{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `find_dependencies` has cognitive complexity 15 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `find_dependencies` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 38 more): Same pattern found in 38 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 12 more): Same pattern found in 12 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED085", "name": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM.", "shortDescription": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1075 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`", "shortDescription": {"text": "Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`"}, "fullDescription": {"text": "`uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `fedora:latest` unpinned", "shortDescription": {"text": "Workflow container/services image `fedora:latest` unpinned"}, "fullDescription": {"text": "`container/services image: fedora:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "Trojan Source bidi character (RLM) in source", "shortDescription": {"text": "Trojan Source bidi character (RLM) in source"}, "fullDescription": {"text": "Line 986 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/816"}, "properties": {"repository": "tesseract-ocr/tesseract", "repoUrl": "https://github.com/tesseract-ocr/tesseract", "branch": "main"}, "results": [{"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 71645, "scanner": "repobility-threat-engine", "fingerprint": "46b43ed9495b42935a4aee819685a118279ccd35bec26ffb05bea890de66bbb0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|46b43ed9495b42935a4aee819685a118279ccd35bec26ffb05bea890de66bbb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lstm/parallel.cpp"}, "region": {"startLine": 58}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `find_dependencies` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=1, if=5, nested_bonus=6, recursion=1."}, "properties": {"repobilityId": 71633, "scanner": "repobility-threat-engine", "fingerprint": "15cbffd45893f91e989e0dd1817bd8482cfb89a6e2d0d0c95038bacef8f5edf0", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "find_dependencies", "breakdown": {"if": 5, "for": 1, "continue": 2, "recursion": 1, "nested_bonus": 6}, "complexity": 15, "correlation_key": "fp|15cbffd45893f91e989e0dd1817bd8482cfb89a6e2d0d0c95038bacef8f5edf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nsis/find_deps.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71602, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a94271f58982d7f752899637c3979746b76bc84ebf40a38760c9675bb210e5d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/training/cntraining.cpp", "duplicate_line": 16, "correlation_key": "fp|2a94271f58982d7f752899637c3979746b76bc84ebf40a38760c9675bb210e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/training/mftraining.cpp"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71601, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b7ce3f198e9d2e1518524edb0406284809762c7d68c75e0a0f87b7cbe2f21a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/textord/pithsync.h", "duplicate_line": 38, "correlation_key": "fp|2b7ce3f198e9d2e1518524edb0406284809762c7d68c75e0a0f87b7cbe2f21a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/textord/pitsync1.h"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71600, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b27796aa4c9c2be2e056be5c9579f01252fe2bfe58e2fc873ed3f8be4ac7930e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/textord/pithsync.cpp", "duplicate_line": 222, "correlation_key": "fp|b27796aa4c9c2be2e056be5c9579f01252fe2bfe58e2fc873ed3f8be4ac7930e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/textord/pithsync.h"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71599, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0135969c9bc69017a76ba2dbf0e9b6b557a2c85f454548871edf9a1b077ea04e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccutil/bitvector.cpp", "duplicate_line": 13, "correlation_key": "fp|0135969c9bc69017a76ba2dbf0e9b6b557a2c85f454548871edf9a1b077ea04e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/classify/intmatcher.cpp"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71598, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62f99f4c878870fbd601353e8a0b771e44d0bb6888a14b3f91c0350842bd0793", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccstruct/blobs.cpp", "duplicate_line": 496, "correlation_key": "fp|62f99f4c878870fbd601353e8a0b771e44d0bb6888a14b3f91c0350842bd0793"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/classify/intfx.cpp"}, "region": {"startLine": 268}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71597, "scanner": "repobility-ai-code-hygiene", "fingerprint": "379f07f388e54312098b20b2580076aa95f8c86c0561aad0c92cae8feebd78e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccutil/clst.h", "duplicate_line": 