{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 89 more): Same pattern found in 89 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 89 more): Same pattern found in 89 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 15 more): Same pattern found in 15 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `drasi-project/.github/.github/workflows/devskim.yaml` pinned to mutable ref `@main`", "shortDescription": {"text": "Action `drasi-project/.github/.github/workflows/devskim.yaml` pinned to mutable ref `@main`"}, "fullDescription": {"text": "`uses: drasi-project/.github/.github/workflows/devskim.yaml@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `redis:7-alpine` unpinned", "shortDescription": {"text": "Workflow container/services image `redis:7-alpine` unpinned"}, "fullDescription": {"text": "`container/services image: redis:7-alpine` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:22.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "stripe-access-token", "name": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data.", "shortDescription": {"text": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1317"}, "properties": {"repository": "drasi-project/drasi-core", "repoUrl": "https://github.com/drasi-project/drasi-core", "branch": "main"}, "results": [{"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 134484, "scanner": "repobility-docker", "fingerprint": "9ebccc0b45eba73b708cb912abd36957be66e58136f10d9d3289472919e2dd76", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "oracle", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|9ebccc0b45eba73b708cb912abd36957be66e58136f10d9d3289472919e2dd76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC007", "level": "warning", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 134480, "scanner": "repobility-docker", "fingerprint": "9e3f68c4e5d06175d2d26cec2f3998293049bea368fc86ac45f8bbd4a13c99c6", "category": "docker", "severity": "medium", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal, but this Compose file is under a test/example/local path and needs human confirmation before treating it as production exposure.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "oracle", "variable": "ORACLE_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "reference_or_local", "correlation_key": "fp|9e3f68c4e5d06175d2d26cec2f3998293049bea368fc86ac45f8bbd4a13c99c6", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC007", "level": "warning", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 134477, "scanner": "repobility-docker", "fingerprint": "1fdd40afa5a36fa4d3c06102189b1aaa67ec5152a89ed4e7610c9492f4eba9ce", "category": "docker", "severity": "medium", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal, but this Compose file is under a test/example/local path and needs human confirmation before treating it as production exposure.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "grafana", "variable": "GF_SECURITY_ADMIN_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "reference_or_local", "correlation_key": "fp|1fdd40afa5a36fa4d3c06102189b1aaa67ec5152a89ed4e7610c9492f4eba9ce", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/loki/docker-compose.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134473, "scanner": "repobility-docker", "fingerprint": "88b1fa2fcfab0909fcc40b45367eec157a330ee8efdce386aa2329c11215fd95", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|88b1fa2fcfab0909fcc40b45367eec157a330ee8efdce386aa2329c11215fd95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-windows-gnu"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134472, "scanner": "repobility-docker", "fingerprint": "ce7652980e632a289f9fdbdcce0ebcd4e9d86d530af017a72b1dccfdb9c1c69b", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ce7652980e632a289f9fdbdcce0ebcd4e9d86d530af017a72b1dccfdb9c1c69b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl-aarch64"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134471, "scanner": "repobility-docker", "fingerprint": "7148e66fecf34002289a4230824da3f8f0516663182714aa4a7a56887be2fd62", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7148e66fecf34002289a4230824da3f8f0516663182714aa4a7a56887be2fd62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134470, "scanner": "repobility-docker", "fingerprint": "b91842b25793c2082e0f6c2b7619d0e5924662cfcc0baeee16b5293ae8b38606", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b91842b25793c2082e0f6c2b7619d0e5924662cfcc0baeee16b5293ae8b38606"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu-aarch64"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 134469, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 134468, "scanner": "repobility-docker", "fingerprint": "64010d55e01ae4932d1f3c269900aaa111db4fa70b9430dcd3890f709c205285", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ubuntu:20.