": "e8cbae35d5f1fe093640a9d82d799e1a0099b2218526c9285bde32303e988ee8", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|13|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/main.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 83620, "scanner": "repobility-threat-engine", "fingerprint": "837f760272c50754bf1fb07f46ebe7cb6e93ac7e9b908ff31506d3bde0050c5d", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|63|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/main.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 83618, "scanner": "repobility-threat-engine", "fingerprint": "50d17b059a8cfb87ef3673e030d6526e04bb1db22d9c57ee1073be5ecabe7aa1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(ROOT / \"cfg/datasets/coco8.yaml\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|50d17b059a8cfb87ef3673e030d6526e04bb1db22d9c57ee1073be5ecabe7aa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-Segmentation-ONNXRuntime-Python/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 83617, "scanner": "repobility-threat-engine", "fingerprint": "01bd9e8fc1aed61bdaa777e5d9da30da0b0adc02f2459ad06e78e069211f4f71", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(ROOT / \"cfg/datasets/coco8.yaml\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|01bd9e8fc1aed61bdaa777e5d9da30da0b0adc02f2459ad06e78e069211f4f71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-OpenCV-ONNX-Python/main.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 83616, "scanner": "repobility-threat-engine", "fingerprint": "ec6962db9bcd183471477d3c81e1e2edf7cd0c6d596f3f976cb285a5c4d7e2ab", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "YAML.load(ROOT / \"cfg/datasets/coco8.yaml\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ec6962db9bcd183471477d3c81e1e2edf7cd0c6d596f3f976cb285a5c4d7e2ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/YOLOv8-ONNXRuntime/main.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BRAVE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 83566, "scanner": "repobility-supply-chain", "fingerprint": "a92dbf97f2b8e7392472ef8fbe4a95bddf618ee38b12c90ac1bc2a5cf043ea6b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a92dbf97f2b8e7392472ef8fbe4a95bddf618ee38b12c90ac1bc2a5cf043ea6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/format.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 83565, "scanner": "repobility-supply-chain", "fingerprint": "de28e2ca3167247876ba82be8e20b82fa58f5126cd476e03b6e6dd53ebb34d65", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de28e2ca3167247876ba82be8e20b82fa58f5126cd476e03b6e6dd53ebb34d65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/format.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets._GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83564, "scanner": "repobility-supply-chain", "fingerprint": "a55692e33960d80b0b9b5c75cadd76f253889fb8f80c78377f2b5ad76d71ab9c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a55692e33960d80b0b9b5c75cadd76f253889fb8f80c78377f2b5ad76d71ab9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/format.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets._GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83563, "scanner": "repobility-supply-chain", "fingerprint": "43c8531f9cae39508f49ca50d030715e9289743ef19ba9c8b2e8516c75bd9c55", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43c8531f9cae39508f49ca50d030715e9289743ef19ba9c8b2e8516c75bd9c55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.INDEXNOW_KEY_DOCS` on a `pull_request` trigger"}, "properties": {"repobilityId": 83562, "scanner": "repobility-supply-chain", "fingerprint": "1242e939175241744f28ffdc6615802d8f1c409300909fecf6a9baf6ff61f0ad", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1242e939175241744f28ffdc6615802d8f1c409300909fecf6a9baf6ff61f0ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets._GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83561, "scanner": "repobility-supply-chain", "fingerprint": "755a78fbed9dc38d73e0ba0c9657a6466b78f38e51268c255fd3c40c66cd2872", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|755a78fbed9dc38d73e0ba0c9657a6466b78f38e51268c255fd3c40c66cd2872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.SLACK_WEBHOOK_URL_YOLO` on a `pull_request` trigger"}, "properties": {"repobilityId": 83560, "scanner": "repobility-supply-chain", "fingerprint": "bcaa8c95380063fcc77a1978279df572bfb13c3dd001c18eba4fafbff084f646", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bcaa8c95380063fcc77a1978279df572bfb13c3dd001c18eba4fafbff084f646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 642}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83559, "scanner": "repobility-supply-chain", "fingerprint": "7aa7af3dee5c5d8ba446ec9526d3f8c4a3b579e1824da47ae8ef4a243bc70fae", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7aa7af3dee5c5d8ba446ec9526d3f8c4a3b579e1824da47ae8ef4a243bc70fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 448}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83558, "scanner": "repobility-supply-chain", "fingerprint": "76101620054eb38377bbaa34066082733addf0bcb6a66a9b9c94bc923a2a627b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76101620054eb38377bbaa34066082733addf0bcb6a66a9b9c94bc923a2a627b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 83557, "scanner": "repobility-supply-chain", "fingerprint": "17c291344394dee65b821a5583f556485c9038bdf8f55b2b257c20301b80e327", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17c291344394dee65b821a5583f556485c9038bdf8f55b2b257c20301b80e327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `string` used but not imported"}, "properties": {"repobilityId": 83510, "scanner": "repobility-ast-engine", "fingerprint": "988901e4371d142fb4bd97cc549b87e214f960ad977a43e9a22943fd9bc9e19b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|988901e4371d142fb4bd97cc549b87e214f960ad977a43e9a22943fd9bc9e19b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ultralytics/utils/__init__.py"}, "region": {"startLine": 497}}}]}]}]}