{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `all_reduce` has cognitive complexity 16 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `all_reduce` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `types-PyYAML` has no version pin", "shortDescription": {"text": "requirements.txt: `types-PyYAML` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `send_partial_agent_metadata` (list)", "shortDescription": {"text": "Mutable default argument in `send_partial_agent_metadata` (list)"}, "fullDescription": {"text": "`def send_partial_agent_metadata(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Variable-selected base images can be safe, but Repobility cannot verify that the resolved image is pinned."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0055", "name": "tracing-subscriber: RUSTSEC-2025-0055", "shortDescription": {"text": "tracing-subscriber: RUSTSEC-2025-0055"}, "fullDescription": {"text": "Logging user input may result in poisoning logs with ANSI escape sequences"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0007", "name": "bytes: RUSTSEC-2026-0007", "shortDescription": {"text": "bytes: RUSTSEC-2026-0007"}, "fullDescription": {"text": "Integer overflow in `BytesMut::reserve`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . sends the full build context to Docker. Without .dockerignore this can include secrets, git history, and local artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC113", "name": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impe", "shortDescription": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "fullDescription": {"text": "Python: load `~/.ssh/known_hosts` and use `paramiko.RejectPolicy()`. Go: implement a `ssh.HostKeyCallback` that compares against a known fingerprint. Java JSch: load known_hosts via `jsch.setKnownHosts(...)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v3`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "fullDescription": {"text": "`uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `ghcr.io/ai-dynamo/dynamo/helm-tester:0.1.1` unpinned", "shortDescription": {"text": "Workflow container/services image `ghcr.io/ai-dynamo/dynamo/helm-tester:0.1.1` unpinned"}, "fullDescription": {"text": "`container/services image: ghcr.io/ai-dynamo/dynamo/helm-tester:0.1.1` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `gcr.io/google.com/cloudsdktool/cloud-sdk:alpine` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `gcr.io/google.com/cloudsdktool/cloud-sdk:alpine` not pinned by digest"}, "fullDescription": {"text": "`FROM gcr.io/google.com/cloudsdktool/cloud-sdk:alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v4.4.0`", "shortDescription": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v4.4.0`"}, "fullDescription": {"text": "`.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v4.4.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_barrier", "shortDescription": {"text": "Phantom test coverage: test_barrier"}, "fullDescription": {"text": "Test function `test_barrier` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._get_tp_total_size` used but never assigned in __init__", "shortDescription": {"text": "`self._get_tp_total_size` used but never assigned in __init__"}, "fullDescription": {"text": "Method `run` of class `SequentialCTPerftest` reads `self._get_tp_total_size`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED125", "name": "GHA script injection via github.event.pull_request.head.ref in run-step", "shortDescription": {"text": "GHA script injection via github.event.pull_request.head.ref in run-step"}, "fullDescription": {"text": "Multi-line `run: |` block interpolates ${{ github.event.pull_request.head.ref }} into shell. PR title/body/branch/comment fields are attacker-controllable."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1253"}, "properties": {"repository": "ai-dynamo/nixl", "repoUrl": "https://github.com/ai-dynamo/nixl", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126297, "scanner": "repobility-docker", "fingerprint": "271aacc07b5538c7917a57809569cda609a79802582c905b689277377f58b94b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|271aacc07b5538c7917a57809569cda609a79802582c905b689277377f58b94b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.vllm"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126293, "scanner": "repobility-docker", "fingerprint": "82daccdd518e456805561c2e66f910a2bed7976339f33520f4c96f8928f8491e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|82daccdd518e456805561c2e66f910a2bed7976339f33520f4c96f8928f8491e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.sglang"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126290, "scanner": "repobility-docker", "fingerprint": "a2091f26f458e57de32161cfd9bbc41860ba11a306a43492229782cb1476dfea", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}:${BASE_IMAGE_TAG}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a2091f26f458e57de32161cfd9bbc41860ba11a306a43492229782cb1476dfea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126284, "scanner": "repobility-docker", "fingerprint": "4fc4360517a68990dd13bb27a2d63c047451846bc247602ad0769d54e0c6312f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}:${BASE_IMAGE_TAG}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4fc4360517a68990dd13bb27a2d63c047451846bc247602ad0769d54e0c6312f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 126283, "scanner": "repobility-docker", "fingerprint": "f14702cb465b4faa4847dc0c9172a2e57e8ef7c9ea35fb6a16909d4119ee166d", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 258 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 258, "correlation_key": "fp|f14702cb465b4faa4847dc0c9172a2e57e8ef7c9ea35fb6a16909d4119ee166d", "dependency_install_line": 291}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 291}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126272, "scanner": "repobility-docker", "fingerprint": "13dc11a553d103941c15e48a189c0d8a1106752e07cc8f30ea62bee24c2a16eb", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ucx_${UCX}_image", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|13dc11a553d103941c15e48a189c0d8a1106752e07cc8f30ea62bee24c2a16eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 109}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126256, "scanner": "repobility-docker", "fingerprint": "2cacb316aa2794dd9a2ed8dfd46fab344473136141c67372ca5a457987d99f1f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2cacb316aa2794dd9a2ed8dfd46fab344473136141c67372ca5a457987d99f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 64}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 126254, "scanner": "repobility-docker", "fingerprint": "e6eee6950098220205390297ba265ed602227efa9d48f1b17f2394f109f2111e", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e6eee6950098220205390297ba265ed602227efa9d48f1b17f2394f109f2111e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126252, "scanner": "repobility-docker", "fingerprint": "8c3645a465b74ded8340e0059982c7b7a239690bf4cb116914a58fd92f1c7178", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "gcr.io/google.com/cloudsdktool/cloud-sdk:alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8c3645a465b74ded8340e0059982c7b7a239690bf4cb116914a58fd92f1c7178"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.infinia-libs"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 126251, "scanner": "repobility-docker", "fingerprint": "1ae988eb3597191a0b32f7818b7c1c493a9aa1b1aebf57b52096a5a187d75f6d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "${BASE_IMAGE}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1ae988eb3597191a0b32f7818b7c1c493a9aa1b1aebf57b52096a5a187d75f6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.gpu-test"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 126245, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 126217, "scanner": "repobility-threat-engine", "fingerprint": "cd673d635cba8fe70b923c6c0f2856ced5213eb9b73cad408b0910ec8bc7f3c4", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|178|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 126213, "scanner": "repobility-threat-engine", "fingerprint": "6ff937cd9f77d3cda85d22e34ff34cefc13add2e804bbd7fad6bd8d6b125cc59", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_io_size(self, page_size: int = 1) -> int:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6ff937cd9f77d3cda85d22e34ff34cefc13add2e804bbd7fad6bd8d6b125cc59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/models/models.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `all_reduce` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=3, else=2, for=1, if=3, nested_bonus=6, while=1."}, "properties": {"repobilityId": 126211, "scanner": "repobility-threat-engine", "fingerprint": "2963b7605e3a8fb546039a04fa71bc057177c27eb91947b689f0b8b0863cbec3", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "all_reduce", "breakdown": {"if": 3, "for": 1, "elif": 3, "else": 2, "while": 1, "nested_bonus": 6}, "complexity": 16, "correlation_key": "fp|2963b7605e3a8fb546039a04fa71bc057177c27eb91947b689f0b8b0863cbec3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `barrier` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=6, nested_bonus=9, while=3."}, "properties": {"repobilityId": 126210, "scanner": "repobility-threat-engine", "fingerprint": "f4b23b5ad976098ac28959b530ec0a49a8bf1caddbeee56ee741d0d749e81151", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 19 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "barrier", "breakdown": {"if": 6, "else": 1, "while": 3, "nested_bonus": 9}, "complexity": 19, "correlation_key": "fp|f4b23b5ad976098ac28959b530ec0a49a8bf1caddbeee56ee741d0d749e81151"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 126203, "scanner": "repobility-agent-runtime", "fingerprint": "aadf78ee1ab63ab0da8a6d394802a29dd2a5045837a36f6b279697175667538f", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|aadf78ee1ab63ab0da8a6d394802a29dd2a5045837a36f6b279697175667538f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/README.md"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 126202, "scanner": "repobility-agent-runtime", "fingerprint": "5950fc6470a684d6326d68835b5745372806a3620626643b0832dde9a45fbb46", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5950fc6470a684d6326d68835b5745372806a3620626643b0832dde9a45fbb46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.md"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `types-PyYAML` has no version pin"}, "properties": {"repobilityId": 126185, "scanner": "repobility-supply-chain", "fingerprint": "05c25bf4ccaa92e926843436f7b308fefce92ec0b8f8720cff69488eac63e811", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|05c25bf4ccaa92e926843436f7b308fefce92ec0b8f8720cff69488eac63e811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `tomli` has no version pin"}, "properties": {"repobilityId": 