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|64010d55e01ae4932d1f3c269900aaa111db4fa70b9430dcd3890f709c205285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 134465, "scanner": "repobility-threat-engine", "fingerprint": "e44bc3e42ae4d3ee290bfc01753b8b657c5bfe9e1e0d5cc55af9f7d76924c43e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"John Doe\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e44bc3e42ae4d3ee290bfc01753b8b657c5bfe9e1e0d5cc55af9f7d76924c43e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shared-tests/src/use_cases/relabel/mod.rs"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 134464, "scanner": "repobility-threat-engine", "fingerprint": "539c4fb154af14b15084674365454905b882972c3d00725ecaf1db7ce9e852c3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url: \"https://example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|539c4fb154af14b15084674365454905b882972c3d00725ecaf1db7ce9e852c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/sources/hyperliquid/src/tests.rs"}, "region": {"startLine": 39}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 134431, "scanner": "repobility-agent-runtime", "fingerprint": "e65d2515b3f51d87397e553b807f48e474610b77636658a6ddefc432b24ab0e8", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|e65d2515b3f51d87397e553b807f48e474610b77636658a6ddefc432b24ab0e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/theme.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 134481, "scanner": "repobility-docker", "fingerprint": "0fc658d7335dc2341c78126d1c20451a3b034049b96126c92e40d452dd146b6c", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "oracle", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0fc658d7335dc2341c78126d1c20451a3b034049b96126c92e40d452dd146b6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 134479, "scanner": "repobility-docker", "fingerprint": "1b03ca833318378231a944a28d203d3e65aca91444f3bade37c9e2a9a0e89815", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "oracle", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1b03ca833318378231a944a28d203d3e65aca91444f3bade37c9e2a9a0e89815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 134478, "scanner": "repobility-docker", "fingerprint": "a43c3b2494d11005b4ea701cdad64739bed0f6413a4f7bbd24d1f377c78e9a54", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a43c3b2494d11005b4ea701cdad64739bed0f6413a4f7bbd24d1f377c78e9a54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/loki/docker-compose.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 134476, "scanner": "repobility-docker", "fingerprint": "6b5f5e56a7f5780f3980fe5059f5003c6639919e1406e017a7acfdba21e08724", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "grafana", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6b5f5e56a7f5780f3980fe5059f5003c6639919e1406e017a7acfdba21e08724"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/loki/docker-compose.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 134475, "scanner": "repobility-docker", "fingerprint": "e92f5fb568828eca854736254cf62caa8c314a623bf4fbf600df8e6b4becbd4a", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e92f5fb568828eca854736254cf62caa8c314a623bf4fbf600df8e6b4becbd4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/loki/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 134474, "scanner": "repobility-docker", "fingerprint": "5b39e884b1bf0bdcf294bbf105a77234373bf37e133a1db7208955db5780949b", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "loki", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5b39e884b1bf0bdcf294bbf105a77234373bf37e133a1db7208955db5780949b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/loki/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 134457, "scanner": "repobility-threat-engine", "fingerprint": "8a15a1f1c78514b11ca5819de08cf141c25464335f17ff1de69060b0e93c10c8", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|44|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/modal.js"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9510321511c275f7996ff8e8aaccb49e50b6a9f4b4adaa874cd08dbed35bdbfa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/reactions/application/src/descriptor.rs", "duplicate_line": 20, "correlation_key": "fp|9510321511c275f7996ff8e8aaccb49e50b6a9f4b4adaa874cd08dbed35bdbfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/src/descriptor.rs"}, "region": {"startLine": 143}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "204978450512552f2f52ef3df13c17021725ee8e265c3aac77039654426cf174", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/reactions/aws-sqs/src/reaction.rs", "duplicate_line": 280, "correlation_key": "fp|204978450512552f2f52ef3df13c17021725ee8e265c3aac77039654426cf174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/azure-storage/src/reaction.rs"}, "region": {"startLine": 277}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02dfaa4438f57dd7863a3b7bd55ff78c942c8561a7602d5a7da3d19dfc97cc8f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/reactions/application/src/lib.rs", "duplicate_line": 19, "correlation_key": "fp|02dfaa4438f57dd7863a3b7bd55ff78c942c8561a7602d5a7da3d19dfc97cc8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/aws-sqs/src/lib.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3d4ff5b7bfe4ef734be26d6b127ef31e019f837127e360a32d7461999c79c7c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/plugin_registry.rs", "duplicate_line": 341, "correlation_key": "fp|f3d4ff5b7bfe4ef734be26d6b127ef31e019f837127e360a32d7461999c79c7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/plugin-sdk/src/registration.