41, "correlation_key": "fp|379f07f388e54312098b20b2580076aa95f8c86c0561aad0c92cae8feebd78e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccutil/elst2.h"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71596, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0f976a58c0ba7a1b414fb261bf86d5a114d2705fb4833eda3dcdf5533834a22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccutil/elst.h", "duplicate_line": 53, "correlation_key": "fp|a0f976a58c0ba7a1b414fb261bf86d5a114d2705fb4833eda3dcdf5533834a22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccutil/elst2.h"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71595, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14b4088c90fdf008d185b36ac2968c4ac885d0a502d0617b1d84331343dad894", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccutil/clst.h", "duplicate_line": 34, "correlation_key": "fp|14b4088c90fdf008d185b36ac2968c4ac885d0a502d0617b1d84331343dad894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccutil/elst.h"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71594, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7303ab6d00c9f32b688bd666539983e20415c4615569ac0d7b426c84b9c5d8ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ccmain/pageiterator.cpp", "duplicate_line": 157, "correlation_key": "fp|7303ab6d00c9f32b688bd666539983e20415c4615569ac0d7b426c84b9c5d8ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccmain/resultiterator.cpp"}, "region": {"startLine": 480}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71593, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0324bb603b8d32fa1b8173f701a2ab6373ae5bb2efee7251d6d0e9c5cac3003", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/arch/dotproductavx.cpp", "duplicate_line": 38, "correlation_key": "fp|b0324bb603b8d32fa1b8173f701a2ab6373ae5bb2efee7251d6d0e9c5cac3003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/arch/dotproductfma.cpp"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 71592, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e01ee967af46b81ba3b803d3804860d032d18dd8199e2f6273ea0623822ed6ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "java/com/google/scrollview/ui/SVMenuBar.java", "duplicate_line": 22, "correlation_key": "fp|e01ee967af46b81ba3b803d3804860d032d18dd8199e2f6273ea0623822ed6ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/com/google/scrollview/ui/SVPopupMenu.java"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "properties": {"repobilityId": 71644, "scanner": "repobility-threat-engine", "fingerprint": "13b485bbc959bb30174a74f74a5997b8392cc4393ae94d35296d2973746fa65b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|13b485bbc959bb30174a74f74a5997b8392cc4393ae94d35296d2973746fa65b", "aggregated_count": 38}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 71643, "scanner": "repobility-threat-engine", "fingerprint": "a2c9db35e71618638227666179a9c02c856705bd3b3e1bf5547c2a4ca100fd1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2c9db35e71618638227666179a9c02c856705bd3b3e1bf5547c2a4ca100fd1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccmain/werdit.cpp"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 71642, "scanner": "repobility-threat-engine", "fingerprint": "7a1eaf1f7ce96a38d0ad9d3b05747d9d325fce19e0b5b707d99a3b1a4eb3199f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a1eaf1f7ce96a38d0ad9d3b05747d9d325fce19e0b5b707d99a3b1a4eb3199f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccmain/paramsd.cpp"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 71641, "scanner": "repobility-threat-engine", "fingerprint": "759c2147040314116ed2b8cade7a8d124ec263b6225051436ff2e69c7e4f7dd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|759c2147040314116ed2b8cade7a8d124ec263b6225051436ff2e69c7e4f7dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccmain/linerec.cpp"}, "region": {"startLine": 225}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 71640, "scanner": "repobility-threat-engine", "fingerprint": "35d41502c55718b81c5fe3436dbe7401b9ee358792f943c3512a16b5dc3c0ffa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|35d41502c55718b81c5fe3436dbe7401b9ee358792f943c3512a16b5dc3c0ffa"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 71636, "scanner": "repobility-threat-engine", "fingerprint": "2232afb9abedd211f21588cc4d03ea0e6df3ec65a52829b88986f0343bbc1339", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2232afb9abedd211f21588cc4d03ea0e6df3ec65a52829b88986f0343bbc1339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "unittest/syntaxnet/base.