126184, "scanner": "repobility-supply-chain", "fingerprint": "84c325af633abd5610f82a4c9a622b6dc88becf99b783517de5c675ead98cccb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84c325af633abd5610f82a4c9a622b6dc88becf99b783517de5c675ead98cccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `toml` has no version pin"}, "properties": {"repobilityId": 126183, "scanner": "repobility-supply-chain", "fingerprint": "97e138b7445d139515d491f316c1d9c10442b49dc696ee1fd2954bffd599c3d2", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97e138b7445d139515d491f316c1d9c10442b49dc696ee1fd2954bffd599c3d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pyyaml` has no version pin"}, "properties": {"repobilityId": 126182, "scanner": "repobility-supply-chain", "fingerprint": "15afbaeb4bb24818a33d32599ffa1e7baeadcf6ddbfa18677461ea3256521661", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15afbaeb4bb24818a33d32599ffa1e7baeadcf6ddbfa18677461ea3256521661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pytest` has no version pin"}, "properties": {"repobilityId": 126181, "scanner": "repobility-supply-chain", "fingerprint": "0a083b7bbf9e6809f7a9115b8bf54d01d0cf5a2bdc972a84d10207180a0fb053", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a083b7bbf9e6809f7a9115b8bf54d01d0cf5a2bdc972a84d10207180a0fb053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pre-commit` has no version pin"}, "properties": {"repobilityId": 126180, "scanner": "repobility-supply-chain", "fingerprint": "c2743ece4c3e1ff81e306ddeb3924643986840a6f2b50290425f5db2bda518e4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c2743ece4c3e1ff81e306ddeb3924643986840a6f2b50290425f5db2bda518e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `mypy` has no version pin"}, "properties": {"repobilityId": 126179, "scanner": "repobility-supply-chain", "fingerprint": "c91a3e032d6a16d13c0600a0c595f7a109d79565e7ff33c206ec6e3546373d48", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c91a3e032d6a16d13c0600a0c595f7a109d79565e7ff33c206ec6e3546373d48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `isort` has no version pin"}, "properties": {"repobilityId": 126178, "scanner": "repobility-supply-chain", "fingerprint": "b7637a3f83e0f9e54c50501caa639defef39b0b3c6dcb7d2b635f3c48f8bfcf3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b7637a3f83e0f9e54c50501caa639defef39b0b3c6dcb7d2b635f3c48f8bfcf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `flake8` has no version pin"}, "properties": {"repobilityId": 126177, "scanner": "repobility-supply-chain", "fingerprint": "8d60d8f8797c813fe703e8f6a474004278cf14811ac1ae670c974b1b0d8d7b2f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d60d8f8797c813fe703e8f6a474004278cf14811ac1ae670c974b1b0d8d7b2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `black` has no version pin"}, "properties": {"repobilityId": 126176, "scanner": "repobility-supply-chain", "fingerprint": "161f234844cc2ecaf349fa42993603257b6a3a32e05b5304f756bc087260a6b5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|161f234844cc2ecaf349fa42993603257b6a3a32e05b5304f756bc087260a6b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "requirements.txt"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `send_partial_agent_metadata` (list)"}, "properties": {"repobilityId": 126169, "scanner": "repobility-ast-engine", "fingerprint": "0a77047b5cb0ee0ff76208d0e70598e3736836aa17d18dd0ae9152c91ae3e189", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0a77047b5cb0ee0ff76208d0e70598e3736836aa17d18dd0ae9152c91ae3e189"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 873}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `get_partial_agent_metadata` (list)"}, "properties": {"repobilityId": 126168, "scanner": "repobility-ast-engine", "fingerprint": "298236f8f092ddf518e7372966d7311d933238fd161c3ed9394d95fe0149506b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|298236f8f092ddf518e7372966d7311d933238fd161c3ed9394d95fe0149506b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 812}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `check_remote_xfer_done` (list)"}, "properties": {"repobilityId": 126167, "scanner": "repobility-ast-engine", "fingerprint": "9c28e26108346b8e431bc3a13d1102a540461221228a7dc14edcb8423b451d5c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9c28e26108346b8e431bc3a13d1102a540461221228a7dc14edcb8423b451d5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 749}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `update_notifs` (list)"}, "properties": {"repobilityId": 126166, "scanner": "repobility-ast-engine", "fingerprint": "f2eea2de8863011e745720dc8a3b9f250a6ed752e80648e95107010ada110838", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2eea2de8863011e745720dc8a3b9f250a6ed752e80648e95107010ada110838"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 730}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `get_new_notifs` (list)"}, "properties": {"repobilityId": 126165, "scanner": "repobility-ast-engine", "fingerprint": "cd49ba095151ccb033f01c1c7a45ddaff5fab98df9c7efc7a6404467e5182158", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd49ba095151ccb033f01c1c7a45ddaff5fab98df9c7efc7a6404467e5182158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 716}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `initialize_xfer` (list)"}, "properties": {"repobilityId": 126164, "scanner": "repobility-ast-engine", "fingerprint": "4eb5191c60613fe4abf82c3620a77cad919fdad4c311099169bbdece85ebc83a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4eb5191c60613fe4abf82c3620a77cad919fdad4c311099169bbdece85ebc83a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 599}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `make_prepped_xfer` (list)"}, "properties": {"repobilityId": 126163, "scanner": "repobility-ast-engine", "fingerprint": "ef65f36fbfa25dcee69a5bdc99f1d7666206285246d9243df579dff53cf04e2d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef65f36fbfa25dcee69a5bdc99f1d7666206285246d9243df579dff53cf04e2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 552}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `prep_xfer_dlist` (list)"}, "properties": {"repobilityId": 126162, "scanner": "repobility-ast-engine", "fingerprint": "1f3fbe9548b2d01c532c7842ff8dc9a9ea46b9f20bd10fa55aa2e9bf1059d0a3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f3fbe9548b2d01c532c7842ff8dc9a9ea46b9f20bd10fa55aa2e9bf1059d0a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 495}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `make_connection` (list)"}, "properties": {"repobilityId": 126161, "scanner": "repobility-ast-engine", "fingerprint": "11f4f3c7392a4622a5bef316cb7e4c46f3897277bca7d8d64b74a0e4f8d01bcc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11f4f3c7392a4622a5bef316cb7e4c46f3897277bca7d8d64b74a0e4f8d01bcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 466}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `deregister_memory` (list)"}, "properties": {"repobilityId": 126160, "scanner": "repobility-ast-engine", "fingerprint": "e26b1266460c7add2aee384c203d3f5295a9da3c30276f5e369c8f4f747ca2ea", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e26b1266460c7add2aee384c203d3f5295a9da3c30276f5e369c8f4f747ca2ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `register_memory` (list)"}, "properties": {"repobilityId": 126159, "scanner": "repobility-ast-engine", "fingerprint": "60a21afe1200c7b52494f89cdb584132d2336f478af48a7f665590d0a9138f26", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60a21afe1200c7b52494f89cdb584132d2336f478af48a7f665590d0a9138f26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 402}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `create_backend` (dict)"}, "properties": {"repobilityId": 126158, "scanner": "repobility-ast-engine", "fingerprint": "43ac136682820a43f22b4db99cdfccb7848ab350141428b85698fcf828532c95", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43ac136682820a43f22b4db99cdfccb7848ab350141428b85698fcf828532c95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `__init__` (list)"}, "properties": {"repobilityId": 126157, "scanner": "repobility-ast-engine", "fingerprint": "b0cc1974f77f3954315f65f3aba0ca125218dd0ac0f47bf783901614d58d1c64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0cc1974f77f3954315f65f3aba0ca125218dd0ac0f47bf783901614d58d1c64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/python/_api.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `execute_transfer` (list)"}, "properties": {"repobilityId": 126156, "scanner": "repobility-ast-engine", "fingerprint": "c3ded1b1d15cbf39089079a2384c03e4a850a9dfe0dba64f6121ba054898fb43", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3ded1b1d15cbf39089079a2384c03e4a850a9dfe0dba64f6121ba054898fb43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python/remote_storage_example/nixl_p2p_storage_example.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 126127, "scanner": "repobility-ast-engine", "fingerprint": "5cd3fe8fb02a07edf16c451a7e7733d5771b80b26587c76f358a31886e1ee605", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cd3fe8fb02a07edf16c451a7e7733d5771b80b26587c76f358a31886e1ee605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/main.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 126126, "scanner": "repobility-ast-engine", "fingerprint": "ec9a503cf3ea8b3e1ff2305c4aaec0b54debe348c78c7ab7964efae52568328a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec9a503cf3ea8b3e1ff2305c4aaec0b54debe348c78c7ab7964efae52568328a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_bindings.