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96787b8b484d62d8bcf8acdb576e7dfc7a57d140b6bc5e6849fc506419eb19b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/indexes/garnet/src/storage_models/stored_value.rs", "duplicate_line": 1, "correlation_key": "fp|96787b8b484d62d8bcf8acdb576e7dfc7a57d140b6bc5e6849fc506419eb19b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/indexes/rocksdb/src/storage_models/stored_value.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8171f4b4398b6f1fba04a21db4004d62a4235ba5a958a4e6745fc92575090ef2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/indexes/garnet/src/storage_models/stored_element.rs", "duplicate_line": 4, "correlation_key": "fp|8171f4b4398b6f1fba04a21db4004d62a4235ba5a958a4e6745fc92575090ef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/indexes/rocksdb/src/storage_models/stored_element.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d05189c07877578bfe9f597e7e87a515b7e136d0e606571a5e93810b665a663", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/indexes/garnet/src/storage_models/stored_accumulator.rs", "duplicate_line": 15, "correlation_key": "fp|6d05189c07877578bfe9f597e7e87a515b7e136d0e606571a5e93810b665a663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/indexes/rocksdb/src/storage_models/stored_accumulator.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80936f5581936db2fa95de9aa428f7856004661df707c3e9d9ee3e2e31f94f28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/indexes/garnet/src/result_index.rs", "duplicate_line": 3, "correlation_key": "fp|80936f5581936db2fa95de9aa428f7856004661df707c3e9d9ee3e2e31f94f28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/indexes/rocksdb/src/result_index.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bc8ca69056404d7b0ebe64b4177353906620e0b420d225dddaa4711085283f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/indexes/garnet/src/plugin.rs", "duplicate_line": 71, "correlation_key": "fp|0bc8ca69056404d7b0ebe64b4177353906620e0b420d225dddaa4711085283f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/indexes/rocksdb/src/plugin.rs"}, "region": {"startLine": 87}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "453b0ce6e7f7a3eb177b5feaf34910060cad9b4ce85515726bae3c1e33357563", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/reaction.rs", "duplicate_line": 391, "correlation_key": "fp|453b0ce6e7f7a3eb177b5feaf34910060cad9b4ce85515726bae3c1e33357563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/snapshot_fetcher_bridge.rs"}, "region": {"startLine": 106}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb3e6ef4f5b5f74cead743214ab84b0b0988ec319b6b6e335285f57cfdcfe695", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/bootstrap_provider.rs", "duplicate_line": 88, "correlation_key": "fp|eb3e6ef4f5b5f74cead743214ab84b0b0988ec319b6b6e335285f57cfdcfe695"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/source.rs"}, "region": {"startLine": 268}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68328b46aee1042e53e7ba567e47d7c7f80e1d339fb4a47f4b62259be2ffe932", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/reaction.rs", "duplicate_line": 90, "correlation_key": "fp|68328b46aee1042e53e7ba567e47d7c7f80e1d339fb4a47f4b62259be2ffe932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/source.rs"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8a0bdc64e223e838d113e29c3503f93d880091f88ec139490ea19e3c3bed3b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/bootstrap_provider.rs", "duplicate_line": 198, "correlation_key": "fp|f8a0bdc64e223e838d113e29c3503f93d880091f88ec139490ea19e3c3bed3b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/secret_store.rs"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8eba6e0860017f7fbcf88257c9f82cbac4df835d54e137b9909aff6aa175a2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/identity_provider.rs", "duplicate_line": 74, "correlation_key": "fp|f8eba6e0860017f7fbcf88257c9f82cbac4df835d54e137b9909aff6aa175a2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/secret_store.rs"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db998fede514308e8a022951be3c78c89baddca6729875953ae3fe4f1fb42467", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/bootstrap_provider.rs", "duplicate_line": 176, "correlation_key": "fp|db998fede514308e8a022951be3c78c89baddca6729875953ae3fe4f1fb42467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/reaction.rs"}, "region": {"startLine": 651}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4665cc6b21a54d4024b136f4ebb6cfeec2c908d896bbdf50dbae24d776253b45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/host-sdk/src/proxies/bootstrap_provider.rs", "duplicate_line": 198, "correlation_key": "fp|4665cc6b21a54d4024b136f4ebb6cfeec2c908d896bbdf50dbae24d776253b45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/identity_provider.rs"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f03f1241df2f24c3d82d86bb627535c43cdf14f8d32321e0414b945e9703bcf6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|f03f1241df2f24c3d82d86bb627535c43cdf14f8d32321e0414b945e9703bcf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/sui-deepbook/src/descriptor.rs"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5251a7e42ba6e9532ade096a0ed19ebbc0aa264df0fcf971eb3283aa841fcf13", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|5251a7e42ba6e9532ade096a0ed19ebbc0aa264df0fcf971eb3283aa841fcf13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/sqlite/src/descriptor.