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 71635, "scanner": "repobility-threat-engine", "fingerprint": "3e646b91367f167e73f6f6f320b99ae4fbc22c133f12632a13658611bd7f66c8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e646b91367f167e73f6f6f320b99ae4fbc22c133f12632a13658611bd7f66c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/altorenderer.cpp"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 71632, "scanner": "repobility-threat-engine", "fingerprint": "fb32e4bce9f04d71d47ce999287cb8cc21febf1bc93cadba7b3f235c9667f990", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb32e4bce9f04d71d47ce999287cb8cc21febf1bc93cadba7b3f235c9667f990"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nsis/build.sh"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 71631, "scanner": "repobility-threat-engine", "fingerprint": "bebc237040bafd8cec31344729c1dcb554a4c58aacfa8490996d4860ebd8a34c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bebc237040bafd8cec31344729c1dcb554a4c58aacfa8490996d4860ebd8a34c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/com/google/scrollview/ui/SVPopupMenu.java"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED085", "level": "none", "message": {"text": "[MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM."}, "properties": {"repobilityId": 71630, "scanner": "repobility-threat-engine", "fingerprint": "b24975e1e0126d61a91ab333f8128d976347b6d81efbe6d7dacb9faf277a37ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "java-systemexit", "owasp": null, "cwe_ids": ["CWE-1075"], "languages": ["java"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348136+00:00", "triaged_in_corpus": 15, "observations_count": 970, "ai_coder_pattern_id": 127}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b24975e1e0126d61a91ab333f8128d976347b6d81efbe6d7dacb9faf277a37ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/com/google/scrollview/ui/SVMenuBar.java"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 71647, "scanner": "repobility-threat-engine", "fingerprint": "d9c2a2ac44a5969f0ae1126a6daef06e5fddbe4f74c0bbdcb06a9e2227943e63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9c2a2ac44a5969f0ae1126a6daef06e5fddbe4f74c0bbdcb06a9e2227943e63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "unittest/dawg_test.cc"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 71646, "scanner": "repobility-threat-engine", "fingerprint": "c121d82c1830cfe728662d80e9bb1dfd582745d252c4a0e39433f89780129fee", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|65|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/training/ambiguous_words.cpp"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 71639, "scanner": "repobility-threat-engine", "fingerprint": "ee058bc1cf0c816cd330bf8b6dc69e4ac6953abaa2443a583ff60d2efe885510", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pix.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ee058bc1cf0c816cd330bf8b6dc69e4ac6953abaa2443a583ff60d2efe885510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lstm/input.cpp"}, "region": {"startLine": 94}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 71638, "scanner": "repobility-threat-engine", "fingerprint": "be8a47ff996695f065c11d8563270de76dd56529768781256d00bb6102e43b9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "weights_.Update(learning_rate, momentum, adam_beta, num_samples);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|be8a47ff996695f065c11d8563270de76dd56529768781256d00bb6102e43b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lstm/fullyconnected.cpp"}, "region": {"startLine": 325}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 71637, "scanner": "repobility-threat-engine", "fingerprint": "2f5881df0e3f0200851481dfbc7493fd7a9504471450d49d3def7b044f2e07a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "box_pix.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2f5881df0e3f0200851481dfbc7493fd7a9504471450d49d3def7b044f2e07a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ccmain/linerec.cpp"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 71628, "scanner": "repobility-supply-chain", "fingerprint": "75ee191a3a7f19fcd3c013bf85f0a8acad861c1b9f8cb7c36642a3e9d81b2134", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75ee191a3a7f19fcd3c013bf85f0a8acad861c1b9f8cb7c36642a3e9d81b2134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cifuzz.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71627, "scanner": "repobility-supply-chain", "fingerprint": "fa3dcf2f33c1fe2f6d7999f2e5c15e8f2e0a0a47056fbda1faaa56e7ca6d05ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa3dcf2f33c1fe2f6d7999f2e5c15e8f2e0a0a47056fbda1faaa56e7ca6d05ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittest.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71626, "scanner": "repobility-supply-chain", "fingerprint": "3c8a02ef33b4dbd4f87af2e99a83619c020edd3cf57d9f1eeb4bcc229a047490", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3c8a02ef33b4dbd4f87af2e99a83619c020edd3cf57d9f1eeb4bcc229a047490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/vcpkg.