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126296, "scanner": "repobility-docker", "fingerprint": "ed00cf6f1af3acfe77af2cd8daa500c137c3b1da5cccc9ef3f17bb3204823c57", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ed00cf6f1af3acfe77af2cd8daa500c137c3b1da5cccc9ef3f17bb3204823c57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.vllm"}, "region": {"startLine": 22}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126288, "scanner": "repobility-docker", "fingerprint": "0a4389b555f8a4b1c106fafd18a396a988ac86cd673faf56cd862ae9bc88e8c9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0a4389b555f8a4b1c106fafd18a396a988ac86cd673faf56cd862ae9bc88e8c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 295}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126287, "scanner": "repobility-docker", "fingerprint": "10bfe7fee1519a6d65f9b8f1586f5d8f1ed2f2ce66a74133e5883d021b17703e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|10bfe7fee1519a6d65f9b8f1586f5d8f1ed2f2ce66a74133e5883d021b17703e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 292}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126286, "scanner": "repobility-docker", "fingerprint": "d51513dea998710820d450d9b405448858099e59fcc9016bbe8ba6e96ed89fab", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d51513dea998710820d450d9b405448858099e59fcc9016bbe8ba6e96ed89fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 290}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126282, "scanner": "repobility-docker", "fingerprint": "1407d79cae15135cc66e3932e71ace792cea6386e958071e631954129137ed53", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|1407d79cae15135cc66e3932e71ace792cea6386e958071e631954129137ed53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 306}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126281, "scanner": "repobility-docker", "fingerprint": "f440aa0a3314236acdadf7dde8af9d31aef49514bfb849aee0d0bc892abbb134", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f440aa0a3314236acdadf7dde8af9d31aef49514bfb849aee0d0bc892abbb134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 263}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126279, "scanner": "repobility-docker", "fingerprint": "da51283d93a13530acb619b73fe2e4e6281ea8ecaa775d722ff942ad09090cf9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|da51283d93a13530acb619b73fe2e4e6281ea8ecaa775d722ff942ad09090cf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 255}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126278, "scanner": "repobility-docker", "fingerprint": "5770a2b89c0358d037d5de8421a9143b84f4563314a262702b44411a97c8cc0c", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5770a2b89c0358d037d5de8421a9143b84f4563314a262702b44411a97c8cc0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 252}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126277, "scanner": "repobility-docker", "fingerprint": "b0d2946c05612f75aeb3949b397b7486081268d7e5216f92f7b86ded6d79cf91", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b0d2946c05612f75aeb3949b397b7486081268d7e5216f92f7b86ded6d79cf91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 250}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126276, "scanner": "repobility-docker", "fingerprint": "5846bc4349b0255480db3ebbef6fa558a61958defc3fa07502d2e09ff68d223c", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5846bc4349b0255480db3ebbef6fa558a61958defc3fa07502d2e09ff68d223c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 74}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 126275, "scanner": "repobility-docker", "fingerprint": "124b668b15e1f7b9f4581091525804792b0552f0d261f82e17479d1a5bd2b1d4", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|124b668b15e1f7b9f4581091525804792b0552f0d261f82e17479d1a5bd2b1d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126274, "scanner": "repobility-docker", "fingerprint": "7139f831c5020f3a95b0c03e45d78315905eb1a94a5dbf97906a1f55635566b3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|7139f831c5020f3a95b0c03e45d78315905eb1a94a5dbf97906a1f55635566b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126271, "scanner": "repobility-docker", "fingerprint": "87e19312c7dc5ef7561a09b3bde186ad331bc93d55a6d083be0afc4ab959e552", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|87e19312c7dc5ef7561a09b3bde186ad331bc93d55a6d083be0afc4ab959e552"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 290}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126270, "scanner": "repobility-docker", "fingerprint": "cbd6426472a806ac64cfb0296ef843d718e77c2a37c4676dcfadbfe6282088ed", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cbd6426472a806ac64cfb0296ef843d718e77c2a37c4676dcfadbfe6282088ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 267}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126267, "scanner": "repobility-docker", "fingerprint": "4199cc0054947ad299e60f0af494693a172592d57fd608c68dc5944f52f258e0", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4199cc0054947ad299e60f0af494693a172592d57fd608c68dc5944f52f258e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 249}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126266, "scanner": "repobility-docker", "fingerprint": "8d1996898d0b4d30dc43e108c39fc23f99c0661c15d5486f956dc227692e9c82", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8d1996898d0b4d30dc43e108c39fc23f99c0661c15d5486f956dc227692e9c82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 245}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 126265, "scanner": "repobility-docker", "fingerprint": "a8b11950bd0f1094d9aa73c4aca7a18ad5dca835fd5604a02a714aa4c60f1d45", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a8b11950bd0f1094d9aa73c4aca7a18ad5dca835fd5604a02a714aa4c60f1d45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 243}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 126264, "scanner": "repobility-docker", "fingerprint": "e22912985a6237a8d178da4f2cd5555bb125ba1c6a5a7cd39c836d81640286f3", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e22912985a6237a8d178da4f2cd5555bb125ba1c6a5a7cd39c836d81640286f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 205}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126263, "scanner": "repobility-docker", "fingerprint": "c7aa147c61eaadf60ae8fe588fd6cac329c16d51542e2db9a7b453acb1d595be", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c7aa147c61eaadf60ae8fe588fd6cac329c16d51542e2db9a7b453acb1d595be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 205}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 126262, "scanner": "repobility-docker", "fingerprint": "49e283805cdcc6b190040c07e24ee64b670791ef597b01fe527cecd5195a5dd7", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|49e283805cdcc6b190040c07e24ee64b670791ef597b01fe527cecd5195a5dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 195}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126261, "scanner": "repobility-docker", "fingerprint": "f1a8d72c7ec1e0d111ddeab9b1669fde8698f8a51d0f2a21f2f71b09d000836c", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f1a8d72c7ec1e0d111ddeab9b1669fde8698f8a51d0f2a21f2f71b09d000836c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 195}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126259, "scanner": "repobility-docker", "fingerprint": "da295fec28f3c6d1062d4fed0da762bc75a9e8ddd4e4d3978e7d1f26a8c12eb3", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|da295fec28f3c6d1062d4fed0da762bc75a9e8ddd4e4d3978e7d1f26a8c12eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 86}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 126255, "scanner": "repobility-docker", "fingerprint": "83160cd3a47c62a2daa58eb392378a44dc00e8841a6cbe222f3383399cbe99cb", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|83160cd3a47c62a2daa58eb392378a44dc00e8841a6cbe222f3383399cbe99cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 53}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 126247, "scanner": "repobility-docker", "fingerprint": "8d1acaf61d905625ed9ba488251271d4885d428a12e2e95af97e35ecb49f7e07", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8d1acaf61d905625ed9ba488251271d4885d428a12e2e95af97e35ecb49f7e07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.build_helper"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 126244, "scanner": "repobility-docker", "fingerprint": "7af29cc3af8e874e6f38202adb49c669e938cb9fd7e3aa5ae37f53eeff9efc41", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7af29cc3af8e874e6f38202adb49c669e938cb9fd7e3aa5ae37f53eeff9efc41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.base"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 126228, "scanner": "repobility-threat-engine", "fingerprint": "766af2a70b6341e9bf6cc814c64d8a94dc6555cfd608bc100ca9a87dd09bd95b", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Failed to create \" + backend + \" backend\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|766af2a70b6341e9bf6cc814c64d8a94dc6555cfd608bc100ca9a87dd09bd95b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cpp/nixl_example.cpp"}, "region": {"startLine": 121}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126117, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b23ab5ac138f5e310f1b4dee4b0de4c30e6dcab59fbb0d911a829f332139931", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/mooncake/mooncake_backend_test.cpp", "duplicate_line": 18, "correlation_key": "fp|4b23ab5ac138f5e310f1b4dee4b0de4c30e6dcab59fbb0d911a829f332139931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/ucx/ucx_backend_test.cpp"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126116, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a42107e33fa2e8953b0ff82fedbc04ae3df5e922987e0c3abadd26abd2a3b2ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/hf3fs/temp_file.h", "duplicate_line": 15, "correlation_key": "fp|a42107e33fa2e8953b0ff82fedbc04ae3df5e922987e0c3abadd26abd2a3b2ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/posix/nixl_posix_test.cpp"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126115, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae8f6e8889c9093f578bd5f18fec05b937953640e55451992ec1e5bb4269689c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/hf3fs/nixl_hf3fs_test.cpp", "duplicate_line": 32, "correlation_key": "fp|ae8f6e8889c9093f578bd5f18fec05b937953640e55451992ec1e5bb4269689c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/posix/nixl_posix_test.cpp"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126114, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb662c1c8c3a8b302bc97d31688152c0a257b2ae511e4df9151591c0fdc49b0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/cuda_gds/nixl_gds_test.cpp", "duplicate_line": 181, "correlation_key": "fp|eb662c1c8c3a8b302bc97d31688152c0a257b2ae511e4df9151591c0fdc49b0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/object/nixl_object_test.cpp"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126113, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db498b986b2c4a9472476e16ed56441f948f021dd0b4fa091d06dbcab3712d6f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/gds_mt/nixl_gds_mt_test.cpp", "duplicate_line": 12, "correlation_key": "fp|db498b986b2c4a9472476e16ed56441f948f021dd0b4fa091d06dbcab3712d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/object/nixl_object_test.cpp"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126112, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a51cf4de7bc66942027f9c75a6a15e6d98259f4c0de628cb1391b0e581f14100", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/infinia/infinia_nixl_test.cpp", "duplicate_line": 81, "correlation_key": "fp|a51cf4de7bc66942027f9c75a6a15e6d98259f4c0de628cb1391b0e581f14100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/object/nixl_object_test.cpp"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126111, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d8732032ad85b5cd9c1df7ecf109423ee24723b08caaf03258f54580bdfdad0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/cuda_gds/nixl_gds_test.cpp", "duplicate_line": 103, "correlation_key": "fp|2d8732032ad85b5cd9c1df7ecf109423ee24723b08caaf03258f54580bdfdad0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/infinia/infinia_nixl_test.cpp"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126110, "scanner": "repobility-ai-code-hygiene", "fingerprint": "285691a4a97a12d6468268e6166591afdf4425291b2de38de14c5a540d714279", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/gds_mt/nixl_gds_mt_test.cpp", "duplicate_line": 