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce0c0d220e6b57e18d230dd5e8b462a6c8286e41e6693b85fd9528075dd3e268", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|ce0c0d220e6b57e18d230dd5e8b462a6c8286e41e6693b85fd9528075dd3e268"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/scriptfile/src/descriptor.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "effd5aaad49d1c9ec804e2db2f73a33df9af56ea16bc19d8df60e99115b44b77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/mysql/src/lib.rs", "duplicate_line": 57, "correlation_key": "fp|effd5aaad49d1c9ec804e2db2f73a33df9af56ea16bc19d8df60e99115b44b77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/postgres/src/postgres.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d373eda65252c029913ca4ab2dee856efbf50f8db5a339d69868227346eff0dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|d373eda65252c029913ca4ab2dee856efbf50f8db5a339d69868227346eff0dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/postgres/src/descriptor.rs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ffb163fce477b35bff2b5d946bb7ef59f3593aab5ec35619e0699eb933653b82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|ffb163fce477b35bff2b5d946bb7ef59f3593aab5ec35619e0699eb933653b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/platform/src/descriptor.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134365, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82ee425ca078dc5275dc1576783085201bd918c3caeb7b4ba0422ce6b4db0236", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/mssql/src/mssql.rs", "duplicate_line": 71, "correlation_key": "fp|82ee425ca078dc5275dc1576783085201bd918c3caeb7b4ba0422ce6b4db0236"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/oracle/src/oracle.rs"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134364, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2fe61b3711872c00745c641288551090ba0b4c7ae04d3e159d7a6a2786afb0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|c2fe61b3711872c00745c641288551090ba0b4c7ae04d3e159d7a6a2786afb0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/open511/src/descriptor.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b9a8c6d65d4c74b95df316d61b05b070c3ec12035a60ed6c59df9ac06e2834e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/application/src/descriptor.rs", "duplicate_line": 20, "correlation_key": "fp|b9a8c6d65d4c74b95df316d61b05b070c3ec12035a60ed6c59df9ac06e2834e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/noop/src/descriptor.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f91eaf8723d255d52c328a494ea79eee96a70a2d87c1f234d6fc33c113048b3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|3f91eaf8723d255d52c328a494ea79eee96a70a2d87c1f234d6fc33c113048b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/mysql/src/descriptor.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3aee0a282be2152c13d1a3945ea60671609e1ef7ae8fb731751653f6dac4c344", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|3aee0a282be2152c13d1a3945ea60671609e1ef7ae8fb731751653f6dac4c344"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/mssql/src/descriptor.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72028416281a6ad176e9cdbd5247b6790b73b857e42431165ec2484c9839adc3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|72028416281a6ad176e9cdbd5247b6790b73b857e42431165ec2484c9839adc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/http/src/descriptor.rs"}, "region": {"startLine": 377}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a91e9fe39ae824fb8d53c8d67d1eaea78e539469c22cec4c8ee0a2561b8c748", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|9a91e9fe39ae824fb8d53c8d67d1eaea78e539469c22cec4c8ee0a2561b8c748"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/here-traffic/src/descriptor.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0cbc4a4d7eae79538886d6416316c220a652b7245f6158d81a5f57ab45c343b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "components/bootstrappers/dataverse/src/descriptor.rs", "duplicate_line": 37, "correlation_key": "fp|b0cbc4a4d7eae79538886d6416316c220a652b7245f6158d81a5f57ab45c343b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/gtfs-rt/src/descriptor.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 134467, "scanner": "repobility-threat-engine", "fingerprint": "17c185c2f9464025c2cbd5a0c603b20c9659bab490562861bb4abb3856e40c78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17c185c2f9464025c2cbd5a0c603b20c9659bab490562861bb4abb3856e40c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shared-tests/src/use_cases/relabel/mod.rs"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 134461, "scanner": "repobility-threat-engine", "fingerprint": "aa525a4d8241c63513eefb05cd85a0199b27c82707287adb4f8235fc14d7fba5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aa525a4d8241c63513eefb05cd85a0199b27c82707287adb4f8235fc14d7fba5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/websocket.js"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 134460, "scanner": "repobility-threat-engine", "fingerprint": "7cadba98b10cf621a91abaa044f8f615c7a4a27f8df5aafb4ed0320e6ca474b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7cadba98b10cf621a91abaa044f8f615c7a4a27f8df5aafb4ed0320e6ca474b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/app.js"}, "region": {"startLine": 280}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 134455, "scanner": "repobility-threat-engine", "fingerprint": "f4795bed0bf1f6a15a5f7002813392ca9507506d72622c4cb03b22d8e8022084", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f4795bed0bf1f6a15a5f7002813392ca9507506d72622c4cb03b22d8e8022084", "aggregated_count": 10}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 134454, "scanner": "repobility-threat-engine", "fingerprint": "005dd7f3cfd275fd8a71d00735d5e48c3dc8acc1c6c8d6c60422b895ff92838f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|005dd7f3cfd275fd8a71d00735d5e48c3dc8acc1c6c8d6c60422b895ff92838f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/identity_bridge.