{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC119", "name": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbo", "shortDescription": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "fullDescription": {"text": "Use 0600 (owner rw only) for secrets, 0644 for general files, 0700 for directories with secrets. Java: `setReadable(true, true)` (owner-only)."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every :\n link\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 16 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases.", "shortDescription": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 34 more): Same pattern found in 34 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 47 more): Same pattern found in 47 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 20 more): Same pattern found in 20 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI halluci", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 10 more): Same pattern found in 10 additional files. Review if nee", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 29 more): Same pattern found in 29 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 29 more): Same pattern found in 29 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 52 more): Same pattern found in 52 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 50 more): Same pattern found in 50 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `lscr.io/linuxserver/webtop:ubuntu-xfce` not pinned by digest: `FROM lscr.io/linuxserver/webt", "shortDescription": {"text": "[MINED118] Dockerfile FROM `lscr.io/linuxserver/webtop:ubuntu-xfce` not pinned by digest: `FROM lscr.io/linuxserver/webtop:ubuntu-xfce` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every bu"}, "fullDescription": {"text": "Replace with: `FROM lscr.io/linuxserver/webtop:ubuntu-xfce@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha> # v5` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@boxlite-ai/boxlite` pulled from URL/Git: `dependencies.@boxlite-ai/boxlite` = `file:../../", "shortDescription": {"text": "[MINED122] package.json dep `@boxlite-ai/boxlite` pulled from URL/Git: `dependencies.@boxlite-ai/boxlite` = `file:../../sdks/node` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or gi"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.", "shortDescription": {"text": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.com/boxlite-ai/boxlite/libs/api-client-go => ../../api-client-go` overrides the canonical dependency with a different so"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `main`: `urllib.request.urlopen` is a synchronou", "shortDescription": {"text": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `main`: `urllib.request.urlopen` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the "}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_cannot_remove_running_box: Test function `test_cannot_remove_running_box` runs co", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_cannot_remove_running_box: Test function `test_cannot_remove_running_box` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifyi"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.playwright_endpoint` used but never assigned in __init__: Method `connect` of class `BrowserBox` reads ", "shortDescription": {"text": "[MINED108] `self.playwright_endpoint` used but never assigned in __init__: Method `connect` of class `BrowserBox` reads `self.playwright_endpoint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attrib"}, "fullDescription": {"text": "Initialize `self.playwright_endpoint = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED099", "name": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded dir", "shortDescription": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "fullDescription": {"text": "Move the secret to an environment variable or secret manager. Rotate the exposed credential immediately \u2014 assume it is compromised."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.", "shortDescription": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.GH_APP_PRIVATE_KEY` on a `pull_request` trigger: This workflow triggers on `pull_reque", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.GH_APP_PRIVATE_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_APP_PRIVATE_KEY }` lets a PR from any fork exfiltrate "}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/220"}, "properties": {"repository": "boxlite-ai/boxlite", "repoUrl": "https://github.com/boxlite-ai/boxlite", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47969, "scanner": "repobility-ast-engine", "fingerprint": "cf55c9da1964c7fed547549395b8a1a178739befd25fb1c8955b319ec7b7c367", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf55c9da1964c7fed547549395b8a1a178739befd25fb1c8955b319ec7b7c367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openapi/reference-server/server.py"}, "region": {"startLine": 859}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47968, "scanner": "repobility-ast-engine", "fingerprint": "ecfb539efe297c71f25fcc1664c6ac61732cebb86082e7ca4475c875d49051fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ecfb539efe297c71f25fcc1664c6ac61732cebb86082e7ca4475c875d49051fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openapi/reference-server/server.py"}, "region": {"startLine": 829}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47967, "scanner": "repobility-ast-engine", "fingerprint": "2742fb585cdffeabf3176eb12704f917e8d56ec4fa25d62ba79343655d67f449", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2742fb585cdffeabf3176eb12704f917e8d56ec4fa25d62ba79343655d67f449"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/07_advanced/ai_pipeline/host.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47966, "scanner": "repobility-ast-engine", "fingerprint": "ad0a95a638bb497311a3c13ebe391a28da35e2377757d6e3e2dab0ff66a24f9c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad0a95a638bb497311a3c13ebe391a28da35e2377757d6e3e2dab0ff66a24f9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/share_across_processes.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47965, "scanner": "repobility-ast-engine", "fingerprint": "3f6abb996f5a09305f0cdbdbb653133e29fe57edb8ff8e86df856c6aa36c45ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f6abb996f5a09305f0cdbdbb653133e29fe57edb8ff8e86df856c6aa36c45ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/share_across_processes.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47964, "scanner": "repobility-ast-engine", "fingerprint": "08f737482631b300493082ae6e4f20a37a2cdd46701fad82832fac4aa020572d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08f737482631b300493082ae6e4f20a37a2cdd46701fad82832fac4aa020572d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 316}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47963, "scanner": "repobility-ast-engine", "fingerprint": "ff44c91818e6accc1845294b1e6d0b8a32a81d63b7c6d9072f327da538e9a95c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff44c91818e6accc1845294b1e6d0b8a32a81d63b7c6d9072f327da538e9a95c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 287}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47962, "scanner": "repobility-ast-engine", "fingerprint": "be08df874a9c6e297e16402d350bafea1c9063a73b0e365e9c898a16a6ef274d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be08df874a9c6e297e16402d350bafea1c9063a73b0e365e9c898a16a6ef274d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47961, "scanner": "repobility-ast-engine", "fingerprint": "2a218ad49399921ff7ac3df6a264c754636c4e068d26259c2e66ca6ebaec6869", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a218ad49399921ff7ac3df6a264c754636c4e068d26259c2e66ca6ebaec6869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47960, "scanner": "repobility-ast-engine", "fingerprint": "75240a09db865e7e2373f2e0040dc8f50386f3d7f72d18926fbcb41db664fe5f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75240a09db865e7e2373f2e0040dc8f50386f3d7f72d18926fbcb41db664fe5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/04_interactive/install_claude_interactively.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47959, "scanner": "repobility-ast-engine", "fingerprint": "05b7ba0ffe7c299f8b213b928639763120e2a88a94d2e16244fae21a7641c1bb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05b7ba0ffe7c299f8b213b928639763120e2a88a94d2e16244fae21a7641c1bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/04_interactive/run_interactive_shell.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47958, "scanner": "repobility-ast-engine", "fingerprint": "b6472a66a4e5a1aa545df2f93bfc3a8fd2c7fe6a3f97c192fa57da686dff30a2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6472a66a4e5a1aa545df2f93bfc3a8fd2c7fe6a3f97c192fa57da686dff30a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/06_ai_agents/run_openclaw.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47957, "scanner": "repobility-ast-engine", "fingerprint": "669ef555e43ed0085dd6a9f3154758ab14be6e4cedf7abffa443dbeecd81b528", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|669ef555e43ed0085dd6a9f3154758ab14be6e4cedf7abffa443dbeecd81b528"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/06_ai_agents/drive_box_with_llm.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47956, "scanner": "repobility-ast-engine", "fingerprint": "d0ce2fe92d9739bba394aeefe2ab9878fb4c1cd3091c4053389a7cb0f72a656a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0ce2fe92d9739bba394aeefe2ab9878fb4c1cd3091c4053389a7cb0f72a656a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/06_ai_agents/drive_box_with_minimax.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47955, "scanner": "repobility-ast-engine", "fingerprint": "431d19a4bbed274f528d3af137070a4fe6a32a76eec6ccc10e708336f3ab7b56", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|431d19a4bbed274f528d3af137070a4fe6a32a76eec6ccc10e708336f3ab7b56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/07_advanced/use_native_api.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47954, "scanner": "repobility-ast-engine", "fingerprint": "70af65e66e8444a0130ae861454ff3f23aabbab1baa36a369b3b4eb093b24881", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70af65e66e8444a0130ae861454ff3f23aabbab1baa36a369b3b4eb093b24881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/07_advanced/local_to_rest_migration.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47953, "scanner": "repobility-ast-engine", "fingerprint": "cd30aa52ee1e6b6c9a172b4d7fcd3a3731ff8690e8aa0ec11b8e0fbf79ba2c01", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd30aa52ee1e6b6c9a172b4d7fcd3a3731ff8690e8aa0ec11b8e0fbf79ba2c01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/08_rest_api/use_env_config.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47952, "scanner": "repobility-ast-engine", "fingerprint": "ea6c23c57adb5dc6a9414747677e9bc842e5977dc256fd1c470f59219bf3e175", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ea6c23c57adb5dc6a9414747677e9bc842e5977dc256fd1c470f59219bf3e175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/02_features/forward_ports.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47950, "scanner": "repobility-ast-engine", "fingerprint": "f6b947d6d891c30034e2e2313dfc6076781cd8526bc2533eef89bab67e5f1dc9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f6b947d6d891c30034e2e2313dfc6076781cd8526bc2533eef89bab67e5f1dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47949, "scanner": "repobility-ast-engine", "fingerprint": "9b64a9f1cd4752733d193684d5107f52f0edae507850a3385152d13548bd9f0f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b64a9f1cd4752733d193684d5107f52f0edae507850a3385152d13548bd9f0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47948, "scanner": "repobility-ast-engine", "fingerprint": "ef7de485d79caa3efcac00f45973fd726a14efcd9b39ef2e7db77bf071a95800", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef7de485d79caa3efcac00f45973fd726a14efcd9b39ef2e7db77bf071a95800"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47947, "scanner": "repobility-ast-engine", "fingerprint": "9732d5431b903891432bb16d3a8096a57a27a3c657de5c63550ccdc91bd0243f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9732d5431b903891432bb16d3a8096a57a27a3c657de5c63550ccdc91bd0243f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/guest/boxlite_runtime.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47946, "scanner": "repobility-ast-engine", "fingerprint": "b09793fae4b21697ff0ee02293968884f014477e7b2b6c0108f4dd30d970929b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b09793fae4b21697ff0ee02293968884f014477e7b2b6c0108f4dd30d970929b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/guest/boxlite_runtime.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47945, "scanner": "repobility-ast-engine", "fingerprint": "83f0c104df35b6173106cd718c10af4a0ad5f8c5dc7b26c36cc51ba3c0d2267e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83f0c104df35b6173106cd718c10af4a0ad5f8c5dc7b26c36cc51ba3c0d2267e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/box_runtime.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 47944, "scanner": "repobility-ast-engine", "fingerprint": "691246efe43488388a87bda5a7cbe304dfca0147de8138762956d40788ae8067", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|691246efe43488388a87bda5a7cbe304dfca0147de8138762956d40788ae8067"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_symlink_escape.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 47893, "scanner": "repobility-agent-runtime", "fingerprint": "27d251a9bbf0336bff13f6ef26b415ac2188e3f3a0aa959aad12f3aaa9078743", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|27d251a9bbf0336bff13f6ef26b415ac2188e3f3a0aa959aad12f3aaa9078743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/terminal/static/index.html"}, "region": {"startLine": 548}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 47867, "scanner": "repobility-threat-engine", "fingerprint": "f41af85bb543721ee4c0e7b574355f6a902f30bfa87a4605d4df90cbacad6c70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass # Ignore", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f41af85bb543721ee4c0e7b574355f6a902f30bfa87a4605d4df90cbacad6c70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/interactivebox.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "SEC119", "level": "warning", "message": {"text": "[SEC119] World-writable / world-readable file permissions: World-writable files let any local user (or container neighbor) tamper with data; world-readable files leak secrets."}, "properties": {"repobilityId": 47865, "scanner": "repobility-threat-engine", "fingerprint": "c09b1d67c10af40703495273fea2b072114c09f568074582eba6c753203986f6", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.Chmod(destDir, 0o755)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC119", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|sdks/go/cmd/setup/main.go|167|sec119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/cmd/setup/main.go"}, "region": {"startLine": 167}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 47844, "scanner": "repobility-threat-engine", "fingerprint": "d09d0d8fd013b8dd0e87c4b85b8d8c19f449c7ace2f716d8d118d6767dd88120", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d09d0d8fd013b8dd0e87c4b85b8d8c19f449c7ace2f716d8d118d6767dd88120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/guest/boxlite_runtime.