12, "correlation_key": "fp|285691a4a97a12d6468268e6166591afdf4425291b2de38de14c5a540d714279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/infinia/infinia_nixl_test.cpp"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126109, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a6793d6eec7f81abc56f614859e25422c00b8b16e411e54597132499649fb35", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/cuda_gds/nixl_gds_test.cpp", "duplicate_line": 48, "correlation_key": "fp|6a6793d6eec7f81abc56f614859e25422c00b8b16e411e54597132499649fb35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/hf3fs/nixl_hf3fs_test.cpp"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126108, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c41d3ba830425d862460ab07ef1974e158f84184c8b1a557d5460dcfbd5e1ea4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/unit/plugins/cuda_gds/nixl_gds_test.cpp", "duplicate_line": 19, "correlation_key": "fp|c41d3ba830425d862460ab07ef1974e158f84184c8b1a557d5460dcfbd5e1ea4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/unit/plugins/gds_mt/nixl_gds_mt_test.cpp"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126107, "scanner": "repobility-ai-code-hygiene", "fingerprint": "524ae72670a5bd18092c757c53c3f030a1aa565411abff03b0b239b4d500afd0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/gtest/error_handling.cpp", "duplicate_line": 79, "correlation_key": "fp|524ae72670a5bd18092c757c53c3f030a1aa565411abff03b0b239b4d500afd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/gtest/plugins/uccl/uccl_test.cpp"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126106, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7728d42e08b8d33ec2aa96b209b75ca380a57f6a6c81462457a72224f0f09ec1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/gtest/plugins/azure_blob/azure_blob_test.cpp", "duplicate_line": 78, "correlation_key": "fp|7728d42e08b8d33ec2aa96b209b75ca380a57f6a6c81462457a72224f0f09ec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/gtest/plugins/obj_plugin.cpp"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126105, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77d6109de7e9729e2744b5d89571d894a788f5a52f32fe22e019e30ce534a24a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/gtest/plugins/azure_blob/azure_blob_test.cpp", "duplicate_line": 80, "correlation_key": "fp|77d6109de7e9729e2744b5d89571d894a788f5a52f32fe22e019e30ce534a24a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/gtest/plugins/obj_cuobj_plugin.cpp"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126104, "scanner": "repobility-ai-code-hygiene", "fingerprint": "149ea55286ee598c234de5c9407b03c1f5682b42e7b8e97596a1db3f97b5df6e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/gpunetio/gpunetio_backend.h", "duplicate_line": 48, "correlation_key": "fp|149ea55286ee598c234de5c9407b03c1f5682b42e7b8e97596a1db3f97b5df6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/ucx/ucx_backend.h"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126103, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25da9e652a8b87296f3d290589be1fab1336e1d47bf43e99269a3b7484cd757a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/libfabric/libfabric_backend.h", "duplicate_line": 171, "correlation_key": "fp|25da9e652a8b87296f3d290589be1fab1336e1d47bf43e99269a3b7484cd757a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/ucx/ucx_backend.h"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126102, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad7f039f978c907f017fcc486a6e9e7662a0fa776eae0dc06796775bb05e2774", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/gpunetio/gpunetio_backend.h", "duplicate_line": 37, "correlation_key": "fp|ad7f039f978c907f017fcc486a6e9e7662a0fa776eae0dc06796775bb05e2774"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/uccl/uccl_backend.h"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126101, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ae9424a1132396987655555b7c39dcbd52dd5ccb158275287d17a022f0725867", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/mooncake/mooncake_backend.h", "duplicate_line": 6, "correlation_key": "fp|ae9424a1132396987655555b7c39dcbd52dd5ccb158275287d17a022f0725867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/uccl/uccl_backend.h"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126100, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e4b33fa1b6c9b01cad888d4954b0bfd626669d10c9c88cf865c1b38053e2041", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/azure_blob/azure_blob_backend.h", "duplicate_line": 7, "correlation_key": "fp|1e4b33fa1b6c9b01cad888d4954b0bfd626669d10c9c88cf865c1b38053e2041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/posix/posix_backend.h"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126099, "scanner": "repobility-ai-code-hygiene", "fingerprint": "919b1bb203448c4139def73d11ecee8ae1f276770db61ada7eb95fd9024f1fa4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/posix/io_uring_io_queue.cpp", "duplicate_line": 15, "correlation_key": "fp|919b1bb203448c4139def73d11ecee8ae1f276770db61ada7eb95fd9024f1fa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/posix/posix_aio_io_queue.cpp"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126098, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c085dcf9c89ed90c209eceada3a9e3100e73ccbf8708e450a4db8316dfee11e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/posix/io_uring_io_queue.cpp", "duplicate_line": 15, "correlation_key": "fp|5c085dcf9c89ed90c209eceada3a9e3100e73ccbf8708e450a4db8316dfee11e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/posix/linux_aio_io_queue.cpp"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126097, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38343fdcb9fd0061a866632afc00cf1163e5688d4b17efc58e2a418a94c748ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/azure_blob/azure_blob_backend.h", "duplicate_line": 48, "correlation_key": "fp|38343fdcb9fd0061a866632afc00cf1163e5688d4b17efc58e2a418a94c748ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/libfabric/libfabric_backend.h"}, "region": {"startLine": 226}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126096, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f64681c3865bbfceea5515921a73600457180171ac74458a0333dae56b30119e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/gpunetio/gpunetio_backend.h", "duplicate_line": 48, "correlation_key": "fp|f64681c3865bbfceea5515921a73600457180171ac74458a0333dae56b30119e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/libfabric/libfabric_backend.h"}, "region": {"startLine": 185}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126095, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11cb3231195163c161452a1ab45737d0c269a6b6d16ea7636b1bb49161f6837f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/plugins/azure_blob/azure_blob_backend.h", "duplicate_line": 41, "correlation_key": "fp|11cb3231195163c161452a1ab45737d0c269a6b6d16ea7636b1bb49161f6837f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/gpunetio/gpunetio_backend.h"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126094, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7ae3eaa7670b60328d059257910fb41a6e039f5b063f8565e649125c8f322af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/bindings/rust/src/lib.rs", "duplicate_line": 338, "correlation_key": "fp|b7ae3eaa7670b60328d059257910fb41a6e039f5b063f8565e649125c8f322af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/utils/string_list.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 126093, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94077363e106d73632ab0c20c24ab3951e38214be31d4f93df9e9835005ba07f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/bindings/rust/src/descriptors/reg.rs", "duplicate_line": 94, "correlation_key": "fp|94077363e106d73632ab0c20c24ab3951e38214be31d4f93df9e9835005ba07f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/descriptors/xfer.rs"}, "region": {"startLine": 72}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126294, "scanner": "repobility-docker", "fingerprint": "427c817fc3935f6cf0351f0c11445dcc8dc59e18ba2ebbc7a0b6bae81eb5cccd", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|427c817fc3935f6cf0351f0c11445dcc8dc59e18ba2ebbc7a0b6bae81eb5cccd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.vllm"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126291, "scanner": "repobility-docker", "fingerprint": "d1d5642ce25c714916476453ea0ea5f548e0a705a93bc0eeb5e01513a44054f6", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d1d5642ce25c714916476453ea0ea5f548e0a705a93bc0eeb5e01513a44054f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.sglang"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126285, "scanner": "repobility-docker", "fingerprint": "a7a8d8950ad553afec58950eecfcddc074577bc83a18178d8a29eae6b38e565f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}:${BASE_IMAGE_TAG}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a7a8d8950ad553afec58950eecfcddc074577bc83a18178d8a29eae6b38e565f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126273, "scanner": "repobility-docker", "fingerprint": "81c7ffe7c58ec5d56dc35ecabe117250426fed7050249c6e5efc19379a5f8a72", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}:${BASE_IMAGE_TAG}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|81c7ffe7c58ec5d56dc35ecabe117250426fed7050249c6e5efc19379a5f8a72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126260, "scanner": "repobility-docker", "fingerprint": "94926d7150657baf7b93d57107977f29d7f9ce0631b6c51bc995b8c2720e291c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "ucx_${UCX}_image", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|94926d7150657baf7b93d57107977f29d7f9ce0631b6c51bc995b8c2720e291c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 109}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126253, "scanner": "repobility-docker", "fingerprint": "dfd16685113b523f975c8cba2465f1ec52193f9b7a0708caf47f38b074b89c1a", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}:${BASE_IMAGE_TAG}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|dfd16685113b523f975c8cba2465f1ec52193f9b7a0708caf47f38b074b89c1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126249, "scanner": "repobility-docker", "fingerprint": "923c37becbaeb18ac1dc77cdf696de7781773c6fa1f5fc4e7e3743288625f784", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|923c37becbaeb18ac1dc77cdf696de7781773c6fa1f5fc4e7e3743288625f784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.gpu-test"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126246, "scanner": "repobility-docker", "fingerprint": "68a4c34c82fffe8241e070cf28bd951877c97bfce50d672907c1b52ada17099f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|68a4c34c82fffe8241e070cf28bd951877c97bfce50d672907c1b52ada17099f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.build_helper"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126243, "scanner": "repobility-docker", "fingerprint": "4e3d1bca0a16a85cc1e88316fe6d2f85d694295c8ed613e1b5aa41e481cdb6d3", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${BASE_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|4e3d1bca0a16a85cc1e88316fe6d2f85d694295c8ed613e1b5aa41e481cdb6d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.base"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 