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 134453, "scanner": "repobility-threat-engine", "fingerprint": "7a6a4f911946cf00e21ea04949c0d510ac194ef11c94ed94344a0bc7e53d9be3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a6a4f911946cf00e21ea04949c0d510ac194ef11c94ed94344a0bc7e53d9be3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/fetcher.rs"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 134452, "scanner": "repobility-threat-engine", "fingerprint": "745c3b26a017ff75608541b4be5b2e355788e0238ef557c8ee06099023b00164", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|745c3b26a017ff75608541b4be5b2e355788e0238ef557c8ee06099023b00164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/ffi-primitives/src/macros.rs"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 134451, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134450, "scanner": "repobility-threat-engine", "fingerprint": "2ac8c928c5a5e3671b369bb03eeb2d92d58df8b991df501f8675cd2d8fd4021e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ac8c928c5a5e3671b369bb03eeb2d92d58df8b991df501f8675cd2d8fd4021e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/grpc/src/connection.rs"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134449, "scanner": "repobility-threat-engine", "fingerprint": "8242551d79661a4c7f475021d1bdea0bdbf9b8753a07d88b6473d77c98982da5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8242551d79661a4c7f475021d1bdea0bdbf9b8753a07d88b6473d77c98982da5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/fetcher.rs"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134448, "scanner": "repobility-threat-engine", "fingerprint": "f1bc26fc0aeb0776f185d4cf7d844481d240baba434646b8662c354cb109bb2d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1bc26fc0aeb0776f185d4cf7d844481d240baba434646b8662c354cb109bb2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/platform/src/lib.rs"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 134447, "scanner": "repobility-threat-engine", "fingerprint": "2b7af641333437aa657e5de62638d8fda2f9d10f4627e5657f6d3e455b2fddab", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2b7af641333437aa657e5de62638d8fda2f9d10f4627e5657f6d3e455b2fddab", "aggregated_count": 15}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 134446, "scanner": "repobility-threat-engine", "fingerprint": "bbe4c4c7368d8ec9fd339675ebf6d081902d542f4d7614ae2a849fc5e8d12681", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bbe4c4c7368d8ec9fd339675ebf6d081902d542f4d7614ae2a849fc5e8d12681"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/host-sdk/src/proxies/identity_resolution.rs"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 134445, "scanner": "repobility-threat-engine", "fingerprint": "ef6d6c99efb03e70cec20736ae9c0269d7cd9ceea7672ad8f8f892666eca33cc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef6d6c99efb03e70cec20736ae9c0269d7cd9ceea7672ad8f8f892666eca33cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/scriptfile/src/script_types.rs"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 134444, "scanner": "repobility-threat-engine", "fingerprint": "9e060cf7a50b3ecdccd8a1b15f6f23fd9d4336693de5e3ff1392cc23366654fb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e060cf7a50b3ecdccd8a1b15f6f23fd9d4336693de5e3ff1392cc23366654fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/http/src/response.rs"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 89 more): Same pattern found in 89 additional files. Review if needed."}, "properties": {"repobilityId": 134443, "scanner": "repobility-threat-engine", "fingerprint": "f3118fd0413bfaad061be0923b429f737793d55f8dd81cc768bbc6050b145ce1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 89 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f3118fd0413bfaad061be0923b429f737793d55f8dd81cc768bbc6050b145ce1", "aggregated_count": 89}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 134439, "scanner": "repobility-threat-engine", "fingerprint": "55dd9a4fe1ed00e875ab40ad2e079768353c2831badd419600f381c596cc9071", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|55dd9a4fe1ed00e875ab40ad2e079768353c2831badd419600f381c596cc9071"}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 82 more): Same pattern found in 82 additional files. Review if needed."