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 47843, "scanner": "repobility-threat-engine", "fingerprint": "de22f616a07222caac1bacfcf71c220f01b9f51762b1072ef9b626cb4203f58c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de22f616a07222caac1bacfcf71c220f01b9f51762b1072ef9b626cb4203f58c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/box_runtime.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 47825, "scanner": "repobility-threat-engine", "fingerprint": "b6e677b4a8d7a3da0abcff5760766a93f7b9829e2c8d012945d6ccaaa7850b45", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(`https://docs.boxlite.ai${path}`, '_blank')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|99|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/hooks/useDocsSearchCommands.tsx"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 47824, "scanner": "repobility-threat-engine", "fingerprint": "0e9379f3a4e01a42e8b1c91a709aa0c0b64e7fe0bc41766e4d7182880c2ec9b6", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(response.data.url, '_blank', 'noopener,noreferrer')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|174|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/sandboxes/SandboxDetails.tsx"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 47823, "scanner": "repobility-threat-engine", "fingerprint": "a1afce89eb168a34c5f834d9c7adf868e5bae3be1527cd075513050ef08f656d", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(url, '_blank')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|80|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/SandboxTable/columns.tsx"}, "region": {"startLine": 80}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 47819, "scanner": "repobility-threat-engine", "fingerprint": "87160dabb8d7a1fb523a2483401d9d02b83fcbe888705d40b547834665c786c9", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "evidence": {"match": "password=\"'", "reason": "Low entropy value (3.1 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|17|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/python.ts"}, "region": {"startLine": 172}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `run` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=3, continue=2, except=2, if=3, nested_bonus=5, while=1."}, "properties": {"repobilityId": 47811, "scanner": "repobility-threat-engine", "fingerprint": "85c02324bafe127fe2040db8c8e245a9656993c0394fc3dd93c9af2bb4b68caf", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run", "breakdown": {"if": 3, "break": 3, "while": 1, "except": 2, "continue": 2, "nested_bonus": 5}, "complexity": 16, "correlation_key": "fp|85c02324bafe127fe2040db8c8e245a9656993c0394fc3dd93c9af2bb4b68caf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `execute_code` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, except=2, for=2, if=7, nested_bonus=9."}, "properties": {"repobilityId": 47810, "scanner": "repobility-threat-engine", "fingerprint": "fd4f3d7f26e41067753e65245daa1168f4ef3ff4cac0e15046d7dca1e825dcc6", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 22 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "execute_code", "breakdown": {"if": 7, "for": 2, "else": 2, "except": 2, "nested_bonus": 9}, "complexity": 22, "correlation_key": "fp|fd4f3d7f26e41067753e65245daa1168f4ef3ff4cac0e15046d7dca1e825dcc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 47793, "scanner": "repobility-threat-engine", "fingerprint": "a04dd16e4835ff1b841fb0e135e637cc0f86de40920bf802fcb1da16d40c17f9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{\n\t\tAddr: fmt.Sprintf(\":%d\", config.ProxyPort),\n\t\tHandler: router,\n\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a04dd16e4835ff1b841fb0e135e637cc0f86de40920bf802fcb1da16d40c17f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/proxy/pkg/proxy/proxy.go"}, "region": {"startLine": 239}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 47792, "scanner": "repobility-threat-engine", "fingerprint": "0b68e1d9b7a536460b31e97106cd5c0d45e368ab6c2696bc64c1c56e3d0caf6b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServe(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b68e1d9b7a536460b31e97106cd5c0d45e368ab6c2696bc64c1c56e3d0caf6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/terminal/server.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 47791, "scanner": "repobility-threat-engine", "fingerprint": "bd90000309429dfc6f0347b2440c4d699adf20ef185e021306c2e26090db58eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{Addr: fmt.Sprintf(\":%s\", config.GetAuth0CallbackPort())}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bd90000309429dfc6f0347b2440c4d699adf20ef185e021306c2e26090db58eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/auth/auth.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 47771, "scanner": "repobility-threat-engine", "fingerprint": "343f845f0a7e203bbb5881d4a89dc691b23c0d774e5c2ccde33eed455a48858b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|343f845f0a7e203bbb5881d4a89dc691b23c0d774e5c2ccde33eed455a48858b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/node/browserbox_puppeteer.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 47770, "scanner": "repobility-threat-engine", "fingerprint": "40c695e5ae156eaddd75a0f0c23004459f0d3d426e117d44342445b4b2488602", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|40c695e5ae156eaddd75a0f0c23004459f0d3d426e117d44342445b4b2488602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/ui/stories/field.stories.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 47769, "scanner": "repobility-threat-engine", "fingerprint": "aedc237c1ca5e1bfd9d1559eab5b7ac400870ae80f174977b9116196885b11c5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url: 'https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aedc237c1ca5e1bfd9d1559eab5b7ac400870ae80f174977b9116196885b11c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/config/dto/configuration.dto.ts"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 47763, "scanner": "repobility-threat-engine", "fingerprint": "8e32ad8dccaf773a0c9cae4a32cf466e066e99f2f4c6951bf496230b6f1a4c9b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|114|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/Playground/Sandbox/CodeSnippets/python.ts"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 47762, "scanner": "repobility-threat-engine", "fingerprint": "0b41c36ca92e68b4b4ef69a9eaa7819306d893ee7f4aaeca17e4facc8384ff1b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|127|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/daemon/pkg/toolbox/process/interpreter/repl_worker.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 47761, "scanner": "repobility-threat-engine", "fingerprint": "7e73806f84d26776705fb2494bcb4606ca5796bbcf4d05b9e1750a35d0a2fda5", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|154|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/common/utils/docker-image.util.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC002", "level": "warning", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 47748, "scanner": "repobility-threat-engine", "fingerprint": "cd6ab9fd1441f72773d021e426ab3a04ad77f824c81adf2de5ed1e45ddf565d0", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.7 bits) \u2014 may be placeholder or common string", "evidence": {"match": "API_KEY = \"\"", "reason": "Low entropy value (3.7 bits) \u2014 may be placeholder or common string", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openapi/reference-server/config.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC002", "level": "warning", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 47746, "scanner": "repobility-threat-engine", "fingerprint": "91127330969ea01938a8274a481efd09415b1285d880210f375cead99c046f3c", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.5 bits) \u2014 may be placeholder or common string", "evidence": {"match": "API_KEY = ''", "reason": "Low entropy value (3.5 bits) \u2014 may be placeholder or common string", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|4|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/audit/enums/audit-action.enum.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6953, "scanner": "repobility-docker", "fingerprint": "cb34fd61b791fbb4d635817c3e10c145f5b37127fa3ba11504c1dafc4fa8a4a9", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|cb34fd61b791fbb4d635817c3e10c145f5b37127fa3ba11504c1dafc4fa8a4a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/ssh-gateway/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6952, "scanner": "repobility-docker", "fingerprint": "e3fab4b9ca1f314f507ecb1c203a456e53fdc598d5f7a060985a5218802bc6b1", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e3fab4b9ca1f314f507ecb1c203a456e53fdc598d5f7a060985a5218802bc6b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/snapshot-manager/Dockerfile"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6951, "scanner": "repobility-docker", "fingerprint": "a785ba3101867beb5dcba7187014784c3ed82f6bcb75dceb7b8f5abc74f355a7", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.22", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a785ba3101867beb5dcba7187014784c3ed82f6bcb75dceb7b8f5abc74f355a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/runner/Dockerfile"}, "region": {"startLine": 63}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6950, "scanner": "repobility-docker", "fingerprint": "8338b810819d7e1a6349b9a24a965d900e4333e862492612d8537e8eb5aea350", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8338b810819d7e1a6349b9a24a965d900e4333e862492612d8537e8eb5aea350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/proxy/Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6949, "scanner": "repobility-docker", "fingerprint": "71d80b1b9c3f49efe37a471bdddb634e15dbe2f36818fd9f62c3d43655309023", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.18", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|71d80b1b9c3f49efe37a471bdddb634e15dbe2f36818fd9f62c3d43655309023"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/Dockerfile"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 6947, "scanner": "repobility-docker", "fingerprint": "730f465b7c75d63ccc04f3df6d94a1a1b002d605de3ae16886807c96391115d5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:24-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|730f465b7c75d63ccc04f3df6d94a1a1b002d605de3ae16886807c96391115d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 6942, "scanner": "repobility-threat-engine", "fingerprint": "1615ebf6c9348f02f4ba76471a4c3efe05363e97f1e7d3a9cf2d59307480ab5a", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|118|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/orchestration/box_runtime.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6940, "scanner": "repobility-threat-engine", "fingerprint": "056dd4c30e87c31c8e2645fee7ef94abde6c0f83ed8e6ac240eeb20f9a4ff45b", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|056dd4c30e87c31c8e2645fee7ef94abde6c0f83ed8e6ac240eeb20f9a4ff45b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/sync_api/_boxlite.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6939, "scanner": "repobility-threat-engine", "fingerprint": "4375adc28c5c48534fd923cc954b7e4416c4e3e7a2f543797ec04233c3a3d97e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4375adc28c5c48534fd923cc954b7e4416c4e3e7a2f543797ec04233c3a3d97e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/interactivebox.py"}, "region": {"startLine": 291}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 6938, "scanner": "repobility-threat-engine", "fingerprint": "cecc534a09c891b88bd71cfa68930a60ee5d6b0ea260447aaf4db1d7befcd0da", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cecc534a09c891b88bd71cfa68930a60ee5d6b0ea260447aaf4db1d7befcd0da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 228}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 6937, "scanner": "repobility-threat-engine", "fingerprint": "5033f08fe844f2acb328bf30c332d063df6bfcabc8b57bed29ebaa5cdf94c8d2", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|sdks/python/src/options.rs|103|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/src/options.rs"}, "region": {"startLine": 103}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 6932, "scanner": "repobility-agent-runtime", "fingerprint": "b18fe9a74ce8e5611fd0e96a3e9e85cc4946d523282a8948fdac3647b928f7cb", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b18fe9a74ce8e5611fd0e96a3e9e85cc4946d523282a8948fdac3647b928f7cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 196}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6919, "scanner": "repobility-ai-code-hygiene", "fingerprint": "702c196811f8710e6dd88b1fb138254aa5ccdcd0b3b7cf5fc5dc60e3b3fcf0c3", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v8", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|702c196811f8710e6dd88b1fb138254aa5ccdcd0b3b7cf5fc5dc60e3b3fcf0c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v7_to_v8.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce0fdc52fa95512928b2284c987282d54f0194caa16722c4e0398372a52af4b0", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v7", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ce0fdc52fa95512928b2284c987282d54f0194caa16722c4e0398372a52af4b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v6_to_v7.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e5bb4e0c33a967f7cad27a2f9462424d063ccd9681611d75618ecb160e8e09a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v6", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1e5bb4e0c33a967f7cad27a2f9462424d063ccd9681611d75618ecb160e8e09a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v5_to_v6.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7300ea382625f2d1e590990eaae13cecc6838b4898433b71786f0f34a70f087", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v5", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|e7300ea382625f2d1e590990eaae13cecc6838b4898433b71786f0f34a70f087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v4_to_v5.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "417a944f88a4a04247df96862a70a90f89203fc5fe1e868b918d09702c38ba41", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v4", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|417a944f88a4a04247df96862a70a90f89203fc5fe1e868b918d09702c38ba41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v3_to_v4.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 6914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d49328f40aef6ef5ba941e6b65237c7e466ee01917f9a2bbdf5b23c28ebff0c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v3", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|8d49328f40aef6ef5ba941e6b65237c7e466ee01917f9a2bbdf5b23c28ebff0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v2_to_v3.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10a0429d76726e8bb47a236a82d4dac60bc35f6f8eab5833a4aecb59b1c677bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_region.go", "duplicate_line": 153, "correlation_key": "fp|10a0429d76726e8bb47a236a82d4dac60bc35f6f8eab5833a4aecb59b1c677bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_volume.