126242, "scanner": "repobility-docker", "fingerprint": "eb34151d5f9a28577641ff566c7c290c14b9d6e90ecaa451d139222a59e3398c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "${INFINIA_LIBS_IMAGE}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|eb34151d5f9a28577641ff566c7c290c14b9d6e90ecaa451d139222a59e3398c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.base"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 126240, "scanner": "repobility-threat-engine", "fingerprint": "56f8850f893ca3fa5a32fdc7d0a357eed7989cbdb16fe43e2e4089c134b98969", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56f8850f893ca3fa5a32fdc7d0a357eed7989cbdb16fe43e2e4089c134b98969"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/build.rs"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 126239, "scanner": "repobility-threat-engine", "fingerprint": "c97e27b65ebfa9ad8e28f12b958080a4e8997dacd6b33d9badaea450bf521649", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c97e27b65ebfa9ad8e28f12b958080a4e8997dacd6b33d9badaea450bf521649"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/utils/params.rs"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 126238, "scanner": "repobility-threat-engine", "fingerprint": "2b4d105412a95741eb0b4f8bf5131727e0e61b5e9b37f55a9e91fcf04b812fd9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b4d105412a95741eb0b4f8bf5131727e0e61b5e9b37f55a9e91fcf04b812fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/build.rs"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126237, "scanner": "repobility-threat-engine", "fingerprint": "aca87ac170a0086928a99f3259a65e7dc9f4a245fac4fc4acf126652fd81143b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|aca87ac170a0086928a99f3259a65e7dc9f4a245fac4fc4acf126652fd81143b", "aggregated_count": 3}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 126233, "scanner": "repobility-threat-engine", "fingerprint": "855c74d20959b2ee13192b8b37a70038838060b9c9d64d0bb626119ecf77a63e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|855c74d20959b2ee13192b8b37a70038838060b9c9d64d0bb626119ecf77a63e", "aggregated_count": 7}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 126232, "scanner": "repobility-threat-engine", "fingerprint": "28c7e9cce3c26c1ffa02a76ee0222accc5c5f6dacea2a1ffbc148de4a07a4934", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28c7e9cce3c26c1ffa02a76ee0222accc5c5f6dacea2a1ffbc148de4a07a4934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/descriptors/query.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 126231, "scanner": "repobility-threat-engine", "fingerprint": "70ec4a18efabe67a792806ab284708483dc01afb7171a9a7293cd13a1cf323b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70ec4a18efabe67a792806ab284708483dc01afb7171a9a7293cd13a1cf323b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/descriptors.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 126230, "scanner": "repobility-threat-engine", "fingerprint": "a2825794f17b4fe736bbbbd23e140c53d47df2f967e5f530efc35c3b12ff54ee", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2825794f17b4fe736bbbbd23e140c53d47df2f967e5f530efc35c3b12ff54ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/rust/src/single_process_example.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 126229, "scanner": "repobility-threat-engine", "fingerprint": "23d67ba7ebfd25cceee5aa596e9b9ad4ef4993d0f6714ce1524f25d6041703f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23d67ba7ebfd25cceee5aa596e9b9ad4ef4993d0f6714ce1524f25d6041703f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cpp/nixl_example.cpp"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 126227, "scanner": "repobility-threat-engine", "fingerprint": "b8f6476b40c6b0c117c62705cc8affa9b98ac771199163ac6db926e38da22eac", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b8f6476b40c6b0c117c62705cc8affa9b98ac771199163ac6db926e38da22eac", "aggregated_count": 1}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126226, "scanner": "repobility-threat-engine", "fingerprint": "2a3839b0e120446309e4007677b999bd91071d198aceb3c9264e1867f607a4c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a3839b0e120446309e4007677b999bd91071d198aceb3c9264e1867f607a4c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/api/cpp/backend/backend_plugin.h"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126225, "scanner": "repobility-threat-engine", "fingerprint": "8bbf183040503f6930be2ccea68633f1fb0e02b423d76c22ddd8cb89e1f8f1f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8bbf183040503f6930be2ccea68633f1fb0e02b423d76c22ddd8cb89e1f8f1f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/src/worker/worker.cpp"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 126224, "scanner": "repobility-threat-engine", "fingerprint": "c15bcd81b3bd1323b25d5add825037c16ba61126a48def9443b56ad8cf88330d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c15bcd81b3bd1323b25d5add825037c16ba61126a48def9443b56ad8cf88330d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/src/runtime/etcd/python_bindings.cpp"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126223, "scanner": "repobility-threat-engine", "fingerprint": "c7a238666d95d72db58b23986205a3cc9e62427bb54ec4cab558b9cba7366ba4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7a238666d95d72db58b23986205a3cc9e62427bb54ec4cab558b9cba7366ba4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/device/ep/scripts/reset_etcd.sh"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 126222, "scanner": "repobility-threat-engine", "fingerprint": "273f8a038ba5dadcca65e7780184f51ce7a1cec08d474649ef17fd062c405ef8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|273f8a038ba5dadcca65e7780184f51ce7a1cec08d474649ef17fd062c405ef8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126216, "scanner": "repobility-threat-engine", "fingerprint": "ad6a16d1375abd2aa0fcc3d3958bfb3c0b6e7b90024ec5703e0b1d07516b1253", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad6a16d1375abd2aa0fcc3d3958bfb3c0b6e7b90024ec5703e0b1d07516b1253"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/rt_base.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126215, "scanner": "repobility-threat-engine", "fingerprint": "7de05026fc26ca25ee9cb1702a30b89eda944245032ee9af2e8ce39ccb85392c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7de05026fc26ca25ee9cb1702a30b89eda944245032ee9af2e8ce39ccb85392c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 126214, "scanner": "repobility-threat-engine", "fingerprint": "3b2c5be00ec78fae9c8872c7a6324c4f7ada89f8e4c46c381d31dce408389672", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b2c5be00ec78fae9c8872c7a6324c4f7ada89f8e4c46c381d31dce408389672"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/models/models.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 126212, "scanner": "repobility-threat-engine", "fingerprint": "ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "update", "breakdown": {"if": 4, "for": 4, "elif": 2, "nested_bonus": 18}, "aggregated": true, "complexity": 28, "correlation_key": "fp|ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "aggregated_count": 3}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 126208, "scanner": "repobility-threat-engine", "fingerprint": "85828e9cd9362e924a9c62db1a87196b6f0e7a0536c7ec58c342debf85e84af0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85828e9cd9362e924a9c62db1a87196b6f0e7a0536c7ec58c342debf85e84af0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/models/model_config.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 126207, "scanner": "repobility-threat-engine", "fingerprint": "d9584966f477b17ba9396240cd28c80072924ec0f4bc91d0507d429687df8b8d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9584966f477b17ba9396240cd28c80072924ec0f4bc91d0507d429687df8b8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/models/model_config.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "RUSTSEC-2025-0055", "level": "error", "message": {"text": "tracing-subscriber: RUSTSEC-2025-0055"}, "properties": {"repobilityId": 126306, "scanner": "osv-scanner", "fingerprint": "e833bbb324ba23e977000cc5ac49ec61740d31fc2f269005e414f3b7c443969b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2025-58160", "GHSA-xwfj-jgwm-7wp5"], "package": "tracing-subscriber", "rule_id": "RUSTSEC-2025-0055", "scanner": "osv-scanner", "correlation_key": "vuln|tracing-subscriber|CVE-2025-58160|examples/rust/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xwfj-jgwm-7wp5", "RUSTSEC-2025-0055"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["5c66c931bc8c1e110181d8d48a137c10f1d5841fdf1824bd718038c3d9454767", "e833bbb324ba23e977000cc5ac49ec61740d31fc2f269005e414f3b7c443969b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/rust/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2026-0007", "level": "error", "message": {"text": "bytes: RUSTSEC-2026-0007"}, "properties": {"repobilityId": 126305, "scanner": "osv-scanner", "fingerprint": "e418aa635cd39645e4fde0fff4eeb86ebce721449e94ebdf8d70e5defbabfb46", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2026-25541", "GHSA-434x-w66g-qw3r"], "package": "bytes", "rule_id": "RUSTSEC-2026-0007", "scanner": "osv-scanner", "correlation_key": "vuln|bytes|CVE-2026-25541|examples/rust/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-434x-w66g-qw3r", "RUSTSEC-2026-0007"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["e418aa635cd39645e4fde0fff4eeb86ebce721449e94ebdf8d70e5defbabfb46", "f80171cf30964f3fe4f56ae0faa6fa43d737e6dbba359890976039ed5586b8d5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/rust/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 126304, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126295, "scanner": "repobility-docker", "fingerprint": "71ab0e41d5be4c61574ce0a3b2d5d2655409374e47fd8cf21655547ec7f010a7", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|71ab0e41d5be4c61574ce0a3b2d5d2655409374e47fd8cf21655547ec7f010a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.vllm"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126292, "scanner": "repobility-docker", "fingerprint": "79ae025a2bc83f1023d09d07a428dd3e85442639f1b3a9f454f320a95bb80c49", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|79ae025a2bc83f1023d09d07a428dd3e85442639f1b3a9f454f320a95bb80c49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.sglang"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126289, "scanner": "repobility-docker", "fingerprint": "5eab9b9e5d6169d8af15fcadd2cd6284a6d2b5c970ba56674f8a1e9335a14f5b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5eab9b9e5d6169d8af15fcadd2cd6284a6d2b5c970ba56674f8a1e9335a14f5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile.manylinux"}, "region": {"startLine": 