}, "properties": {"repobilityId": 134435, "scanner": "repobility-threat-engine", "fingerprint": "12f5a31ad93a42db9d7aaea63b6c23966fcf33fc3a2c8dfc473fe20095275639", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 82 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|12f5a31ad93a42db9d7aaea63b6c23966fcf33fc3a2c8dfc473fe20095275639", "aggregated_count": 82}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 134434, "scanner": "repobility-threat-engine", "fingerprint": "4372aaa57e6cb22ff68853932bbb0d4ccbaee971cad5cc7cdb88db68475d7c7f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4372aaa57e6cb22ff68853932bbb0d4ccbaee971cad5cc7cdb88db68475d7c7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/gtfs-rt/src/descriptor.rs"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 134433, "scanner": "repobility-threat-engine", "fingerprint": "615dbe2036f2879cb8d038e2c4d517d158992240ebe65f7aa90d163549084904", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|615dbe2036f2879cb8d038e2c4d517d158992240ebe65f7aa90d163549084904"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/dataverse/src/descriptor.rs"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 134432, "scanner": "repobility-threat-engine", "fingerprint": "088bd59331a51e0c38e6f1fdb7fc994ffc1f9c31939aa01d29a73835e46fdf4d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|088bd59331a51e0c38e6f1fdb7fc994ffc1f9c31939aa01d29a73835e46fdf4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/application/src/descriptor.rs"}, "region": {"startLine": 58}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 134483, "scanner": "repobility-docker", "fingerprint": "197a731fa2a43aa1d1f22f9c462f3f5435a83c7997ee276590758c30da9c5e86", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "oracle", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|197a731fa2a43aa1d1f22f9c462f3f5435a83c7997ee276590758c30da9c5e86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 134482, "scanner": "repobility-docker", "fingerprint": "c7273b8f4a8b12cd20fc0c39dfc728bbe7d8dd62a31badc0058f8e9f9066ee35", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "1522:1521", "target": "1521", "host_ip": "", "published": "1522"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "oracle", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|c7273b8f4a8b12cd20fc0c39dfc728bbe7d8dd62a31badc0058f8e9f9066ee35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/lib/oracle-getting-started/docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 134466, "scanner": "repobility-threat-engine", "fingerprint": "c99a4a627c83be02d7f45f801d37d476b58f37f8971c1d6a03586e12e9d350ee", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c99a4a627c83be02d7f45f801d37d476b58f37f8971c1d6a03586e12e9d350ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/src/evaluation/variable_value/ser.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134463, "scanner": "repobility-threat-engine", "fingerprint": "aefda91b076b4d31ddf19a43a7d98e4a4968493b29d8d729eae7aedaefbd0650", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "mac.update(data);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aefda91b076b4d31ddf19a43a7d98e4a4968493b29d8d729eae7aedaefbd0650"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/sources/postgres/src/scram.rs"}, "region": {"startLine": 198}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134462, "scanner": "repobility-threat-engine", "fingerprint": "2799d4a366e5a57982d8073473beab9a63d038a2c687422641608c5453850a79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.send({\n      type: \"unsubscribe\",\n      query_ids: queryIds,\n    });", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2799d4a366e5a57982d8073473beab9a63d038a2c687422641608c5453850a79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/websocket.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 134459, "scanner": "repobility-threat-engine", "fingerprint": "58f4823e5f12ec6a4dcfc5885ac626951d0231a73b875952c7fbe596fab6a7a5", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `\n    <span class=\"toast-icon\">${icons[type] || icons.info}</span>\n    <span class=\"toa", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|58f4823e5f12ec6a4dcfc5885ac626951d0231a73b875952c7fbe596fab6a7a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/modal.js"}, "region": {"startLine": 230}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 134458, "scanner": "repobility-threat-engine", "fingerprint": "55fdfa9d5debe786bab19eaa87b352abcca61ea1361c4154c2d0d236b7c8a99b", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `\n      <h3>${dashboard.name}</h3>\n      <div class=\"meta\">\n        <span>${new Date(da", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|55fdfa9d5debe786bab19eaa87b352abcca61ea1361c4154c2d0d236b7c8a99b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/app.js"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 134456, "scanner": "repobility-threat-engine", "fingerprint": "1d76d7025fa067fbd3e493151de35f39862175325915b11aea8f7c7c27afc13a", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = q", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|81|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/dashboard/static/js/app.js"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 134442, "scanner": "repobility-threat-engine", "fingerprint": "c59415363bc7878d5b6eba04fddbe3bbcb4e3d458ee1a76d3a4d5102b3c10ba1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c59415363bc7878d5b6eba04fddbe3bbcb4e3d458ee1a76d3a4d5102b3c10ba1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/http/src/response.rs"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 