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30c7409340f5619cf208f0ffd6245ecea7d5abfe80dc1205c092d683e7ed1ea8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_region.go", "duplicate_line": 154, "correlation_key": "fp|30c7409340f5619cf208f0ffd6245ecea7d5abfe80dc1205c092d683e7ed1ea8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_user.go"}, "region": {"startLine": 208}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94998b5d5227115d82b357a47cb306715ad53f76c4b9293b829ea50d230c69d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_region.go", "duplicate_line": 153, "correlation_key": "fp|94998b5d5227115d82b357a47cb306715ad53f76c4b9293b829ea50d230c69d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_snapshot.go"}, "region": {"startLine": 291}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b729a5b1fb11da405b6847fd3a8bd1e80680a8337a53c63d7dcb68ea92d013c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_sandbox.go", "duplicate_line": 497, "correlation_key": "fp|4b729a5b1fb11da405b6847fd3a8bd1e80680a8337a53c63d7dcb68ea92d013c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_snapshot.go"}, "region": {"startLine": 266}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "862adca97263aca6f89b7e351b9182a0467edd97e8aedf052b750d5b5488c24e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_region.go", "duplicate_line": 154, "correlation_key": "fp|862adca97263aca6f89b7e351b9182a0467edd97e8aedf052b750d5b5488c24e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_runner.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e15ef6fcde91d934fc6ad69ae98b0e6fb3da4c0f7dbd9f5a10c5530193d0019", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_create_api_key.go", "duplicate_line": 111, "correlation_key": "fp|5e15ef6fcde91d934fc6ad69ae98b0e6fb3da4c0f7dbd9f5a10c5530193d0019"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_organization_role.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29bac2db1843159efd664c42123a8da7c67d493367bfd5b61a21203febe4944f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_api_key_list.go", "duplicate_line": 179, "correlation_key": "fp|29bac2db1843159efd664c42123a8da7c67d493367bfd5b61a21203febe4944f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_create_linked_account.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "53afdee502a83c4294afdeb3e19f89c4dbdf156b1f1336bb184777d1f9b056d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_computer_use_start_response.go", "duplicate_line": 76, "correlation_key": "fp|53afdee502a83c4294afdeb3e19f89c4dbdf156b1f1336bb184777d1f9b056d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_computer_use_stop_response.go"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "428d3eb6a72cf50c7c368ccaf6878d2e09e193acfcc18f20c1fc080a2defa927", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/model_computer_use_start_response.go", "duplicate_line": 78, "correlation_key": "fp|428d3eb6a72cf50c7c368ccaf6878d2e09e193acfcc18f20c1fc080a2defa927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/model_computer_use_status_response.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de350d683362a7b5fd3fd7c390592a191f7a4afc165b929d7ffb6fd8d23c8603", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 333, "correlation_key": "fp|de350d683362a7b5fd3fd7c390592a191f7a4afc165b929d7ffb6fd8d23c8603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_webhooks.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4c191c86449acd9e117d92378073dc43afa2a7fbf1eecc1a02654acd5de703a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|e4c191c86449acd9e117d92378073dc43afa2a7fbf1eecc1a02654acd5de703a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_webhooks.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06949d711f9c650026051961ebcfbedfc825143ae00b0ee1234a2681b32eca2d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_docker_registry.go", "duplicate_line": 347, "correlation_key": "fp|06949d711f9c650026051961ebcfbedfc825143ae00b0ee1234a2681b32eca2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_volumes.go"}, "region": {"startLine": 420}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "64669cbf1ce890045326e63102517c04ddf9473f05dbf3bee525af620f55f06d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 94, "correlation_key": "fp|64669cbf1ce890045326e63102517c04ddf9473f05dbf3bee525af620f55f06d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_volumes.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7a8e5f1693e8b1169b3bfddae06de0b3b5a8ce9259e651019c0925d910fa5529", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|7a8e5f1693e8b1169b3bfddae06de0b3b5a8ce9259e651019c0925d910fa5529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_volumes.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ddf7c93c206242e8a4fff23317cf9c9264653d241d1603eedb00fddd9b1486a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|1ddf7c93c206242e8a4fff23317cf9c9264653d241d1603eedb00fddd9b1486a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_users.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31281c2b1d0a57e1d2bb0aad4c8ff77379b3f6b4573b9ab8b8862bcb22c9375e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|31281c2b1d0a57e1d2bb0aad4c8ff77379b3f6b4573b9ab8b8862bcb22c9375e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_regions.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "172dcd0e9a4232ced1212599ecb09f981e92038a9106d489edcbe13fd131884c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_config.go", "duplicate_line": 1, "correlation_key": "fp|172dcd0e9a4232ced1212599ecb09f981e92038a9106d489edcbe13fd131884c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_regions.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 47875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f61315e08f00c73e86fb5fb470b9e14a039b182f3c63335c212bab20e9c5f6bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|f61315e08f00c73e86fb5fb470b9e14a039b182f3c63335c212bab20e9c5f6bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_preview.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=1, if=1, nested_bonus=3, ternary=3."}, "properties": {"repobilityId": 47812, "scanner": "repobility-threat-engine", "fingerprint": "25232ffa5ddf1c393447eb7a49da52f6ec7764386dd737189dff1485fb84ca6a", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "for": 1, "ternary": 3, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|25232ffa5ddf1c393447eb7a49da52f6ec7764386dd737189dff1485fb84ca6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/01_getting_started/list_boxes.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 47789, "scanner": "repobility-threat-engine", "fingerprint": "24a52572b64e15114781296b1b02ea32a3cbf0878f8f86230c5eff809b1f0dfa", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = browser.OpenURL(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24a52572b64e15114781296b1b02ea32a3cbf0878f8f86230c5eff809b1f0dfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/cmd/auth/login.go"}, "region": {"startLine": 178}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 47788, "scanner": "repobility-threat-engine", "fingerprint": "4b19744e102f03f2257d21fe7768a943399cb3c9adcc3a7c3125b9bb5db81d0d", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = w.Write(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4b19744e102f03f2257d21fe7768a943399cb3c9adcc3a7c3125b9bb5db81d0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/auth/auth.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 47787, "scanner": "repobility-threat-engine", "fingerprint": "e42fafbf281876a713db35e83526a020e3f6fd9ec8550ecf98bfc54c634ce92e", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = fmt.Sscanf(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e42fafbf281876a713db35e83526a020e3f6fd9ec8550ecf98bfc54c634ce92e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/apiclient/api_client.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 47786, "scanner": "repobility-threat-engine", "fingerprint": "e611dc42afddeed9acaeb9b090106c2e99cbf78a3944ca32c6d5d8344d32bbc9", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'boxlite-' + hash + ':boxlite'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e611dc42afddeed9acaeb9b090106c2e99cbf78a3944ca32c6d5d8344d32bbc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox/entities/build-info.entity.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 6948, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 6935, "scanner": "repobility-threat-engine", "fingerprint": "d240ab4d265d6e2e3644e0fc05a83adab4b2624ff29075dcb031ea9bd7082d61", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = os.Chmod(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d240ab4d265d6e2e3644e0fc05a83adab4b2624ff29075dcb031ea9bd7082d61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/cmd/setup/main.go"}, "region": {"startLine": 170}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 6934, "scanner": "repobility-threat-engine", "fingerprint": "0ce6c486ebc32016d2730e2a819f22a1c84ca1d41e5e76fbce338d2ba5e3c77a", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = stdout.Write(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ce6c486ebc32016d2730e2a819f22a1c84ca1d41e5e76fbce338d2ba5e3c77a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/exec.go"}, "region": {"startLine": 118}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 6933, "scanner": "repobility-threat-engine", "fingerprint": "4fa163ca1756c3888adc7c0787b3e335853241b71dc72f6476e5766f4d41f1b8", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = C.boxlite_runtime_drain(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4fa163ca1756c3888adc7c0787b3e335853241b71dc72f6476e5766f4d41f1b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/go/runtime.go"}, "region": {"startLine": 296}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6931, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23c6b8cfcdf7615536989e55f3e8e08c229193b962ee720e188259250543cd1f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 333, "correlation_key": "fp|23c6b8cfcdf7615536989e55f3e8e08c229193b962ee720e188259250543cd1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6930, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa1fdb7a512e283f682327519923409f7ced109f431b0ead40b204bc514798d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|aa1fdb7a512e283f682327519923409f7ced109f431b0ead40b204bc514798d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6929, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20494c54164322065052e2382deb757459cd23c5b516bd3476119d561492e75e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_config.go", "duplicate_line": 1, "correlation_key": "fp|20494c54164322065052e2382deb757459cd23c5b516bd3476119d561492e75e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_object_storage.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6928, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a7a962afca0397ecd2e976c6f64d0301d79c767e132555472d1ec5c7129f535", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_audit.go", "duplicate_line": 82, "correlation_key": "fp|1a7a962afca0397ecd2e976c6f64d0301d79c767e132555472d1ec5c7129f535"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_jobs.go"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6927, "scanner": "repobility-ai-code-hygiene", "fingerprint": "356620283da5018c74a507328f02dbf30bebf200721e4b3d43531830ce0c44a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|356620283da5018c74a507328f02dbf30bebf200721e4b3d43531830ce0c44a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_jobs.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6926, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2096d3416e5048321c4c8f3b6c79c85b3f9e2734348d80c58bc0fc6e6e2039a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|2096d3416e5048321c4c8f3b6c79c85b3f9e2734348d80c58bc0fc6e6e2039a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_health.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6925, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2f5513196770e224521e0022d18aac2e2fe69d7bec97cba0e9b053945545404", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_config.go", "duplicate_line": 1, "correlation_key": "fp|b2f5513196770e224521e0022d18aac2e2fe69d7bec97cba0e9b053945545404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_health.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6924, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57c434b6475f1c6e298aa54cd9d2036e1aa565ee620d261ad16d816ffaf75350", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_api_keys.go", "duplicate_line": 94, "correlation_key": "fp|57c434b6475f1c6e298aa54cd9d2036e1aa565ee620d261ad16d816ffaf75350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_docker_registry.go"}, "region": {"startLine": 99}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6923, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5f88bd20a08dbfa83ff4b50dafc4669860aa83b80371f52195857bace5f1a96", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|b5f88bd20a08dbfa83ff4b50dafc4669860aa83b80371f52195857bace5f1a96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_docker_registry.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6922, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdd102c9f1664adfdf50fc8501b69f29b64b41bf49a680c7ec717a009f1571c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 231, "correlation_key": "fp|cdd102c9f1664adfdf50fc8501b69f29b64b41bf49a680c7ec717a009f1571c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_config.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6921, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58fb98a62b2515a451edf45b97f7d1b206cef44a940e5e86a9b3367aa4a8ef8f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|58fb98a62b2515a451edf45b97f7d1b206cef44a940e5e86a9b3367aa4a8ef8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_audit.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6920, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77f98885af5c96f0df250acbb0f92f4defdda230624a4b0b1e9cab5e8280a1c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/api-client-go/api_admin.go", "duplicate_line": 1, "correlation_key": "fp|77f98885af5c96f0df250acbb0f92f4defdda230624a4b0b1e9cab5e8280a1c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_api_keys.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2001520d7db302b51780dedd8e97067f7b992137d8cec18f063a23c3d3c809cc", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2001520d7db302b51780dedd8e97067f7b992137d8cec18f063a23c3d3c809cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/jailer/shim_copy.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7bcfa141ef20dbb9d0a2c07dd8bb36fe3e31e2a68a4d431c391184453eff4b8c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v8", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7bcfa141ef20dbb9d0a2c07dd8bb36fe3e31e2a68a4d431c391184453eff4b8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v7_to_v8.