321}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126280, "scanner": "repobility-docker", "fingerprint": "ad998885c270c4f7f3976687aad327d30af12f3ed855844c8703a9c5d72ea987", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ad998885c270c4f7f3976687aad327d30af12f3ed855844c8703a9c5d72ea987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "contrib/Dockerfile"}, "region": {"startLine": 258}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126269, "scanner": "repobility-docker", "fingerprint": "463335471fd942b1c69944986b32aef15567b700da41fb9e079ceaa7074c2706", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|463335471fd942b1c69944986b32aef15567b700da41fb9e079ceaa7074c2706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 252}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126268, "scanner": "repobility-docker", "fingerprint": "155a115ab602a0b8d1450079e412c2968c19410aa576bae3b18a24c6b912c7a8", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|155a115ab602a0b8d1450079e412c2968c19410aa576bae3b18a24c6b912c7a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 251}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126258, "scanner": "repobility-docker", "fingerprint": "34ca785005468112babb6d6b93d03c163581f11182b417f5239cc70f63f190cc", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|34ca785005468112babb6d6b93d03c163581f11182b417f5239cc70f63f190cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 84}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 126257, "scanner": "repobility-docker", "fingerprint": "95e26e401cd53a1e26652084960ebc16edd46978583445b21098f4762f1ec63c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|95e26e401cd53a1e26652084960ebc16edd46978583445b21098f4762f1ec63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/contrib/Dockerfile"}, "region": {"startLine": 73}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 126250, "scanner": "repobility-docker", "fingerprint": "d019f6fc750f2ea999d87e4d08adc5c5f345206c6ebc8563d0bab8ed9896dce7", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d019f6fc750f2ea999d87e4d08adc5c5f345206c6ebc8563d0bab8ed9896dce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.gpu-test"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 126248, "scanner": "repobility-docker", "fingerprint": "20b37aad7ac27b2275ef0f83774eb57a018816b116bd4c4c26d4627e6b5a6d24", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|20b37aad7ac27b2275ef0f83774eb57a018816b116bd4c4c26d4627e6b5a6d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.build_helper"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 126241, "scanner": "repobility-threat-engine", "fingerprint": "9dd1cc21da76abacfdb58ec9c83f7eeb7c48a485d21cea5cc83e8272bfdf1233", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9dd1cc21da76abacfdb58ec9c83f7eeb7c48a485d21cea5cc83e8272bfdf1233"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/azure_blob/azure_blob_client.cpp"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126236, "scanner": "repobility-threat-engine", "fingerprint": "dc9afd6645dc02f12bedfd55609f80fce3710034ae5f03ded4fb10025d971abe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc9afd6645dc02f12bedfd55609f80fce3710034ae5f03ded4fb10025d971abe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/descriptors/xfer.rs"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126235, "scanner": "repobility-threat-engine", "fingerprint": "447c15853ba5f01b69a4fd2e8cac62a145561caab023aeb29fe8548f56cc409f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|447c15853ba5f01b69a4fd2e8cac62a145561caab023aeb29fe8548f56cc409f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/src/descriptors.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 126234, "scanner": "repobility-threat-engine", "fingerprint": "c871b2e40bbbfe9cce9dffe2e6fdeea27a3988bf87b88bb8aca2d7416e353eca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c871b2e40bbbfe9cce9dffe2e6fdeea27a3988bf87b88bb8aca2d7416e353eca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bindings/rust/build.rs"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 126219, "scanner": "repobility-threat-engine", "fingerprint": "ddbd260165ad89b438d7fa1185a8d0082e793ea7c2dfd5c2c0e12a8d936fb517", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.client.delete(f\"{self.prefix}/all_reduce/result\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ddbd260165ad89b438d7fa1185a8d0082e793ea7c2dfd5c2c0e12a8d936fb517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 208}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `update` has cognitive complexity 28 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, for=4, if=4, nested_bonus=18."}, "properties": {"repobilityId": 126209, "scanner": "repobility-threat-engine", "fingerprint": "e2b98a5f2e87e066d17019e5935123c840183acd8bbc390c3500fb0e327eb84c", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 28 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "update", "breakdown": {"if": 4, "for": 4, "elif": 2, "nested_bonus": 18}, "complexity": 28, "correlation_key": "fp|e2b98a5f2e87e066d17019e5935123c840183acd8bbc390c3500fb0e327eb84c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/models/model_config.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 126206, "scanner": "repobility-threat-engine", "fingerprint": "d637c8e7c01ed523bc827d2d447d57463a20530ff645c1b8238ee1f12e5ed877", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|. token|115|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/scripts/stop_slurm_allocation.sh"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 126205, "scanner": "repobility-threat-engine", "fingerprint": "39a7b49a49338cb40b5203785cc47b00b2be832ad84f67cc1bbee9f8a62ff2cf", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|. token|129|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/scripts/run_tests_slurm.sh"}, "region": {"startLine": 129}}}]}, {"ruleId": "SEC113", "level": "error", "message": {"text": "[SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first connect lets an active MITM impersonate the server. Common in `paramiko.AutoAddPolicy()`."}, "properties": {"repobilityId": 126204, "scanner": "repobility-threat-engine", "fingerprint": "efd5920ba8a4b5497d68e18e380c83baaf36703c20fb80f60570f6b59fbd605e", "category": "crypto", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "StrictHostKeyChecking=no", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC113", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|. token|181|sec113"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/scripts/run_slurm_allocation.sh"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 126201, "scanner": "repobility-supply-chain", "fingerprint": "030f82fef30724036a89a22ad75f52bd3bfc650618f934b7a51238084a375509", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|030f82fef30724036a89a22ad75f52bd3bfc650618f934b7a51238084a375509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clang-format.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pre-commit/action` pinned to mutable ref `@v3.0.0`"}, "properties": {"repobilityId": 126200, "scanner": "repobility-supply-chain", "fingerprint": "3228617368c39b0ab3d223b1e7a553b823a691febc5738203c8d6d2bb10870bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3228617368c39b0ab3d223b1e7a553b823a691febc5738203c8d6d2bb10870bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 126199, "scanner": "repobility-supply-chain", "fingerprint": "f2442c74d07d98e42c0790f8888dc8718fac07027c639f615ad7eab8ad144f2d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2442c74d07d98e42c0790f8888dc8718fac07027c639f615ad7eab8ad144f2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 126198, "scanner": "repobility-supply-chain", "fingerprint": "ffa9990d3f24e1c5ebc53cdd9a6b6973e5b435377c8aedb8aca3a14ca10564b5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ffa9990d3f24e1c5ebc53cdd9a6b6973e5b435377c8aedb8aca3a14ca10564b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pre-commit.yml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 126196, "scanner": "repobility-supply-chain", "fingerprint": "1286281573fb985de82959ea7718d1ed195d25402e08b7b4a6845cc671499c69", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1286281573fb985de82959ea7718d1ed195d25402e08b7b4a6845cc671499c69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_validation.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `ghcr.io/ai-dynamo/dynamo/helm-tester:0.1.1` unpinned"}, "properties": {"repobilityId": 126195, "scanner": "repobility-supply-chain", "fingerprint": "3559078f16cf70a325cbae72ef3b010ff029730ae65ff61af502e6636788a3e8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3559078f16cf70a325cbae72ef3b010ff029730ae65ff61af502e6636788a3e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copyright-checks.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 126194, "scanner": "repobility-supply-chain", "fingerprint": "3549f9ee89a20c9aef3d0bf264f503f314443b8a71c0207bfe3d837b334d3cbb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3549f9ee89a20c9aef3d0bf264f503f314443b8a71c0207bfe3d837b334d3cbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copyright-checks.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 126193, "scanner": "repobility-supply-chain", "fingerprint": "b307875b5d5c495b3d4bb8701765a4b85858ff336c9c9027e2f9df1ce16658ad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b307875b5d5c495b3d4bb8701765a4b85858ff336c9c9027e2f9df1ce16658ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/aws_efa_validation.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 126192, "scanner": "repobility-supply-chain", "fingerprint": "26e00252d761b265ba8b2b6f7f6ffda383ebf59c363ffb88a6700accd0aa6277", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26e00252d761b265ba8b2b6f7f6ffda383ebf59c363ffb88a6700accd0aa6277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/external_contributor.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 126191, "scanner": "repobility-supply-chain", "fingerprint": "66c1490f3b6ea6a906ac98744637645dd163fafa97705430fc3e0970fe68909b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66c1490f3b6ea6a906ac98744637645dd163fafa97705430fc3e0970fe68909b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/external_contributor.yaml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 126190, "scanner": "repobility-supply-chain", "fingerprint": "a0d4c60bf6c43a313e2a9fc5f7bfcd9a396b462b2d1ce17006c6c6ee09cfb57d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0d4c60bf6c43a313e2a9fc5f7bfcd9a396b462b2d1ce17006c6c6ee09cfb57d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-size-check.