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 71625, "scanner": "repobility-supply-chain", "fingerprint": "6daa5a745e162cc2eaab80c1f931e110939ae0df4abec9270925abc826a708a6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6daa5a745e162cc2eaab80c1f931e110939ae0df4abec9270925abc826a708a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cmake-win64.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71624, "scanner": "repobility-supply-chain", "fingerprint": "84899018dd779465fecb1a3db5b37275c7d19cca4b104d4974b07ee86ebd9aee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84899018dd779465fecb1a3db5b37275c7d19cca4b104d4974b07ee86ebd9aee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cmake-win64.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `microsoft/setup-msbuild` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 71623, "scanner": "repobility-supply-chain", "fingerprint": "bb9e79a553e2a873ff9fc09ccc901f5983fe3496612ac78a77d3fa046257717c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb9e79a553e2a873ff9fc09ccc901f5983fe3496612ac78a77d3fa046257717c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cmake-win64.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ilammy/setup-nasm` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 71622, "scanner": "repobility-supply-chain", "fingerprint": "a19de6c2e16a6598b2578d17552bd4e271cb6e0159bf7f538480488ba4261413", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a19de6c2e16a6598b2578d17552bd4e271cb6e0159bf7f538480488ba4261413"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cmake-win64.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71621, "scanner": "repobility-supply-chain", "fingerprint": "e6b98332729f65a0a7a187bdff9465e3e4ba1b19c4ca907bf17620573cab160f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6b98332729f65a0a7a187bdff9465e3e4ba1b19c4ca907bf17620573cab160f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autotools-openmp.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 71620, "scanner": "repobility-supply-chain", "fingerprint": "9513f24ae803a2a6ff1bb11746ec908334d6bf8d62549091c24c48311f4625b9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9513f24ae803a2a6ff1bb11746ec908334d6bf8d62549091c24c48311f4625b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/installer-for-windows.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71619, "scanner": "repobility-supply-chain", "fingerprint": "e8b8406e07faa84012c37bb101aeae81d5f59d5f13973ea1aa52c67c77e65843", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8b8406e07faa84012c37bb101aeae81d5f59d5f13973ea1aa52c67c77e65843"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/installer-for-windows.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/analyze` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 71618, "scanner": "repobility-supply-chain", "fingerprint": "63c486ce334a8bf246dda12a6995a004ee6ad2f5bc7b13c572b29aa8c5c3ab58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63c486ce334a8bf246dda12a6995a004ee6ad2f5bc7b13c572b29aa8c5c3ab58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/init` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 71617, "scanner": "repobility-supply-chain", "fingerprint": "272cfa7616d34b4f89209dbbde9762cae109c08ef56f88bc4a21d4d380c0953a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|272cfa7616d34b4f89209dbbde9762cae109c08ef56f88bc4a21d4d380c0953a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71616, "scanner": "repobility-supply-chain", "fingerprint": "e714f64ba800599220f688bce1004c7b82694af6f4b6b6c7a5acb0fda0d4239d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e714f64ba800599220f688bce1004c7b82694af6f4b6b6c7a5acb0fda0d4239d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `fedora:latest` unpinned"}, "properties": {"repobilityId": 71615, "scanner": "repobility-supply-chain", "fingerprint": "6f2743488932a57e978bde5a5b7187089d4c4825f5bab4b882a9e399c008a437", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f2743488932a57e978bde5a5b7187089d4c4825f5bab4b882a9e399c008a437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sw.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `mikepenz/action-junit-report` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71614, "scanner": "repobility-supply-chain", "fingerprint": "db4472f54146940b590911248676e6f406910add9d966b1982ac358b7211769f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|db4472f54146940b590911248676e6f406910add9d966b1982ac358b7211769f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sw.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 71613, "scanner": "repobility-supply-chain", "fingerprint": "f65c2abe83559a9b87faf36cdf716ce5b1965cddf33ca32820f71e1f19c5fdfe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f65c2abe83559a9b87faf36cdf716ce5b1965cddf33ca32820f71e1f19c5fdfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sw.