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef654eb0533efd5678718ee1fd7e441c59d64d918cf4a24ca71e2bed7c2f9758", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v7", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ef654eb0533efd5678718ee1fd7e441c59d64d918cf4a24ca71e2bed7c2f9758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v6_to_v7.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04f88fc3eb4ba14cdfcbb64703bcd35f2d9c411cb90b21e7fb8bbf60f5c6a881", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v6", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|04f88fc3eb4ba14cdfcbb64703bcd35f2d9c411cb90b21e7fb8bbf60f5c6a881"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v5_to_v6.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "46084df2e7aa328afd0e219795911b3b0b8ca54f0948207079bef9ebbff44758", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v5", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|46084df2e7aa328afd0e219795911b3b0b8ca54f0948207079bef9ebbff44758"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v4_to_v5.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34bb2d5b8699a644a830c270ca66ecae326e4ea13c32ff66d318db16853a94c5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v4", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|34bb2d5b8699a644a830c270ca66ecae326e4ea13c32ff66d318db16853a94c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v3_to_v4.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 6907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f58b88baf5d7f72d24fe5afef6d68403581ec522fa92aca8c28ee6138e4cf40e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v3", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f58b88baf5d7f72d24fe5afef6d68403581ec522fa92aca8c28ee6138e4cf40e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/migration/v2_to_v3.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 47874, "scanner": "repobility-threat-engine", "fingerprint": "af19b2475066e6807bcf264c4c2d75f56d918b9b9c9df8d91780680c8fb9b275", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|af19b2475066e6807bcf264c4c2d75f56d918b9b9c9df8d91780680c8fb9b275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/deps/libgvproxy-sys/gvproxy-bridge/forked_tcp.go"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 47873, "scanner": "repobility-threat-engine", "fingerprint": "9a22336672f8eb2fb76d4ab7671c851ff41a605bfb058736772199ac2ea0f56e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9a22336672f8eb2fb76d4ab7671c851ff41a605bfb058736772199ac2ea0f56e", "aggregated_count": 3}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 47872, "scanner": "repobility-threat-engine", "fingerprint": "98b2a96dc13b988ad557123dc56dc4468e1baf1060009120415c2d5ab3e9a755", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98b2a96dc13b988ad557123dc56dc4468e1baf1060009120415c2d5ab3e9a755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/deps/bubblewrap-sys/build.rs"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 47871, "scanner": "repobility-threat-engine", "fingerprint": "fb67ded087d6795c1b0c22ede6ef69f5a932cdf5738b0f502ab5736c6be8dbce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb67ded087d6795c1b0c22ede6ef69f5a932cdf5738b0f502ab5736c6be8dbce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cli/src/commands/cp.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 47870, "scanner": "repobility-threat-engine", "fingerprint": "e1e55136aa76b2bca2eebe5fccfa4a407d92ef0fc241fa46028d1f04225d60ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1e55136aa76b2bca2eebe5fccfa4a407d92ef0fc241fa46028d1f04225d60ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/rest/error.rs"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 47866, "scanner": "repobility-threat-engine", "fingerprint": "ec5f289cf052248a056f92bce018209342804f227af6ff738b9843d3855bd0a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec5f289cf052248a056f92bce018209342804f227af6ff738b9843d3855bd0a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/exec.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "properties": {"repobilityId": 47864, "scanner": "repobility-threat-engine", "fingerprint": "87fccb61f88d84499ee3335887a127b0170a8ba1ec449dafe2616bea24545ff1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 34 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|87fccb61f88d84499ee3335887a127b0170a8ba1ec449dafe2616bea24545ff1", "aggregated_count": 34}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 47863, "scanner": "repobility-threat-engine", "fingerprint": "e4b7bd9763c42f30bad10c5ffb4f570d6098c44c6001ba08c1e76c8b310ae680", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e4b7bd9763c42f30bad10c5ffb4f570d6098c44c6001ba08c1e76c8b310ae680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/src/error.rs"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 47862, "scanner": "repobility-threat-engine", "fingerprint": "56be3b49f1e337002dcaa6f9910e63e0c43739a18160fdb77719ecc0520b419a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56be3b49f1e337002dcaa6f9910e63e0c43739a18160fdb77719ecc0520b419a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/src/copy.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 47861, "scanner": "repobility-threat-engine", "fingerprint": "ac5b3e4121c3d2e7c09c7f30ecb16afe266fba7e408667fa27887b7783a44be0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac5b3e4121c3d2e7c09c7f30ecb16afe266fba7e408667fa27887b7783a44be0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/src/box_handle.rs"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 47860, "scanner": "repobility-threat-engine", "fingerprint": "eab5ada6aaeecfcd1890a1110d443c30f0413dd125495506abae7743339f3f24", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eab5ada6aaeecfcd1890a1110d443c30f0413dd125495506abae7743339f3f24", "aggregated_count": 14}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 47859, "scanner": "repobility-threat-engine", "fingerprint": "db7cd9b553e2b4c59ddbc395c35980a21fe3033b1bd5bea8c8245d60c73fcc80", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db7cd9b553e2b4c59ddbc395c35980a21fe3033b1bd5bea8c8245d60c73fcc80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/jailer/builder.rs"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 47858, "scanner": "repobility-threat-engine", "fingerprint": "f1f1dd33b97f28eb4e5d7a81cfcab55896c4d8b3e1a38970fe407af9d9ccb090", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1f1dd33b97f28eb4e5d7a81cfcab55896c4d8b3e1a38970fe407af9d9ccb090"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/event_listener/audit_event_listener.rs"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 47857, "scanner": "repobility-threat-engine", "fingerprint": "b2fc30dd4b35f4afebf2d735aa5303da41f61a88c8ced25f54453f5a882979f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2fc30dd4b35f4afebf2d735aa5303da41f61a88c8ced25f54453f5a882979f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/build.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 47 more): Same pattern found in 47 additional files. Review if needed."}, "properties": {"repobilityId": 47856, "scanner": "repobility-threat-engine", "fingerprint": "41a029ca729b97f86a910150bfab003ee786e7bfd0c1ad02dc98f7c60f6daf82", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 47 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|41a029ca729b97f86a910150bfab003ee786e7bfd0c1ad02dc98f7c60f6daf82", "aggregated_count": 47}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 47851, "scanner": "repobility-threat-engine", "fingerprint": "ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ffe0bb40951d1fe20325d6626515b6b3f5194cef1a3be6e6de11e9645a8d8a72", "aggregated_count": 1}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 47850, "scanner": "repobility-threat-engine", "fingerprint": "b06fe998b83fcd14d02a9962ff75553f4fb4948752b92faf7b38aff485103899", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b06fe998b83fcd14d02a9962ff75553f4fb4948752b92faf7b38aff485103899"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/06_ai_agents/use_skillbox.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 47849, "scanner": "repobility-threat-engine", "fingerprint": "ec668058474690dec1644604182c0cced14ef29bded779e6d99fee2ad20b9e5d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec668058474690dec1644604182c0cced14ef29bded779e6d99fee2ad20b9e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/06_ai_agents/run_openclaw.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 47848, "scanner": "repobility-threat-engine", "fingerprint": "1ae919f9c92202a12de46dab1fdf38d4550f2dbe807c94cf4cdb08a5f10b8158", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ae919f9c92202a12de46dab1fdf38d4550f2dbe807c94cf4cdb08a5f10b8158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/04_interactive/install_claude_interactively.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 47845, "scanner": "repobility-threat-engine", "fingerprint": "f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 47842, "scanner": "repobility-threat-engine", "fingerprint": "1698e3912b6d9dd861cdbd90388c4b765deec1d8e7ad7de6be18e4190ac332f6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1698e3912b6d9dd861cdbd90388c4b765deec1d8e7ad7de6be18e4190ac332f6", "aggregated_count": 9}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 47841, "scanner": "repobility-threat-engine", "fingerprint": "c04a2e3365cf7d1ebe658ff93b667cf3e60c23c95a879eb91f4b9e20fca85b6a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c04a2e3365cf7d1ebe658ff93b667cf3e60c23c95a879eb91f4b9e20fca85b6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/share_across_processes.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 47840, "scanner": "repobility-threat-engine", "fingerprint": "51fdff421f2dece11078b642357ef1eb156c2cf0aa332b70c8597a10c42cb813", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51fdff421f2dece11078b642357ef1eb156c2cf0aa332b70c8597a10c42cb813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 47839, "scanner": "repobility-threat-engine", "fingerprint": "041c241fa16e919585ac10a931a6a577eea4aaf4d9d6235235ef152a67ac09d9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|041c241fa16e919585ac10a931a6a577eea4aaf4d9d6235235ef152a67ac09d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/clone_export_import.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 47838, "scanner": "repobility-threat-engine", "fingerprint": "7fa035b085c0bd9a31a5276c49da091420eed1825fee6f01486426827fccfced", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7fa035b085c0bd9a31a5276c49da091420eed1825fee6f01486426827fccfced", "aggregated_count": 5}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 47834, "scanner": "repobility-threat-engine", "fingerprint": "35dbb2e60d070d1fd102f0806b924d7ce31f49db5013c42491759a24bbca6b7c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35dbb2e60d070d1fd102f0806b924d7ce31f49db5013c42491759a24bbca6b7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/02_features/mount_host_dir.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 47833, "scanner": "repobility-threat-engine", "fingerprint": "4a5b2a5cbd8cd9350495d935b583691c1114690f356d5c1ce8dbeed8fb60e9c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a5b2a5cbd8cd9350495d935b583691c1114690f356d5c1ce8dbeed8fb60e9c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/01_getting_started/run_codebox_sync.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 47832, "scanner": "repobility-threat-engine", "fingerprint": "e1a4d5dda902f7cf3882eb81465b388dcd3686a8d113a075d15da1fdf7e9d02a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1a4d5dda902f7cf3882eb81465b388dcd3686a8d113a075d15da1fdf7e9d02a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/01_getting_started/run_codebox.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 47828, "scanner": "repobility-threat-engine", "fingerprint": "db928e9dc58787b1071c7d7af090166519c8fdd11927d0a8ebe5ac309d6c1204", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db928e9dc58787b1071c7d7af090166519c8fdd11927d0a8ebe5ac309d6c1204"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/hooks/useDocsSearchCommands.tsx"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 47827, "scanner": "repobility-threat-engine", "fingerprint": "e023983b19f14a6dcb2cf7f41feb94560c42fe2fbdd333059e81d7f757a3696d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e023983b19f14a6dcb2cf7f41feb94560c42fe2fbdd333059e81d7f757a3696d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/ui/chart.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 47826, "scanner": "repobility-threat-engine", "fingerprint": "0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0eef884db84dc77198cfae04feff1d5e87337621ea6e75bc6e5e06b9220adcd5"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 47818, "scanner": "repobility-threat-engine", "fingerprint": "7b2e5c504cd185fd9b95eae283ee38e5b0dfa29f675fe4283cf6a69dddabd815", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7b2e5c504cd185fd9b95eae283ee38e5b0dfa29f675fe4283cf6a69dddabd815", "aggregated_count": 14}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 47817, "scanner": "repobility-threat-engine", "fingerprint": "cd3eb71f8aaa42cc58a210cc2fe71042db7d9b10df90db2f9db4dc7320772ee1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd3eb71f8aaa42cc58a210cc2fe71042db7d9b10df90db2f9db4dc7320772ee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/SandboxTable/filters/LabelFilter.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 47816, "scanner": "repobility-threat-engine", "fingerprint": "47fef94c4e1c5b4fddd112458f3de36ac8768cea3260e45a03c54e0be00dab2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47fef94c4e1c5b4fddd112458f3de36ac8768cea3260e45a03c54e0be00dab2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/ComparisonTable.