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `NVIDIA/blossom-action` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 126189, "scanner": "repobility-supply-chain", "fingerprint": "63c23b6bf2e70467aaf19eb1e675d11a24b378cd06741510ed8565ad2cc42ccc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63c23b6bf2e70467aaf19eb1e675d11a24b378cd06741510ed8565ad2cc42ccc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/blossom-ci.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 126188, "scanner": "repobility-supply-chain", "fingerprint": "a0c65907d5fd71381e5eba141c81c5e9eb5ab801efe6fad4df26d915faa6ef74", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0c65907d5fd71381e5eba141c81c5e9eb5ab801efe6fad4df26d915faa6ef74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/blossom-ci.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 126187, "scanner": "repobility-supply-chain", "fingerprint": "e28c6c1123a07bd9c717d0edda6fa6ed21a9b8f1034dc74a92a9b7e1652e67e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e28c6c1123a07bd9c717d0edda6fa6ed21a9b8f1034dc74a92a9b7e1652e67e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/python-checks.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `gcr.io/google.com/cloudsdktool/cloud-sdk:alpine` not pinned by digest"}, "properties": {"repobilityId": 126186, "scanner": "repobility-supply-chain", "fingerprint": "92fe2cd8419eaabadbaa46f01c44b26eddcaf897c43187c9cd7b6e0b7470403d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92fe2cd8419eaabadbaa46f01c44b26eddcaf897c43187c9cd7b6e0b7470403d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/dockerfiles/Dockerfile.infinia-libs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v4.4.0`"}, "properties": {"repobilityId": 126175, "scanner": "repobility-supply-chain", "fingerprint": "85ffca74169b67e3d52645911bb50e3e19fe7b72d4fa84b1a126ebe433cfe757", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85ffca74169b67e3d52645911bb50e3e19fe7b72d4fa84b1a126ebe433cfe757"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/codespell-project/codespell` pinned to mutable rev `v2.2.4`"}, "properties": {"repobilityId": 126174, "scanner": "repobility-supply-chain", "fingerprint": "a18c8595c9bf317f6b8d25fd07fa8aee3f5cb6806a9acd97b49c1735c9efcdd6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a18c8595c9bf317f6b8d25fd07fa8aee3f5cb6806a9acd97b49c1735c9efcdd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/PyCQA/flake8` pinned to mutable rev `7.1.2`"}, "properties": {"repobilityId": 126173, "scanner": "repobility-supply-chain", "fingerprint": "3c018088d487db917ab5d585b716ceb616dba6d9d52ec547283c60bd22d9c255", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3c018088d487db917ab5d585b716ceb616dba6d9d52ec547283c60bd22d9c255"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/psf/black` pinned to mutable rev `24.10.0`"}, "properties": {"repobilityId": 126172, "scanner": "repobility-supply-chain", "fingerprint": "998a9e94fcf2ec4b14633b7887d104662f889df0f68d5a0e42a42ad333c2fc2e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|998a9e94fcf2ec4b14633b7887d104662f889df0f68d5a0e42a42ad333c2fc2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/timothycrosley/isort` pinned to mutable rev `5.12.0`"}, "properties": {"repobilityId": 126171, "scanner": "repobility-supply-chain", "fingerprint": "95e8d8ca8a70f6dfef13449357af4322d47e95b67e5c8820c34f9c37fad4802f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|95e8d8ca8a70f6dfef13449357af4322d47e95b67e5c8820c34f9c37fad4802f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.14.1`"}, "properties": {"repobilityId": 126170, "scanner": "repobility-supply-chain", "fingerprint": "1bb4320a8b66410a00e2375d3d6ea2f260c415159040d2ec06774a75e8db14e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1bb4320a8b66410a00e2375d3d6ea2f260c415159040d2ec06774a75e8db14e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_barrier"}, "properties": {"repobilityId": 126155, "scanner": "repobility-ast-engine", "fingerprint": "ab73a20fab571d352fdfb77a7997e6319b448fb3b8b87385e16ca72687c40849", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab73a20fab571d352fdfb77a7997e6319b448fb3b8b87385e16ca72687c40849"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/device/ep/tests/elastic/elastic.py"}, "region": {"startLine": 410}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_func"}, "properties": {"repobilityId": 126154, "scanner": "repobility-ast-engine", "fingerprint": "b886f3d18e1d0e0e6741826663be56ee9edf551a251c3328d5d3d19d0e0bd266", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b886f3d18e1d0e0e6741826663be56ee9edf551a251c3328d5d3d19d0e0bd266"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/device/ep/tests/elastic/elastic.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_basic_functionality"}, "properties": {"repobilityId": 126153, "scanner": "repobility-ast-engine", "fingerprint": "0ca08a24d1f3978fb056deff1bbd667784aaa7300d83b7eaaedcabce113cc132", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ca08a24d1f3978fb056deff1bbd667784aaa7300d83b7eaaedcabce113cc132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/src/runtime/etcd/test_etcd_runtime.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_tp_total_size` used but never assigned in __init__"}, "properties": {"repobilityId": 126152, "scanner": "repobility-ast-engine", "fingerprint": "cabba17a65a65ceb32edc0bc3360e8819095bdc7176f6395817f261e270a8d4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cabba17a65a65ceb32edc0bc3360e8819095bdc7176f6395817f261e270a8d4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126151, "scanner": "repobility-ast-engine", "fingerprint": "88c069f706b6bbfd5b485d3b040ba51259e3e2f3cf49d8df21bba43eb9c29800", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|88c069f706b6bbfd5b485d3b040ba51259e3e2f3cf49d8df21bba43eb9c29800"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._barrier_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126150, "scanner": "repobility-ast-engine", "fingerprint": "d7c9f067ff88eac86f8effc032003935de62e9b4aa4cd8dcbf81fab6afeb995f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d7c9f067ff88eac86f8effc032003935de62e9b4aa4cd8dcbf81fab6afeb995f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._barrier_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126149, "scanner": "repobility-ast-engine", "fingerprint": "256b41a6cf90d68b5552f9e682974b7358dad9d5e3a3a53ab882abafbd3be6f7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|256b41a6cf90d68b5552f9e682974b7358dad9d5e3a3a53ab882abafbd3be6f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126148, "scanner": "repobility-ast-engine", "fingerprint": "32a1299388dcf704d7c67f28d07531da5e3c36bddf8c6f7bfc6b1bde10ffd132", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32a1299388dcf704d7c67f28d07531da5e3c36bddf8c6f7bfc6b1bde10ffd132"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._run_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126147, "scanner": "repobility-ast-engine", "fingerprint": "7f7e6179f2cf2e236392d77ed43137dbdaf4293695cdaeaa18140be99a739175", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7f7e6179f2cf2e236392d77ed43137dbdaf4293695cdaeaa18140be99a739175"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._barrier_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126146, "scanner": "repobility-ast-engine", "fingerprint": "cf49ecab3e8361c091650df448074774c40fbe9d6115ff0dd1364bc2ff5d6ff8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf49ecab3e8361c091650df448074774c40fbe9d6115ff0dd1364bc2ff5d6ff8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._prepare_tp` used but never assigned in __init__"}, "properties": {"repobilityId": 126145, "scanner": "repobility-ast-engine", "fingerprint": "f3c674dd7383b0b9efdf1da49e6dca497f590aac23d0153867fed3485285246b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3c674dd7383b0b9efdf1da49e6dca497f590aac23d0153867fed3485285246b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._destroy` used but never assigned in __init__"}, "properties": {"repobilityId": 126144, "scanner": "repobility-ast-engine", "fingerprint": "a3bc15c2446c474c7f1722a9b1c2024669b14722d9d198d0b0536a8289dac5d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a3bc15c2446c474c7f1722a9b1c2024669b14722d9d198d0b0536a8289dac5d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 406}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._share_md` used but never assigned in __init__"}, "properties": {"repobilityId": 126143, "scanner": "repobility-ast-engine", "fingerprint": "bb78041a9fbdd5e6c5e639f6d5b45a50ba765145fd6736256e7e247a9b9ef141", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bb78041a9fbdd5e6c5e639f6d5b45a50ba765145fd6736256e7e247a9b9ef141"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._init_buffers` used but never assigned in __init__"}, "properties": {"repobilityId": 126142, "scanner": "repobility-ast-engine", "fingerprint": "08d29a0f8bb29f788ffcf8a3fefac1db12cc20b91ac13db2006445063788e180", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08d29a0f8bb29f788ffcf8a3fefac1db12cc20b91ac13db2006445063788e180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/sequential_custom_traffic_perftest.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.bytes_per_token` used but never assigned in __init__"}, "properties": {"repobilityId": 126141, "scanner": "repobility-ast-engine", "fingerprint": "a573f659ee83f154750793ffbbc78bb45fe6e681cc046e0944d9aca1b47b82a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a573f659ee83f154750793ffbbc78bb45fe6e681cc046e0944d9aca1b47b82a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/inference_workload_matgen.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.head_dim` used but never assigned in __init__"}, "properties": {"repobilityId": 126140, "scanner": "repobility-ast-engine", "fingerprint": "1d44c158dbafb18ce551248b576970342c9a338340a273ba05ae1f20b46a87f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d44c158dbafb18ce551248b576970342c9a338340a273ba05ae1f20b46a87f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/test/inference_workload_matgen.