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `egorpugin/sw-action` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 71612, "scanner": "repobility-supply-chain", "fingerprint": "976366a8dc9cf53b979f2c7ce5b46531f59d6a25f7076c4a9a89e0c0609f49fe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|976366a8dc9cf53b979f2c7ce5b46531f59d6a25f7076c4a9a89e0c0609f49fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sw.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71611, "scanner": "repobility-supply-chain", "fingerprint": "700e24261ed6910a06089c68bb30ea2be43074bb95670d4c8b3b16898f2bd6fc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|700e24261ed6910a06089c68bb30ea2be43074bb95670d4c8b3b16898f2bd6fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sw.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71610, "scanner": "repobility-supply-chain", "fingerprint": "215a91ece7c554a7a48aa3373c552f75d0755303a31af403a48e89b2ccef799d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|215a91ece7c554a7a48aa3373c552f75d0755303a31af403a48e89b2ccef799d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autotools-macos.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71609, "scanner": "repobility-supply-chain", "fingerprint": "b25a738ece1db7e939cde8a5c3e9e14f09c5f7220e9a5350abfb9e1f53ca90f7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b25a738ece1db7e939cde8a5c3e9e14f09c5f7220e9a5350abfb9e1f53ca90f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autotools-macos.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `msys2/setup-msys2` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 71608, "scanner": "repobility-supply-chain", "fingerprint": "729c8a72bc22fc6d329f255936d378d38825dc36692cd9bf0bfbcd844d7c2cfc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|729c8a72bc22fc6d329f255936d378d38825dc36692cd9bf0bfbcd844d7c2cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/msys2.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71607, "scanner": "repobility-supply-chain", "fingerprint": "eea9d3d887005ba63e3b5ae39f2dccfc3925c3d081277f03075389eef297a558", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eea9d3d887005ba63e3b5ae39f2dccfc3925c3d081277f03075389eef297a558"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/msys2.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71606, "scanner": "repobility-supply-chain", "fingerprint": "010ea1ba4e37ba3946eec1cbb7a4fe6f8e60d5bd9d4c310bdc783f724263f89b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|010ea1ba4e37ba3946eec1cbb7a4fe6f8e60d5bd9d4c310bdc783f724263f89b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittest-macos.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71605, "scanner": "repobility-supply-chain", "fingerprint": "14ec15d6343d27504de9d9d060326dff7b2d0bf6aa4e9a7d0b02643a226ee839", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14ec15d6343d27504de9d9d060326dff7b2d0bf6aa4e9a7d0b02643a226ee839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/unittest-disablelegacy.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 71604, "scanner": "repobility-supply-chain", "fingerprint": "927da4b123828e9198742bbd0a956e8611caa57db7a9a0dae0f02a88b8362930", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|927da4b123828e9198742bbd0a956e8611caa57db7a9a0dae0f02a88b8362930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autotools.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 71603, "scanner": "repobility-supply-chain", "fingerprint": "21b1a4eacb0605e078178f8424d1d7e03325a7d2c3cea27e4e1fe56eae9c018b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|21b1a4eacb0605e078178f8424d1d7e03325a7d2c3cea27e4e1fe56eae9c018b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autotools.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 71591, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 71634, "scanner": "repobility-threat-engine", "fingerprint": "594c6d9da369ee3b2279c8979b82e852ad16a5648e67cb69f430cd33e37c1dea", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|594c6d9da369ee3b2279c8979b82e852ad16a5648e67cb69f430cd33e37c1dea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nsis/winpath.cpp"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "Trojan Source bidi character (RLM) in source"}, "properties": {"repobilityId": 71629, "scanner": "repobility-supply-chain", "fingerprint": "43a202c21093b75f128416baad1622f25a3327a558f8592110876f8ff38acac8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|src/api/pagerenderer.cpp", "duplicate_count": 1, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["43a202c21093b75f128416baad1622f25a3327a558f8592110876f8ff38acac8", "4ec861b561091b6a68a231435efe33e14c02625288f3c6417fe325ea0c4a3bb4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/pagerenderer.cpp"}, "region": {"startLine": 986}}}]}]}]}