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 47815, "scanner": "repobility-threat-engine", "fingerprint": "91e937879559485bab6b1f977471b808dd2b4b6d41cc36f08e19be8a2b8d0e4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|91e937879559485bab6b1f977471b808dd2b4b6d41cc36f08e19be8a2b8d0e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/src/components/CodeBlock.tsx"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 47814, "scanner": "repobility-threat-engine", "fingerprint": "2769b9801bb87ccacbcf8b06fbd29ee8037cc106a00cbb3e689fe7eca45dac92", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|115|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dashboard/public/mockServiceWorker.js"}, "region": {"startLine": 115}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 47813, "scanner": "repobility-threat-engine", "fingerprint": "45af6889f41d225896654b4e8bce4a06163b95f6afa9f4f2920d6273da56e139", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "execute_code", "breakdown": {"if": 7, "for": 2, "else": 2, "except": 2, "nested_bonus": 9}, "aggregated": true, "complexity": 22, "correlation_key": "fp|45af6889f41d225896654b4e8bce4a06163b95f6afa9f4f2920d6273da56e139", "aggregated_count": 25}}}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 47809, "scanner": "repobility-threat-engine", "fingerprint": "f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "aggregated_count": 1}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 47802, "scanner": "repobility-threat-engine", "fingerprint": "e68c4cf8adecaa63ee0ad783e84ebb62c70ecb71e4faf81fc99ef0e893be4941", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e68c4cf8adecaa63ee0ad783e84ebb62c70ecb71e4faf81fc99ef0e893be4941", "aggregated_count": 20}}}, {"ruleId": "SEC093", "level": "none", "message": {"text": "[SEC093] Go: exec.Command with non-literal (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 47798, "scanner": "repobility-threat-engine", "fingerprint": "4806283fca8c3d419a655fb47fb7769c1a8e109394da33bdb090bcd2488c994b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4806283fca8c3d419a655fb47fb7769c1a8e109394da33bdb090bcd2488c994b"}}}, {"ruleId": "SEC091", "level": "none", "message": {"text": "[SEC091] Go: net/http server without timeouts (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 47794, "scanner": "repobility-threat-engine", "fingerprint": "990c09b6a9bec20e665d92e7dd84c27238eeec513d8381879d97da079d34b337", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|990c09b6a9bec20e665d92e7dd84c27238eeec513d8381879d97da079d34b337"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 47790, "scanner": "repobility-threat-engine", "fingerprint": "961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|961c778412e7fbd86f6ba4183e5033c7cb9f706769045bc54758aaab521578b2"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 47785, "scanner": "repobility-threat-engine", "fingerprint": "a3e92ccce35c2dfe082161c58c06f49640398b9643bb846d2df904b841f4055e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a3e92ccce35c2dfe082161c58c06f49640398b9643bb846d2df904b841f4055e", "aggregated_count": 4}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 47784, "scanner": "repobility-threat-engine", "fingerprint": "f724a1e0c7c03f277b16d3d83c72647522c885caa1973b15fdd652f1c72ed702", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f724a1e0c7c03f277b16d3d83c72647522c885caa1973b15fdd652f1c72ed702"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/02_features/copy_files.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 47783, "scanner": "repobility-threat-engine", "fingerprint": "3ca0b82ca5317043b4264e73ae933e3a70234f4dda7bdf376426e8730600886a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ca0b82ca5317043b4264e73ae933e3a70234f4dda7bdf376426e8730600886a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox/dto/create-build-info.dto.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 47782, "scanner": "repobility-threat-engine", "fingerprint": "c996966bcc63ebdf85d6fe551f04b453011d608adfcc9c0d0878cd46fadf7c7b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c996966bcc63ebdf85d6fe551f04b453011d608adfcc9c0d0878cd46fadf7c7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox/dto/build-info.dto.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 47781, "scanner": "repobility-threat-engine", "fingerprint": "c045cf9d21c96aaf56df16c8ec2ed9c63beb43d6fa265653594c1ef215491fe3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c045cf9d21c96aaf56df16c8ec2ed9c63beb43d6fa265653594c1ef215491fe3", "aggregated_count": 15}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 47780, "scanner": "repobility-threat-engine", "fingerprint": "9614ed8ff4d3ab81681c28575a7582b8f7c2a963d8632017ab5edbe8386648ab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9614ed8ff4d3ab81681c28575a7582b8f7c2a963d8632017ab5edbe8386648ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox-telemetry/services/sandbox-telemetry.service.ts"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 47779, "scanner": "repobility-threat-engine", "fingerprint": "de81ae516253540b7e99b858cb1a29594d707d5374b671cda3df31220d28f16c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|de81ae516253540b7e99b858cb1a29594d707d5374b671cda3df31220d28f16c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/region/guards/region-access.guard.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 47778, "scanner": "repobility-threat-engine", "fingerprint": "752deac79b9ba7e9d74a5d4746f5a66359b0640d25568d7ace17820dd4ea83e2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|752deac79b9ba7e9d74a5d4746f5a66359b0640d25568d7ace17820dd4ea83e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/organization/guards/organization-action.guard.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 47777, "scanner": "repobility-threat-engine", "fingerprint": "eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|eae1e8fab9889f0af0f21f1e9feee5af5bdf56bab4b240b20c25ac339c8e81f0", "aggregated_count": 8}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 47776, "scanner": "repobility-threat-engine", "fingerprint": "a3e3c9c32c43c9c3070db128baa0c603556dc73a5aa6d8b088ce29c9f015967d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a3e3c9c32c43c9c3070db128baa0c603556dc73a5aa6d8b088ce29c9f015967d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox/dto/runner-health.dto.ts"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 47775, "scanner": "repobility-threat-engine", "fingerprint": "7de8c906bbe4fff652f49349404a01aea70c8b2ca9345a813a9e889b1ff24a87", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7de8c906bbe4fff652f49349404a01aea70c8b2ca9345a813a9e889b1ff24a87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/region/dto/region.dto.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 47774, "scanner": "repobility-threat-engine", "fingerprint": "e74dd07af673d2e045b630744a7595591ffdfee71e5bcca0a98d28d30cfc1d58", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e74dd07af673d2e045b630744a7595591ffdfee71e5bcca0a98d28d30cfc1d58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/main.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 47773, "scanner": "repobility-threat-engine", "fingerprint": "679775104eb4b2068d51057034e75ebf7195a1644705771d557c97e74dca09c8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|679775104eb4b2068d51057034e75ebf7195a1644705771d557c97e74dca09c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/config/dto/configuration.dto.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC134", "level": "none", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 47772, "scanner": "repobility-threat-engine", "fingerprint": "ee421e2f5fddad0a231bf20d28a5a2a96771650d5074a7f38bbf6c1fc641897f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ee421e2f5fddad0a231bf20d28a5a2a96771650d5074a7f38bbf6c1fc641897f"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 47768, "scanner": "repobility-threat-engine", "fingerprint": "bc4fe1905face6abfbb1df553eea80cfb32ce77eb97423efe2e4a30a5efa5cba", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bc4fe1905face6abfbb1df553eea80cfb32ce77eb97423efe2e4a30a5efa5cba"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 48 more): Same pattern found in 48 additional files. Review if needed."}, "properties": {"repobilityId": 47764, "scanner": "repobility-threat-engine", "fingerprint": "bf502bd97573f22052fd22d3899c6ed73321e69596ea8e242ee954ab5268bcf9", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 48 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 48 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bf502bd97573f22052fd22d3899c6ed73321e69596ea8e242ee954ab5268bcf9"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 47760, "scanner": "repobility-threat-engine", "fingerprint": "0544e6fe05f555556705d7f64dbdc12942be0f7ce56998ffde430121732b8770", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0544e6fe05f555556705d7f64dbdc12942be0f7ce56998ffde430121732b8770", "aggregated_count": 29}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 47759, "scanner": "repobility-threat-engine", "fingerprint": "4c55890a025359cbc0ce81eaa0bbfbb887c293bc264451727f558fb9efd2fe3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4c55890a025359cbc0ce81eaa0bbfbb887c293bc264451727f558fb9efd2fe3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/sandbox/guards/region-sandbox-access.guard.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 47758, "scanner": "repobility-threat-engine", "fingerprint": "b4e5f8e6b0b2e0f3ef73d066e81d6069508533641b8ebabcab7619cf0c035d85", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4e5f8e6b0b2e0f3ef73d066e81d6069508533641b8ebabcab7619cf0c035d85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/generate-openapi.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 47757, "scanner": "repobility-threat-engine", "fingerprint": "d4b06562756f1c323a974b2bf166fc9912239745c8446b35bef02670a799a010", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4b06562756f1c323a974b2bf166fc9912239745c8446b35bef02670a799a010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/common/providers/openfeature-posthog.provider.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 47756, "scanner": "repobility-threat-engine", "fingerprint": "c965527085a68eaf0c1a951eb7b2796024e8b4f0029912456ceef3e5be73aca0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c965527085a68eaf0c1a951eb7b2796024e8b4f0029912456ceef3e5be73aca0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/common/guards/authenticated-rate-limit.guard.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 47755, "scanner": "repobility-threat-engine", "fingerprint": "9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 47751, "scanner": "repobility-threat-engine", "fingerprint": "bb1317609c611da67332255eaf2b48f6672536205075bd2f15bfc8371e3028f9", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bb1317609c611da67332255eaf2b48f6672536205075bd2f15bfc8371e3028f9"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 47750, "scanner": "repobility-threat-engine", "fingerprint": "2f541bcaa143259ba8c5c4a8c5526416119691c250c9937722b8e2b375bcb496", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.log('ApiKeyStrategy constructor called')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|logger.log apikeystrategy constructor called"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/auth/api-key.strategy.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 47745, "scanner": "repobility-threat-engine", "fingerprint": "3808f6a38755825e7766258ff75e3bea14540b118dcfb7ac1f49a9562464335b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3808f6a38755825e7766258ff75e3bea14540b118dcfb7ac1f49a9562464335b", "aggregated_count": 29}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 47744, "scanner": "repobility-threat-engine", "fingerprint": "ebb1c3434de7ff4a3d59c545964e9faef26fa8d8ee5534fea8e5732d97cb7e87", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebb1c3434de7ff4a3d59c545964e9faef26fa8d8ee5534fea8e5732d97cb7e87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/auth/combined-auth.guard.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 47743, "scanner": "repobility-threat-engine", "fingerprint": "cefa31e4b6b458c7fd36689bf5f5f9852ce260b423fd7333434c78897549f4ad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cefa31e4b6b458c7fd36689bf5f5f9852ce260b423fd7333434c78897549f4ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/audit/interceptors/audit.interceptor.ts"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 47742, "scanner": "repobility-threat-engine", "fingerprint": "07d1b4735e2ba925f3eb0a13c9ad5c687c6530637fc3e517c6be1ea3ea5417ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|07d1b4735e2ba925f3eb0a13c9ad5c687c6530637fc3e517c6be1ea3ea5417ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/audit/decorators/audit.decorator.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 47741, "scanner": "repobility-threat-engine", "fingerprint": "c7748d22311ae44fd8c6f61187e0e1667f8af4bf6d31b23e33565e0c81e448db", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7748d22311ae44fd8c6f61187e0e1667f8af4bf6d31b23e33565e0c81e448db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/app.module.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 47740, "scanner": "repobility-threat-engine", "fingerprint": "0a2f447ae192a44b5350f96541432174b6d8c9cc16a3162beb2a14aa44f7a8dc", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0a2f447ae192a44b5350f96541432174b6d8c9cc16a3162beb2a14aa44f7a8dc"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "properties": {"repobilityId": 47736, "scanner": "repobility-threat-engine", "fingerprint": "36b4a564d450f24ca0e28c1e50e658faa209eeac09ead3c2b034e6f03c4913be", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 50 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|36b4a564d450f24ca0e28c1e50e658faa209eeac09ead3c2b034e6f03c4913be", "aggregated_count": 50}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 47735, "scanner": "repobility-threat-engine", "fingerprint": "95ab4129c3bacce90c7d596b375af5d9ed0ac1a196bebd5730c4628a8217ed34", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95ab4129c3bacce90c7d596b375af5d9ed0ac1a196bebd5730c4628a8217ed34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_health.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 47734, "scanner": "repobility-threat-engine", "fingerprint": "c65e644251984c652934abbb269773443d5f61716ec1ca6b28c7449f84549fae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c65e644251984c652934abbb269773443d5f61716ec1ca6b28c7449f84549fae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_config.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 47733, "scanner": "repobility-threat-engine", "fingerprint": "6e2b712965bee241b65ccdda8d2d8fc654f57d96a4e7f6175106a8af5f82b5b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e2b712965bee241b65ccdda8d2d8fc654f57d96a4e7f6175106a8af5f82b5b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api-client-go/api_audit.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 6946, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6945, "scanner": "repobility-threat-engine", "fingerprint": "2602e7299bc4927a405ed1ca9bbd05a3dabecfddcdeeadd7667f6f9183ed1834", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "evidence": {"match": "logger.warn('POSTHOG_API_KEY is not set, metrics will not be recorded')", "reason": "Log line appears to mention secret metadata or a redacted value rather than printing the secret", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|6|logger.warn posthog_api_key is not set metrics will not be recorded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/interceptors/metrics.interceptor.