134441, "scanner": "repobility-threat-engine", "fingerprint": "d722ac1e234f8a940b1ccdc65f24fbca649a12c5b3d79ae4468c59957b552207", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d722ac1e234f8a940b1ccdc65f24fbca649a12c5b3d79ae4468c59957b552207"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/http/src/content_parser.rs"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 134440, "scanner": "repobility-threat-engine", "fingerprint": "34b748c4374c4b679915591704cdacfe42a9df1cc54a53e44375967820d11e15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|34b748c4374c4b679915591704cdacfe42a9df1cc54a53e44375967820d11e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/here-traffic/src/provider.rs"}, "region": {"startLine": 308}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134438, "scanner": "repobility-threat-engine", "fingerprint": "c5ac01dd57466527342ede4b7becc1bf3c967808bab7f8ed775dd5432a6f17f6", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c5ac01dd57466527342ede4b7becc1bf3c967808bab7f8ed775dd5432a6f17f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/here-traffic/src/provider.rs"}, "region": {"startLine": 208}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134437, "scanner": "repobility-threat-engine", "fingerprint": "29ef87d5d7609705857af2b96a89d6c98d5bbafc26f21b330e9f0d26aede9107", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|29ef87d5d7609705857af2b96a89d6c98d5bbafc26f21b330e9f0d26aede9107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/gtfs-rt/src/lib.rs"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134436, "scanner": "repobility-threat-engine", "fingerprint": "bbd2e36d4eee87a7bb70abf4c22cefa722b9b8188b41dc762ee3248b5f80b344", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bbd2e36d4eee87a7bb70abf4c22cefa722b9b8188b41dc762ee3248b5f80b344"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/bootstrappers/cloudflare-radar/src/descriptor.rs"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `drasi-project/.github/.github/workflows/devskim.yaml` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 134430, "scanner": "repobility-supply-chain", "fingerprint": "22d1a75f4ba5f2a9365866d8db3a4ab1ae70c56b445b5fdddc7bf92ea90c37c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22d1a75f4ba5f2a9365866d8db3a4ab1ae70c56b445b5fdddc7bf92ea90c37c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/devskim.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134429, "scanner": "repobility-supply-chain", "fingerprint": "a85ea8345640f12010de2286e8cb0ceb504d81da2712cbeabc4b6630152bf55c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a85ea8345640f12010de2286e8cb0ceb504d81da2712cbeabc4b6630152bf55c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-first-approval-label-run.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134428, "scanner": "repobility-supply-chain", "fingerprint": "74dcda1aa8b792ec171494973a863dda250e05c5115eff6eb8582c5f3dd96f09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|74dcda1aa8b792ec171494973a863dda250e05c5115eff6eb8582c5f3dd96f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-first-approval-label-run.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `sigstore/cosign-installer` pinned to mutable ref `@v3`"}, "properties": {"repobilityId": 134427, "scanner": "repobility-supply-chain", "fingerprint": "257b7b01dc25e077d41120ceae694a8f3be1e34f7a0e35a4e064f6ed4e8e6436", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|257b7b01dc25e077d41120ceae694a8f3be1e34f7a0e35a4e064f6ed4e8e6436"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-plugins.yml"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134426, "scanner": "repobility-supply-chain", "fingerprint": "b3a7c71769f9453a79d7187cd59347edc0d0305ea0af3b60a96278b0700acaf6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b3a7c71769f9453a79d7187cd59347edc0d0305ea0af3b60a96278b0700acaf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-first-approval-label.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `drasi-project/.github/.github/workflows/rust-lint.yaml` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 134403, "scanner": "repobility-supply-chain", "fingerprint": "57ae226bd7cd829701b839703a4aadf84d866dab8dadbe246b58a1b00946cf1d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|57ae226bd7cd829701b839703a4aadf84d866dab8dadbe246b58a1b00946cf1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-lint.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 134402, "scanner": "repobility-supply-chain", "fingerprint": "9aa5b46927d48d2e9f485ef5b54079f3c2d0680fdfd9e8859f22d30b9eab0735", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9aa5b46927d48d2e9f485ef5b54079f3c2d0680fdfd9e8859f22d30b9eab0735"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/pr-assignment-check.