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._params` used but never assigned in __init__"}, "properties": {"repobilityId": 126139, "scanner": "repobility-ast-engine", "fingerprint": "210b36c61d0297a05fab92df336526848f041b391111cc82b753ef0c1d16b1c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|210b36c61d0297a05fab92df336526848f041b391111cc82b753ef0c1d16b1c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 485}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._params` used but never assigned in __init__"}, "properties": {"repobilityId": 126138, "scanner": "repobility-ast-engine", "fingerprint": "69ab47c1ff4efad989ee33322074d0c011b82dc7272941ada63a58eaa652a477", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69ab47c1ff4efad989ee33322074d0c011b82dc7272941ada63a58eaa652a477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 445}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._configure_obj` used but never assigned in __init__"}, "properties": {"repobilityId": 126137, "scanner": "repobility-ast-engine", "fingerprint": "81ca90c4bcc371eca712a1a338806a711905e2f2621a643ee808ae6acbddef2f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81ca90c4bcc371eca712a1a338806a711905e2f2621a643ee808ae6acbddef2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._configure_ucx` used but never assigned in __init__"}, "properties": {"repobilityId": 126136, "scanner": "repobility-ast-engine", "fingerprint": "83594cffdc41b23e0b787a1195bdbc82828b4e56bc09d6197be02869e4fdd632", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83594cffdc41b23e0b787a1195bdbc82828b4e56bc09d6197be02869e4fdd632"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._configure_posix` used but never assigned in __init__"}, "properties": {"repobilityId": 126135, "scanner": "repobility-ast-engine", "fingerprint": "3393c2df505a0bf0a0d89f7fe62b35f19c167735e1ef7a18ed3c79b006b2e3cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3393c2df505a0bf0a0d89f7fe62b35f19c167735e1ef7a18ed3c79b006b2e3cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._configure_gds` used but never assigned in __init__"}, "properties": {"repobilityId": 126134, "scanner": "repobility-ast-engine", "fingerprint": "3b13cd9387ea910c64bcb71468ca96b496e90a5afe8b0a9e343aed3c276f3f6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b13cd9387ea910c64bcb71468ca96b496e90a5afe8b0a9e343aed3c276f3f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/commands/nixlbench.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.barrier` used but never assigned in __init__"}, "properties": {"repobilityId": 126133, "scanner": "repobility-ast-engine", "fingerprint": "3f5c905b4caaf4239a1b3eacaa668d90f8375bf675e79d7caf0412ceace13f90", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f5c905b4caaf4239a1b3eacaa668d90f8375bf675e79d7caf0412ceace13f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.barrier` used but never assigned in __init__"}, "properties": {"repobilityId": 126132, "scanner": "repobility-ast-engine", "fingerprint": "7601943df6bc4cb2b68a76e4da0c6b08b59ab4b88c0e897ea7371aa52bde2ac7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7601943df6bc4cb2b68a76e4da0c6b08b59ab4b88c0e897ea7371aa52bde2ac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.barrier` used but never assigned in __init__"}, "properties": {"repobilityId": 126131, "scanner": "repobility-ast-engine", "fingerprint": "e4387c05e30adf663efc5abe7777df3c7bd3fac243a6fa6971e6ef9506ae69de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4387c05e30adf663efc5abe7777df3c7bd3fac243a6fa6971e6ef9506ae69de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.barrier` used but never assigned in __init__"}, "properties": {"repobilityId": 126130, "scanner": "repobility-ast-engine", "fingerprint": "1332cf5795b749c9ab678f10949cb0a1e712fa24b8af5ee75edc79f262b9b9c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1332cf5795b749c9ab678f10949cb0a1e712fa24b8af5ee75edc79f262b9b9c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_int_val` used but never assigned in __init__"}, "properties": {"repobilityId": 126129, "scanner": "repobility-ast-engine", "fingerprint": "7b5ecd88cd0c879a159aa212c2988acaa8ab45a748fbf877383060b42976cbad", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7b5ecd88cd0c879a159aa212c2988acaa8ab45a748fbf877383060b42976cbad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_group_id` used but never assigned in __init__"}, "properties": {"repobilityId": 126128, "scanner": "repobility-ast-engine", "fingerprint": "faa4d3728d17dd6bd5377d26657529fd300aaa23c4ee08fb86cc2acb4cdafda5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|faa4d3728d17dd6bd5377d26657529fd300aaa23c4ee08fb86cc2acb4cdafda5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_xfer_telemetry_cfg"}, "properties": {"repobilityId": 126125, "scanner": "repobility-ast-engine", "fingerprint": "d45f576128e9a0dcb6c1ac3be57b3f9247394eeba80e56a7b1d695c46219639f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d45f576128e9a0dcb6c1ac3be57b3f9247394eeba80e56a7b1d695c46219639f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_xfer_telemetry"}, "properties": {"repobilityId": 126124, "scanner": "repobility-ast-engine", "fingerprint": "86cce438c223a26201b8ac40ca558e90bf3d2293ccef0b21b90af553080de146", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86cce438c223a26201b8ac40ca558e90bf3d2293ccef0b21b90af553080de146"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_incorrect_plugin_env"}, "properties": {"repobilityId": 126123, "scanner": "repobility-ast-engine", "fingerprint": "5debe327eb43e37186504ce95ed0a12f6f147d2fb933e9da0c8c3dd545494b4c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5debe327eb43e37186504ce95ed0a12f6f147d2fb933e9da0c8c3dd545494b4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_notif_tag"}, "properties": {"repobilityId": 126122, "scanner": "repobility-ast-engine", "fingerprint": "aa0b8ced28ce30af0e2cb375c54b20109b65919881c2e4a1a3281d6133adce24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa0b8ced28ce30af0e2cb375c54b20109b65919881c2e4a1a3281d6133adce24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_backend_name_creation"}, "properties": {"repobilityId": 126121, "scanner": "repobility-ast-engine", "fingerprint": "b4424314dcdee98872545d7609659dd28469b294fd7fc1e07b99da47c15e53e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4424314dcdee98872545d7609659dd28469b294fd7fc1e07b99da47c15e53e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_make_invalid_op"}, "properties": {"repobilityId": 126120, "scanner": "repobility-ast-engine", "fingerprint": "465087bd66418e287e7df73cbb1d40f620946b22e46b815c2d405c605f5e97e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|465087bd66418e287e7df73cbb1d40f620946b22e46b815c2d405c605f5e97e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_nixl_conf_bad_sync_mode"}, "properties": {"repobilityId": 126119, "scanner": "repobility-ast-engine", "fingerprint": "412afebdaf4a753213c10f4649405da41b9f2d5cdc8457f02397d4c5c4e9e8f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|412afebdaf4a753213c10f4649405da41b9f2d5cdc8457f02397d4c5c4e9e8f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_agent_name"}, "properties": {"repobilityId": 126118, "scanner": "repobility-ast-engine", "fingerprint": "eceaaee7d8016d9139e6f6a1cce2e9c2cb38fa3db8553cf86205f176b894ff20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eceaaee7d8016d9139e6f6a1cce2e9c2cb38fa3db8553cf86205f176b894ff20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/python/test_nixl_api.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126303, "scanner": "gitleaks", "fingerprint": "350925533454b8fca8c6b030e9ef2be251d2db41faf7a16d033fe764230949fb", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|14|accountkey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/azure_blob/README.md"}, "region": {"startLine": 143}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126302, "scanner": "gitleaks", "fingerprint": "68b3fd05adee977cffa6625a02e10e63b6e1c43852672b1ff01776d0ba00e551", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|13|accountkey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/azure_blob/README.md"}, "region": {"startLine": 134}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126301, "scanner": "gitleaks", "fingerprint": "1b4a65c0332ad8778e9b994e234d03ec375b1e6d5a694a52abbb9d5d0e349206", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|12|accountkey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/plugins/azure_blob/README.md"}, "region": {"startLine": 127}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126300, "scanner": "gitleaks", "fingerprint": "ee30e16cbd692862b6a4cbcbca6511d2c45d2a1301335bcca4604602c0ce9bb6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|87|accountkey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/README.md"}, "region": {"startLine": 878}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126299, "scanner": "gitleaks", "fingerprint": "fe8b6b1c70e6d210e8a53ef3fe2e384cc04b5f6e8e5cb7262387a162c353ec3b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "AccountKey=REDACTED;", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|86|accountkey redacted", "duplicate_count": 1, "duplicate_rule_ids": ["generic-api-key"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["f5cb427930f6775112808df674346f6c4e50034e3c4f7fa7bb5cb45ba4338aa4", "fe8b6b1c70e6d210e8a53ef3fe2e384cc04b5f6e8e5cb7262387a162c353ec3b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/nixlbench/README.md"}, "region": {"startLine": 861}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 126298, "scanner": "gitleaks", "fingerprint": "af487bbbffb50bcb12b12584a954afb55b999ae7718f14921198836cb22368e0", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AZ_ACCOUNT_KEY=\"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|.gitlab/test_azure.sh|2|az_account_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".gitlab/test_azure.sh"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 126221, "scanner": "repobility-threat-engine", "fingerprint": "b690e4787f1f8d39c78a87e316ac75877ba8d910601834edc0d8690dc091cf45", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b690e4787f1f8d39c78a87e316ac75877ba8d910601834edc0d8690dc091cf45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 126220, "scanner": "repobility-threat-engine", "fingerprint": "24e09ec1ae8bf3e8202cab4951f2d21bb85e5b99436408c2bfd08965afd1826d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|24e09ec1ae8bf3e8202cab4951f2d21bb85e5b99436408c2bfd08965afd1826d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 126218, "scanner": "repobility-threat-engine", "fingerprint": "e338314c064ccd1c1e5d3b4a7877821b4a6fb293d8a758406a3ea38c8a3da1ad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e338314c064ccd1c1e5d3b4a7877821b4a6fb293d8a758406a3ea38c8a3da1ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmark/kvbench/runtime/etcd_rt.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED125", "level": "error", "message": {"text": "GHA script injection via github.event.pull_request.head.ref in run-step"}, "properties": {"repobilityId": 126197, "scanner": "repobility-supply-chain", "fingerprint": "e1cb335fe700a07603ab2b323be085803996658dbef1d8d070cf3a89e2ea9c29", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-script-injection", "owasp": "A03:2021", "cwe_ids": ["CWE-78", "CWE-94"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1cb335fe700a07603ab2b323be085803996658dbef1d8d070cf3a89e2ea9c29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_validation.yml"}, "region": {"startLine": 40}}}]}]}]}