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6944, "scanner": "repobility-threat-engine", "fingerprint": "eb351779e06bd39291dc5363127860ff515c2cedc51be6da1f48da88d9496bca", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.error('Failed to get OIDC Management API token', error?.message || String(error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|36|logger.error failed to get oidc management api token error .message string error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/src/user/user.controller.ts"}, "region": {"startLine": 361}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 6943, "scanner": "repobility-threat-engine", "fingerprint": "2ed29e1db0eb13ab2f36e9a575bf4d9496c23de8d7a71506bf6584e382e88437", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.Debug(\"No endpoint configuration found for sandbox token, dropping data\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|10|logger.debug no endpoint configuration found for sandbox token dropping data"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/exporter/exporter.go"}, "region": {"startLine": 107}}}]}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 6941, "scanner": "repobility-threat-engine", "fingerprint": "4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ffea2800599adb663df46ab31003467b0a25ff84f83dd40a996e94f4d40f164"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 6936, "scanner": "repobility-threat-engine", "fingerprint": "422906d687c51dd527ea90571b59cc39f23789ede1533fde067b80c32b027f0a", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|422906d687c51dd527ea90571b59cc39f23789ede1533fde067b80c32b027f0a"}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `lscr.io/linuxserver/webtop:ubuntu-xfce` not pinned by digest: `FROM lscr.io/linuxserver/webtop:ubuntu-xfce` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 48014, "scanner": "repobility-supply-chain", "fingerprint": "105f8195ac60b431dac0680567e0cec3cea5ae7eb1e338ca0fb498e58f5975bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|105f8195ac60b431dac0680567e0cec3cea5ae7eb1e338ca0fb498e58f5975bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/resources/images/skillbox/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48012, "scanner": "repobility-supply-chain", "fingerprint": "a7e7aa2d6ad87bc63f2508ebec67e1eb83ad6cb26421b2879ea66f21f4d2162d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a7e7aa2d6ad87bc63f2508ebec67e1eb83ad6cb26421b2879ea66f21f4d2162d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-wheels.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48011, "scanner": "repobility-supply-chain", "fingerprint": "ab6ee69b91f824b2a84d6799210a40d8a9dee42d3436c577f1bf14336766742c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab6ee69b91f824b2a84d6799210a40d8a9dee42d3436c577f1bf14336766742c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/warm-caches.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48010, "scanner": "repobility-supply-chain", "fingerprint": "f8ab7d0b25e8e0efce3d3ea3af90b8d636908285b43ae1e42006e476f47c16e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f8ab7d0b25e8e0efce3d3ea3af90b8d636908285b43ae1e42006e476f47c16e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/warm-caches.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48009, "scanner": "repobility-supply-chain", "fingerprint": "33988c0b4764cfcfa646f60561da5cf990820706830a98839ec32391f6ea45eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33988c0b4764cfcfa646f60561da5cf990820706830a98839ec32391f6ea45eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/warm-caches.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48008, "scanner": "repobility-supply-chain", "fingerprint": "2dec21c60a22b05d30e87102c63204d138709b860703c451a630107795510e9f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2dec21c60a22b05d30e87102c63204d138709b860703c451a630107795510e9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/warm-caches.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48007, "scanner": "repobility-supply-chain", "fingerprint": "479cf3e7515cc4da27645a6a41c9ed98a1cbb19ea8283d74bd59a809c7da5d3e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|479cf3e7515cc4da27645a6a41c9ed98a1cbb19ea8283d74bd59a809c7da5d3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48006, "scanner": "repobility-supply-chain", "fingerprint": "e761e590743c1f64e05a929fa1d12a191ca4df536464297661ce8ca29d2948f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e761e590743c1f64e05a929fa1d12a191ca4df536464297661ce8ca29d2948f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48005, "scanner": "repobility-supply-chain", "fingerprint": "8ffc1eda12efabd7e2065bf9debd4ab125e3efd504954cdc770bc0404eb1f383", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8ffc1eda12efabd7e2065bf9debd4ab125e3efd504954cdc770bc0404eb1f383"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-go` pinned to mutable ref `@v5`: `uses: actions/setup-go@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48004, "scanner": "repobility-supply-chain", "fingerprint": "d4c5cdd2dd5545462643deb7630ed4a9a5b80db81abb1292a5cf8cc6329deb10", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4c5cdd2dd5545462643deb7630ed4a9a5b80db81abb1292a5cf8cc6329deb10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48003, "scanner": "repobility-supply-chain", "fingerprint": "78e1e74cbddeb5689d1fbb2cab75f74377fc3780acec3d353fc78e4a60cabcca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|78e1e74cbddeb5689d1fbb2cab75f74377fc3780acec3d353fc78e4a60cabcca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48002, "scanner": "repobility-supply-chain", "fingerprint": "00c7e00694dfd15d64596b15925d35c4321f36f795ac42510761f4745dcd8af5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|00c7e00694dfd15d64596b15925d35c4321f36f795ac42510761f4745dcd8af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48001, "scanner": "repobility-supply-chain", "fingerprint": "b397f035a37370b4229b844e8f473b70d9256a0f72b5b58005a5878e2f876371", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b397f035a37370b4229b844e8f473b70d9256a0f72b5b58005a5878e2f876371"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 48000, "scanner": "repobility-supply-chain", "fingerprint": "60a1440d5abd16cb80fdc5bd3118a1297e93a66922285f775fdbb007b4e056f4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60a1440d5abd16cb80fdc5bd3118a1297e93a66922285f775fdbb007b4e056f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47999, "scanner": "repobility-supply-chain", "fingerprint": "39d53f4e4f63efada6dde1914a4b8ec79992e770a8502533c3eae818de045e7b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39d53f4e4f63efada6dde1914a4b8ec79992e770a8502533c3eae818de045e7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47998, "scanner": "repobility-supply-chain", "fingerprint": "b31f65fe24a9dae93222d492144fd4881cd3f90ac9ec8acf25b4699f7246d9ba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b31f65fe24a9dae93222d492144fd4881cd3f90ac9ec8acf25b4699f7246d9ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses: mozilla-actions/sccache-action@v0.0.9` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47997, "scanner": "repobility-supply-chain", "fingerprint": "c91afb138a9b3dd900883262962860e5ead124122dee9a5fe7557c19c5f6da60", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c91afb138a9b3dd900883262962860e5ead124122dee9a5fe7557c19c5f6da60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `taiki-e/install-action` pinned to mutable ref `@nextest`: `uses: taiki-e/install-action@nextest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47996, "scanner": "repobility-supply-chain", "fingerprint": "4368d480dc000e4a0a23022e74d4064f74d49d8df731eaf374240b0ee676e030", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4368d480dc000e4a0a23022e74d4064f74d49d8df731eaf374240b0ee676e030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47995, "scanner": "repobility-supply-chain", "fingerprint": "982a4a3dd9067c221a9deacd9d0e6be2043deb78c7d1afe4a4c695dcc06182f6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|982a4a3dd9067c221a9deacd9d0e6be2043deb78c7d1afe4a4c695dcc06182f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47994, "scanner": "repobility-supply-chain", "fingerprint": "bd4dd34bb1152a6f26ea47117021bdd0d3ea1a53d88b7235f8bf1b44e7c3a718", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bd4dd34bb1152a6f26ea47117021bdd0d3ea1a53d88b7235f8bf1b44e7c3a718"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `codecov/codecov-action` pinned to mutable ref `@v5`: `uses: codecov/codecov-action@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47993, "scanner": "repobility-supply-chain", "fingerprint": "733f284f82ad67e635a9de604fc0a968e85741e6a3f8d3f309c0693c06bce677", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|733f284f82ad67e635a9de604fc0a968e85741e6a3f8d3f309c0693c06bce677"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `taiki-e/install-action` pinned to mutable ref `@nextest`: `uses: taiki-e/install-action@nextest` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47992, "scanner": "repobility-supply-chain", "fingerprint": "115af6d3784c7d7100c9eed8bf3457d087f3b9ff4be3cb1c2771e2bb83ee81b8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|115af6d3784c7d7100c9eed8bf3457d087f3b9ff4be3cb1c2771e2bb83ee81b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `uses: actions-rust-lang/setup-rust-toolchain@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47991, "scanner": "repobility-supply-chain", "fingerprint": "3067ff75f12d097e9787cfb4298dd102894c36312534076d27b4e9ab9ec9d25a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3067ff75f12d097e9787cfb4298dd102894c36312534076d27b4e9ab9ec9d25a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47990, "scanner": "repobility-supply-chain", "fingerprint": "42a4c31d5101c81908823da3d26007f9fb62966bbd1b199daa2d51ccbb6a47bd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42a4c31d5101c81908823da3d26007f9fb62966bbd1b199daa2d51ccbb6a47bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v3`: `uses: dorny/paths-filter@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47989, "scanner": "repobility-supply-chain", "fingerprint": "e5fd3555b69dc029dfe6bb5ca16a07720079f53af4b9f4e59a9c8d4badc41942", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e5fd3555b69dc029dfe6bb5ca16a07720079f53af4b9f4e59a9c8d4badc41942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 47988, "scanner": "repobility-supply-chain", "fingerprint": "43f00c88b9549ecdf9873f73ff3f007f7d4360ff1b10357db078ea7a20cfc803", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43f00c88b9549ecdf9873f73ff3f007f7d4360ff1b10357db078ea7a20cfc803"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@boxlite-ai/boxlite` pulled from URL/Git: `dependencies.@boxlite-ai/boxlite` = `file:../../sdks/node` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 47987, "scanner": "repobility-supply-chain", "fingerprint": "cf81ee1ecb468396913e8601aa7dbc7d91b12ec4839470d1a50cfaa0f45921c4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf81ee1ecb468396913e8601aa7dbc7d91b12ec4839470d1a50cfaa0f45921c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/node/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.com/boxlite-ai/boxlite/libs/api-client-go => ../../api-client-go` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 47986, "scanner": "repobility-supply-chain", "fingerprint": "67f99ef4ec0099222854dbf5bc5eed65a1066fd01fba6896edb373a5d34b243f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|67f99ef4ec0099222854dbf5bc5eed65a1066fd01fba6896edb373a5d34b243f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/exporter/go.mod"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.com/boxlite-ai/boxlite/libs/api-client-go => ../api-client-go` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 47985, "scanner": "repobility-supply-chain", "fingerprint": "b3016d249a814fe3ef9d82039d2c47d0757319fdb9f6fce74eeefe55bcfd37be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3016d249a814fe3ef9d82039d2c47d0757319fdb9f6fce74eeefe55bcfd37be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/runner/go.mod"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.22` not pinned by digest: `FROM alpine:3.22` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47984, "scanner": "repobility-supply-chain", "fingerprint": "41e841969f4a9a16fbd822b9894f1ecb4968c53b63619584b26267d1e4737156", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41e841969f4a9a16fbd822b9894f1ecb4968c53b63619584b26267d1e4737156"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/runner/Dockerfile"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47983, "scanner": "repobility-supply-chain", "fingerprint": "dfcc6b8628c9ac56f8dc7dc221eaa90e29cadbbad52c406fb375536875291b3d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dfcc6b8628c9ac56f8dc7dc221eaa90e29cadbbad52c406fb375536875291b3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/runner/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `dexidp/dex:v2.42.0` not pinned by digest: `FROM dexidp/dex:v2.42.0` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47982, "scanner": "repobility-supply-chain", "fingerprint": "1bb728cf74c73b79ac6a683660a75a2a7927e1d88cfc315db5d180b3d788db36", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1bb728cf74c73b79ac6a683660a75a2a7927e1d88cfc315db5d180b3d788db36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dex/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.20` not pinned by digest: `FROM alpine:3.20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47981, "scanner": "repobility-supply-chain", "fingerprint": "b29888cf19882a96b7ceae7e43f47150ebe4f1d01a84cad80cc78e583868bb1d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b29888cf19882a96b7ceae7e43f47150ebe4f1d01a84cad80cc78e583868bb1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/dex/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47980, "scanner": "repobility-supply-chain", "fingerprint": "7e2246f8706e6512c44160f09350c98562420d53a99ec6bcd360c94db0a3d2c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e2246f8706e6512c44160f09350c98562420d53a99ec6bcd360c94db0a3d2c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/Dockerfile"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47979, "scanner": "repobility-supply-chain", "fingerprint": "f6f1e1f16feb733686abbc7c4448b1b0291b6dce26fe2699f518533269def211", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6f1e1f16feb733686abbc7c4448b1b0291b6dce26fe2699f518533269def211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/otel-collector/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:24-slim` not pinned by digest: `FROM node:24-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47978, "scanner": "repobility-supply-chain", "fingerprint": "8b7bc8ad0a597bd1cd1d9c52d2f1061f79a2f886c90baa749d61abab4dc72b93", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b7bc8ad0a597bd1cd1d9c52d2f1061f79a2f886c90baa749d61abab4dc72b93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/api/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47977, "scanner": "repobility-supply-chain", "fingerprint": "65521196481f79e6679b363259a5698844fd51504433bb3900aab77c5299100c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65521196481f79e6679b363259a5698844fd51504433bb3900aab77c5299100c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/snapshot-manager/Dockerfile"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47976, "scanner": "repobility-supply-chain", "fingerprint": "2fab7c48d1b44a430c79c69098c93b61f2424c45e4eb3fb021d1eb5ec7762a97", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2fab7c48d1b44a430c79c69098c93b61f2424c45e4eb3fb021d1eb5ec7762a97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/snapshot-manager/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47975, "scanner": "repobility-supply-chain", "fingerprint": "10a005d4130e91f4e987c7c2eee0fc7c44011f94348df47d774d4d3865ea2281", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10a005d4130e91f4e987c7c2eee0fc7c44011f94348df47d774d4d3865ea2281"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/ssh-gateway/Dockerfile"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47974, "scanner": "repobility-supply-chain", "fingerprint": "f6c1aaeed3859821a702f3dfe4c6e2c307efbcbc3b20d8608da40c3887dea252", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6c1aaeed3859821a702f3dfe4c6e2c307efbcbc3b20d8608da40c3887dea252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/ssh-gateway/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.com/boxlite-ai/boxlite/libs/api-client-go => ../api-client-go` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 47973, "scanner": "repobility-supply-chain", "fingerprint": "bc1eade3174c2804d65885f082dc7d731af9bd814e32f1b564f506ff1ee606d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc1eade3174c2804d65885f082dc7d731af9bd814e32f1b564f506ff1ee606d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/cli/go.mod"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47972, "scanner": "repobility-supply-chain", "fingerprint": "7f2bc0b546b50bc759aad96ae5e5e0dd230ac1975ba7c1f7b6ea7132d14db98a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f2bc0b546b50bc759aad96ae5e5e0dd230ac1975ba7c1f7b6ea7132d14db98a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/proxy/Dockerfile"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 47971, "scanner": "repobility-supply-chain", "fingerprint": "0779b99e988b390b6b3d9bbf0572dfb3b82ba1906b3c9be2bd6d9b02e46bf876", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0779b99e988b390b6b3d9bbf0572dfb3b82ba1906b3c9be2bd6d9b02e46bf876"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/proxy/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` \u2014 points to a LOCAL path: `replace github.com/boxlite-ai/boxlite/libs/api-client-go => ../api-client-go` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 47970, "scanner": "repobility-supply-chain", "fingerprint": "af8dcd54e615a31a85c203aa9c158879b0360d04627f04d7326bf5501914617b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af8dcd54e615a31a85c203aa9c158879b0360d04627f04d7326bf5501914617b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/common-go/go.mod"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `urllib.request.urlopen` inside async function `main`: `urllib.request.urlopen` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 47951, "scanner": "repobility-ast-engine", "fingerprint": "0e9b5a27b7f7107f514a3efbf65166ef7ecb50dc93968b907c91f16cf213b5c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e9b5a27b7f7107f514a3efbf65166ef7ecb50dc93968b907c91f16cf213b5c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/02_features/forward_ports.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cannot_remove_running_box: Test function `test_cannot_remove_running_box` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47943, "scanner": "repobility-ast-engine", "fingerprint": "1a2e615d0283f43e8152a77fc502f2b5c0093f90eac77a65647b97f8a7a7d16d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a2e615d0283f43e8152a77fc502f2b5c0093f90eac77a65647b97f8a7a7d16d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_box_management.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_operations_fail_after_shutdown: Test function `test_operations_fail_after_shutdown` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47942, "scanner": "repobility-ast-engine", "fingerprint": "928410a1713700804d5cc73b6328df9dfb7a858b51cbac852f73aee49352605f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|928410a1713700804d5cc73b6328df9dfb7a858b51cbac852f73aee49352605f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_shutdown.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_shutdown_stops_all_boxes: Test function `test_shutdown_stops_all_boxes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47941, "scanner": "repobility-ast-engine", "fingerprint": "db60001e44fa0275778f078aaef5220c2de788f9d50d26c735edff8164460adb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db60001e44fa0275778f078aaef5220c2de788f9d50d26c735edff8164460adb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_shutdown.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_shutdown_sync_idempotent: Test function `test_shutdown_sync_idempotent` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47940, "scanner": "repobility-ast-engine", "fingerprint": "d7df6436edb0309c894d9f051e1ad28cc9279b696609c0ee54cfc3af5f29f0cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7df6436edb0309c894d9f051e1ad28cc9279b696609c0ee54cfc3af5f29f0cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_shutdown.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_shutdown_sync_custom_timeout: Test function `test_shutdown_sync_custom_timeout` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47939, "scanner": "repobility-ast-engine", "fingerprint": "4a576e42f379883159624624d9ce6c11e35df8a4a1819e05442ebd7edf707505", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a576e42f379883159624624d9ce6c11e35df8a4a1819e05442ebd7edf707505"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_shutdown.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_shutdown_sync_default: Test function `test_shutdown_sync_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47938, "scanner": "repobility-ast-engine", "fingerprint": "140adf0aabf564b45c6dde7da41cde741893f7a1666dc0ac458366b098c5ba55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|140adf0aabf564b45c6dde7da41cde741893f7a1666dc0ac458366b098c5ba55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_shutdown.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rest_options_from_env_requires_url: Test function `test_rest_options_from_env_requires_url` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47937, "scanner": "repobility-ast-engine", "fingerprint": "817c819f8d40022d71c9047f4b68ff96553301418004885749c37ddb747b6559", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|817c819f8d40022d71c9047f4b68ff96553301418004885749c37ddb747b6559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_credential.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_cached_image_handle_rejects_after_runtime_shutdown: Test function `test_cached_image_handle_rejects_after_runtime_shutdown` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47936, "scanner": "repobility-ast-engine", "fingerprint": "b5e8f5e9a4ad1e986802b502497117140d19f2abaed97301a4b4738f20c0ae1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5e8f5e9a4ad1e986802b502497117140d19f2abaed97301a4b4738f20c0ae1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_images.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_missing_oauth_raises_error: Test function `test_missing_oauth_raises_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47935, "scanner": "repobility-ast-engine", "fingerprint": "064347cd035e3e25d3d963d3a226e8d68f3e602101ae4962d5d912b0f879358d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|064347cd035e3e25d3d963d3a226e8d68f3e602101ae4962d5d912b0f879358d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_sync_skillbox.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_box_options_rejects_top_level_allow_net: Test function `test_box_options_rejects_top_level_allow_net` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47934, "scanner": "repobility-ast-engine", "fingerprint": "6f022453851f063033aa1ed963a04694b6cdb13fbc62bc638afc424965a881e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f022453851f063033aa1ed963a04694b6cdb13fbc62bc638afc424965a881e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_network_spec.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_box_options_rejects_string_network: Test function `test_box_options_rejects_string_network` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47933, "scanner": "repobility-ast-engine", "fingerprint": "30a4396816561defbb388084ce20f2b2a38fff185ce257448a8c1be44f859141", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30a4396816561defbb388084ce20f2b2a38fff185ce257448a8c1be44f859141"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_network_spec.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resize_tty_multiple_times: Test function `test_resize_tty_multiple_times` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47932, "scanner": "repobility-ast-engine", "fingerprint": "6bf185a18226f6b3e82a726d1d9f4e5a2876e990953d54400881bdf98a9e5d17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bf185a18226f6b3e82a726d1d9f4e5a2876e990953d54400881bdf98a9e5d17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_resize_tty.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resize_tty_after_process_output: Test function `test_resize_tty_after_process_output` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47931, "scanner": "repobility-ast-engine", "fingerprint": "a053d9b4953d9a5c26d70a25c9221a1c6a4e535d0aad13dbf0ad4c5b73e57e67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a053d9b4953d9a5c26d70a25c9221a1c6a4e535d0aad13dbf0ad4c5b73e57e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_resize_tty.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resize_tty_various_dimensions: Test function `test_resize_tty_various_dimensions` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47930, "scanner": "repobility-ast-engine", "fingerprint": "08dc6cc4fb7bd862e040e87b62c0a7c2ce36994e8e3ff2586cfca66b1d7bce9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08dc6cc4fb7bd862e040e87b62c0a7c2ce36994e8e3ff2586cfca66b1d7bce9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_resize_tty.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resize_tty_on_non_tty_execution: Test function `test_resize_tty_on_non_tty_execution` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47929, "scanner": "repobility-ast-engine", "fingerprint": "2f8187773f09f0149f3014b52e921a3f3c33ed98e6a146885b8be85c0211f249", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f8187773f09f0149f3014b52e921a3f3c33ed98e6a146885b8be85c0211f249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_resize_tty.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_resize_tty_on_tty_execution: Test function `test_resize_tty_on_tty_execution` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47928, "scanner": "repobility-ast-engine", "fingerprint": "648abeb799d026826fb84d26d8871f94124a5df45919bc6547008a0d85cbe328", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|648abeb799d026826fb84d26d8871f94124a5df45919bc6547008a0d85cbe328"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_resize_tty.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rest_runtime_images_unsupported: Test function `test_rest_runtime_images_unsupported` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47927, "scanner": "repobility-ast-engine", "fingerprint": "e381ac15b2d679a42012b30f52af6c9a4bedc45aab1673f5782e127f068d9464", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e381ac15b2d679a42012b30f52af6c9a4bedc45aab1673f5782e127f068d9464"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_box_management_mock.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_missing_oauth_raises_error: Test function `test_missing_oauth_raises_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47926, "scanner": "repobility-ast-engine", "fingerprint": "fecf4f5865943236f678452bda91b352f83040328778a2d956aed4280674610d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fecf4f5865943236f678452bda91b352f83040328778a2d956aed4280674610d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_skillbox.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_image_registry_rejects_invalid_config: Test function `test_image_registry_rejects_invalid_config` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47925, "scanner": "repobility-ast-engine", "fingerprint": "b3fe9373218502d0d0b36fc080d63c074124e0b9c25420690e446fc107ee4171", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b3fe9373218502d0d0b36fc080d63c074124e0b9c25420690e446fc107ee4171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_registry_options.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_catch_as_boxlite_error: Test function `test_can_catch_as_boxlite_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47924, "scanner": "repobility-ast-engine", "fingerprint": "c7d6cf105089129c4ed31d7513cba849ca5035a08faf8ee7654a1756a584c05a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7d6cf105089129c4ed31d7513cba849ca5035a08faf8ee7654a1756a584c05a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_raise: Test function `test_can_raise` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47923, "scanner": "repobility-ast-engine", "fingerprint": "c64f6c7ff2242e64f6ada2d26afc8cec9049a0eb4399dd303915bf5b813ebb2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c64f6c7ff2242e64f6ada2d26afc8cec9049a0eb4399dd303915bf5b813ebb2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_catch_as_boxlite_error: Test function `test_can_catch_as_boxlite_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47922, "scanner": "repobility-ast-engine", "fingerprint": "16cebacb6bcd0128e0e5212c9fdfed55ff8e413c6ef361de0babd3c8dec02261", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16cebacb6bcd0128e0e5212c9fdfed55ff8e413c6ef361de0babd3c8dec02261"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_raise: Test function `test_can_raise` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47921, "scanner": "repobility-ast-engine", "fingerprint": "560df9469d2dbb9a2dc25c5c4140df1889b1aada1f290cb5feac525713001932", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|560df9469d2dbb9a2dc25c5c4140df1889b1aada1f290cb5feac525713001932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_catch_as_boxlite_error: Test function `test_can_catch_as_boxlite_error` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47920, "scanner": "repobility-ast-engine", "fingerprint": "3ca05364d26da613b5ef61fb492fba0929ae9b701ba35e6dbcca81c3403c0c19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ca05364d26da613b5ef61fb492fba0929ae9b701ba35e6dbcca81c3403c0c19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_can_raise: Test function `test_can_raise` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 47919, "scanner": "repobility-ast-engine", "fingerprint": "7b56efa44a7084724c15df4698616bbd57db239c80e383cd685b5618e117f94c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b56efa44a7084724c15df4698616bbd57db239c80e383cd685b5618e117f94c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/tests/test_errors.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.playwright_endpoint` used but never assigned in __init__: Method `connect` of class `BrowserBox` reads `self.playwright_endpoint`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47918, "scanner": "repobility-ast-engine", "fingerprint": "30a00294e02904645f01f16c69a5d04a418c5cf1d02718499cf6d1e2dedfd985", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30a00294e02904645f01f16c69a5d04a418c5cf1d02718499cf6d1e2dedfd985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 600}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_puppeteer_browser` used but never assigned in __init__: Method `endpoint` of class `BrowserBox` reads `self._start_puppeteer_browser`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47917, "scanner": "repobility-ast-engine", "fingerprint": "339309248b96f7f761d6e7c14ee4d672c282f935226b7501bfb7715b182614bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|339309248b96f7f761d6e7c14ee4d672c282f935226b7501bfb7715b182614bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 556}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `endpoint` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47916, "scanner": "repobility-ast-engine", "fingerprint": "6f288ede053d908cc90e22bb8d94f3b7cbb0766bd47829bf4b48d8ab5d0ccabd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f288ede053d908cc90e22bb8d94f3b7cbb0766bd47829bf4b48d8ab5d0ccabd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 567}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_playwright_server` used but never assigned in __init__: Method `playwright_endpoint` of class `BrowserBox` reads `self._start_playwright_server`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47915, "scanner": "repobility-ast-engine", "fingerprint": "7d2f42c18d0b21cf1a7600849c423d20a441df63b324674cb7ceb6c096470a5a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d2f42c18d0b21cf1a7600849c423d20a441df63b324674cb7ceb6c096470a5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 517}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47914, "scanner": "repobility-ast-engine", "fingerprint": "1ce6f67ec200f330c6325c9a612309b5f89ba5f7b920053a41104ff3f4b1bc69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ce6f67ec200f330c6325c9a612309b5f89ba5f7b920053a41104ff3f4b1bc69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 481}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47913, "scanner": "repobility-ast-engine", "fingerprint": "aff74928552bef45442eb925c260e723fb4782f1d6e4582e521786fff4017fb2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aff74928552bef45442eb925c260e723fb4782f1d6e4582e521786fff4017fb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47912, "scanner": "repobility-ast-engine", "fingerprint": "5338b1ae01289e42bedb0798c1aaf8706e8d291ad2cce085a9b8a45c54edbd5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5338b1ae01289e42bedb0798c1aaf8706e8d291ad2cce085a9b8a45c54edbd5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 473}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_firefox_bidi` of class `BrowserBox` reads `self._poll_until_ready`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47911, "scanner": "repobility-ast-engine", "fingerprint": "c11bfe01af063196f1e23dde85842411da409ca4113671ef389f95ecf7c343be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c11bfe01af063196f1e23dde85842411da409ca4113671ef389f95ecf7c343be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 389}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47910, "scanner": "repobility-ast-engine", "fingerprint": "4d5e35632bb8b2ecc1fea4fc9f639bd835039e321719b6447c6826128269534c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d5e35632bb8b2ecc1fea4fc9f639bd835039e321719b6447c6826128269534c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47909, "scanner": "repobility-ast-engine", "fingerprint": "d5cbd3f756a40e72d4b9903043e8fe1b7726c4bd0f2c83f499b68b9b30caa798", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5cbd3f756a40e72d4b9903043e8fe1b7726c4bd0f2c83f499b68b9b30caa798"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47908, "scanner": "repobility-ast-engine", "fingerprint": "5bb06f94b95cdaa0616330216a46ab9d7c96aa938b1804d498163f620af6314c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5bb06f94b95cdaa0616330216a46ab9d7c96aa938b1804d498163f620af6314c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_chromium_cdp` of class `BrowserBox` reads `self._poll_until_ready`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47907, "scanner": "repobility-ast-engine", "fingerprint": "4dcd961ac7c157d079edfce7b04a7659a49326d2a88d0d099c09c134f6becb90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4dcd961ac7c157d079edfce7b04a7659a49326d2a88d0d099c09c134f6becb90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_chromium_cdp` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47906, "scanner": "repobility-ast-engine", "fingerprint": "d1f7968e56de9a238dfa39bc0022bd67055cb51e0cec3a60b724ef403d4bc90a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d1f7968e56de9a238dfa39bc0022bd67055cb51e0cec3a60b724ef403d4bc90a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 345}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_chromium_cdp` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47905, "scanner": "repobility-ast-engine", "fingerprint": "b4750644fbd4374e4fac7f89d1100733cd3ba99c4eeea7049a93b02c971c383d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4750644fbd4374e4fac7f89d1100733cd3ba99c4eeea7049a93b02c971c383d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 325}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_firefox_bidi` used but never assigned in __init__: Method `_start_puppeteer_browser` of class `BrowserBox` reads `self._start_firefox_bidi`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47904, "scanner": "repobility-ast-engine", "fingerprint": "8bb00b30da4585208708a4bf3501d7fe55a530991bfb68ced3ee112c442fe91a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bb00b30da4585208708a4bf3501d7fe55a530991bfb68ced3ee112c442fe91a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_chromium_cdp` used but never assigned in __init__: Method `_start_puppeteer_browser` of class `BrowserBox` reads `self._start_chromium_cdp`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47903, "scanner": "repobility-ast-engine", "fingerprint": "4e7d7c7240d0c3fb44d143d4fc4192e59acb7f3270744d11887e81e01e065741", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4e7d7c7240d0c3fb44d143d4fc4192e59acb7f3270744d11887e81e01e065741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 307}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._start_cdp_forwarder` used but never assigned in __init__: Method `_start_puppeteer_browser` of class `BrowserBox` reads `self._start_cdp_forwarder`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47902, "scanner": "repobility-ast-engine", "fingerprint": "8cb742343654f392e5746f708daa195a61ebf73a2b06ae697f6d0814311fcdf9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cb742343654f392e5746f708daa195a61ebf73a2b06ae697f6d0814311fcdf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 313}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_playwright_server` of class `BrowserBox` reads `self._poll_until_ready`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47901, "scanner": "repobility-ast-engine", "fingerprint": "bf234b08787903ae4786ea433cb649ad88ed71a9530a57e5cad7027fecd9e07b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf234b08787903ae4786ea433cb649ad88ed71a9530a57e5cad7027fecd9e07b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_start_playwright_server` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47900, "scanner": "repobility-ast-engine", "fingerprint": "f74f19c5c05adbe495c128b287e7631935abbbab11e43fb68f98a559c5da917b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f74f19c5c05adbe495c128b287e7631935abbbab11e43fb68f98a559c5da917b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_poll_until_ready` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47899, "scanner": "repobility-ast-engine", "fingerprint": "1a2dfc3924d723360a9762d6fc5772bab3af4c840ea6f4879cdee2b5049755d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a2dfc3924d723360a9762d6fc5772bab3af4c840ea6f4879cdee2b5049755d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `_poll_until_ready` of class `BrowserBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47898, "scanner": "repobility-ast-engine", "fingerprint": "ab87f8a39d515987dd32e822a0e459421941b7b3570d26623c8dc0ed8e0b8369", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab87f8a39d515987dd32e822a0e459421941b7b3570d26623c8dc0ed8e0b8369"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/browserbox.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `install_packages` of class `CodeBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47897, "scanner": "repobility-ast-engine", "fingerprint": "fdee57edb9c4811b7287dd7b4275258b0961bb3fbf20ce312d4b7a586b49bd75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdee57edb9c4811b7287dd7b4275258b0961bb3fbf20ce312d4b7a586b49bd75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/codebox.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `install_package` of class `CodeBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47896, "scanner": "repobility-ast-engine", "fingerprint": "aa2654289b59e55bf7e075c032aa9ff41d34725d5524893cf5900e2acdec2c05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa2654289b59e55bf7e075c032aa9ff41d34725d5524893cf5900e2acdec2c05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/codebox.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.run` used but never assigned in __init__: Method `run_script` of class `CodeBox` reads `self.run`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47895, "scanner": "repobility-ast-engine", "fingerprint": "a339435ae6d29bc6679fdbcf10e4e271896a0c0b738bdbe1b2ace6d82c3c7913", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a339435ae6d29bc6679fdbcf10e4e271896a0c0b738bdbe1b2ace6d82c3c7913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/codebox.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.exec` used but never assigned in __init__: Method `run` of class `CodeBox` reads `self.exec`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 47894, "scanner": "repobility-ast-engine", "fingerprint": "c98496b7176afbea35bbbf18d9a9ab248be6fa27a22f128071da792efcd9a004", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c98496b7176afbea35bbbf18d9a9ab248be6fa27a22f128071da792efcd9a004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/python/boxlite/codebox.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED099", "level": "error", "message": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "properties": {"repobilityId": 47869, "scanner": "repobility-threat-engine", "fingerprint": "cd0636768499900270c7905ab9ca2aebd99f124b9521aa19e5533c4005bab604", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd0636768499900270c7905ab9ca2aebd99f124b9521aa19e5533c4005bab604"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/net/ca.rs"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 47868, "scanner": "repobility-threat-engine", "fingerprint": "665ee94ad8e24239cb4709bd8cba36bc69715817ca6310ee6ac056b0246adfc4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|665ee94ad8e24239cb4709bd8cba36bc69715817ca6310ee6ac056b0246adfc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/images/archive/verifier.rs"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 47855, "scanner": "repobility-threat-engine", "fingerprint": "9db25d4c4f6f062f747dbe2657453a58078dd929d150a272e31ac5541abfa969", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9db25d4c4f6f062f747dbe2657453a58078dd929d150a272e31ac5541abfa969"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/boxlite/src/db/images.rs"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 47854, "scanner": "repobility-threat-engine", "fingerprint": "291b03d046490a1ec21a15e22a4346cdf92a5c74eaa9160316e7e2907facae8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|291b03d046490a1ec21a15e22a4346cdf92a5c74eaa9160316e7e2907facae8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/src/error.rs"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 47853, "scanner": "repobility-threat-engine", "fingerprint": "9f7e176bac8c62c8cad46a9c2db3f51e151e797f185ff9cc833132bb413a9b35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f7e176bac8c62c8cad46a9c2db3f51e151e797f185ff9cc833132bb413a9b35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdks/c/build.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 47852, "scanner": "repobility-threat-engine", "fingerprint": "34b69e1425e5f7905de30ddf442d5b60cfc24572ce292891e5da24fe384649ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34b69e1425e5f7905de30ddf442d5b60cfc24572ce292891e5da24fe384649ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/images/create-oci-bundle.sh"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 47847, "scanner": "repobility-threat-engine", "fingerprint": "7c9f9aa600e4e8d1540abf4347c0f57c3e24c2c273145868c6f82e9298461da6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c9f9aa600e4e8d1540abf4347c0f57c3e24c2c273145868c6f82e9298461da6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/common.sh"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 47846, "scanner": "repobility-threat-engine", "fingerprint": "e17c565be533020802489c838211dbc70a77028deab9b94073d6e6fa5c550943", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e17c565be533020802489c838211dbc70a77028deab9b94073d6e6fa5c550943"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/04_interactive/install_claude_interactively.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 47837, "scanner": "repobility-threat-engine", "fingerprint": "2579735cba014e300a86d14b1bdac990227cdcbe82c45a068dd60c6c10ddbd74", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2579735cba014e300a86d14b1bdac990227cdcbe82c45a068dd60c6c10ddbd74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/share_across_processes.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 47836, "scanner": "repobility-threat-engine", "fingerprint": "72f9bf697682426ef8f2906b2436773e4504baf92e620a5947ffc5c7a4539299", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|72f9bf697682426ef8f2906b2436773e4504baf92e620a5947ffc5c7a4539299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/manage_lifecycle.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 47835, "scanner": "repobility-threat-engine", "fingerprint": "cd652ccd5e651cbf882614a1c5a69048fbb4465ae7993261b1433db3f1202beb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd652ccd5e651cbf882614a1c5a69048fbb4465ae7993261b1433db3f1202beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/03_lifecycle/clone_export_import.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 47831, "scanner": "repobility-threat-engine", "fingerprint": "8ca589ae09857ab3b82e91d503c65dcb6d7957b1cbe859564835ce2bec1fee35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ca589ae09857ab3b82e91d503c65dcb6d7957b1cbe859564835ce2bec1fee35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/01_getting_started/run_codebox_sync.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 47830, "scanner": "repobility-threat-engine", "fingerprint": "52c1b9725a11bff70e180a48dec156be5afe7516ba66a726b1e2780bab0d4efe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|52c1b9725a11bff70e180a48dec156be5afe7516ba66a726b1e2780bab0d4efe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/01_getting_started/run_codebox.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 47829, "scanner": "repobility-threat-engine", "fingerprint": "06579e6658b444403bf02a2f65a8282801946c7056c8bd472a541c00b9cf9fa2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|06579e6658b444403bf02a2f65a8282801946c7056c8bd472a541c00b9cf9fa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/node/codebox.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any