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `redis:7-alpine` unpinned"}, "properties": {"repobilityId": 134401, "scanner": "repobility-supply-chain", "fingerprint": "c32c02b1eea56cdc837bd6444113ff7b6e7eb153f04016028cefd1f8fe7e8cb7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c32c02b1eea56cdc837bd6444113ff7b6e7eb153f04016028cefd1f8fe7e8cb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverage.yaml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `redis:7-alpine` unpinned"}, "properties": {"repobilityId": 134400, "scanner": "repobility-supply-chain", "fingerprint": "6be6f7b057cbf1db767886c452ad49ac63c09aa570c1e65af79a47ea4fd54365", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6be6f7b057cbf1db767886c452ad49ac63c09aa570c1e65af79a47ea4fd54365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/coverage.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `drasi-project/.github/.github/workflows/rust-unit-test.yaml` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 134399, "scanner": "repobility-supply-chain", "fingerprint": "e0766008bdde836ec40a4cd13ae3b1b2362ec2140e25f856726e4ceb57f89775", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e0766008bdde836ec40a4cd13ae3b1b2362ec2140e25f856726e4ceb57f89775"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `drasi-project/.github/.github/workflows/cargo-audit.yaml` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 134398, "scanner": "repobility-supply-chain", "fingerprint": "28a959ee8276cffac4c563e97919d39e6050eedd6acaaf4d61e2a9f7a059fbd3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28a959ee8276cffac4c563e97919d39e6050eedd6acaaf4d61e2a9f7a059fbd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-audit.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "properties": {"repobilityId": 134397, "scanner": "repobility-supply-chain", "fingerprint": "e717e1ee4618f6d493b8625893ea35290b35b51fc9027c4330235229e80d2659", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e717e1ee4618f6d493b8625893ea35290b35b51fc9027c4330235229e80d2659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-windows-gnu"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/cross-rs/x86_64-pc-windows-gnu:0.2.5` not pinned by digest"}, "properties": {"repobilityId": 134396, "scanner": "repobility-supply-chain", "fingerprint": "8207fcc22241f80eb736d7ce02459ecd4d7c6f412940979e9fbd6204f0847a3d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8207fcc22241f80eb736d7ce02459ecd4d7c6f412940979e9fbd6204f0847a3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-windows-gnu"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "properties": {"repobilityId": 134395, "scanner": "repobility-supply-chain", "fingerprint": "35559fe419c7aa01562e629e70878c0284be6a0d3f68b36220aa768e59524b82", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35559fe419c7aa01562e629e70878c0284be6a0d3f68b36220aa768e59524b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/cross-rs/x86_64-unknown-linux-musl:0.2.5` not pinned by digest"}, "properties": {"repobilityId": 134394, "scanner": "repobility-supply-chain", "fingerprint": "b39cf7de02f6c2cfba0712dcfcace2a72611a04b600ea681002ce8de35aea948", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b39cf7de02f6c2cfba0712dcfcace2a72611a04b600ea681002ce8de35aea948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "properties": {"repobilityId": 134393, "scanner": "repobility-supply-chain", "fingerprint": "92192f70527bb18e80f452aec64b2a60acbb84738f4a6970688737b30348169c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92192f70527bb18e80f452aec64b2a60acbb84738f4a6970688737b30348169c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl-aarch64"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/cross-rs/aarch64-unknown-linux-musl:0.2.5` not pinned by digest"}, "properties": {"repobilityId": 134392, "scanner": "repobility-supply-chain", "fingerprint": "69300848b4a1b0c2b798875b3d60a1c021cc06e9cb7214169074e2fc12d04d24", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69300848b4a1b0c2b798875b3d60a1c021cc06e9cb7214169074e2fc12d04d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-musl-aarch64"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "properties": {"repobilityId": 134391, "scanner": "repobility-supply-chain", "fingerprint": "3e5e20681efdaa4db5b71a81c299216bf2d34801146cf114986e9248c0102691", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e5e20681efdaa4db5b71a81c299216bf2d34801146cf114986e9248c0102691"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu-aarch64"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/cross-rs/aarch64-unknown-linux-gnu:0.2.5` not pinned by digest"}, "properties": {"repobilityId": 134390, "scanner": "repobility-supply-chain", "fingerprint": "f6cbee9ca673f758627afb48176a140cfb8cd96b6f8b6ae78529e04b23437afa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6cbee9ca673f758627afb48176a140cfb8cd96b6f8b6ae78529e04b23437afa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu-aarch64"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:20.04` not pinned by digest"}, "properties": {"repobilityId": 134389, "scanner": "repobility-supply-chain", "fingerprint": "e875dac15edfbe0962fc8db21535c8174e11e7ecc04a684f83bc871395d4bb5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e875dac15edfbe0962fc8db21535c8174e11e7ecc04a684f83bc871395d4bb5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ghcr.io/cross-rs/x86_64-unknown-linux-gnu:0.2.5` not pinned by digest"}, "properties": {"repobilityId": 134388, "scanner": "repobility-supply-chain", "fingerprint": "e82c23c4dc6978f6b58c8e766843ac887ca352262054760daf1bea2be7f75c7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e82c23c4dc6978f6b58c8e766843ac887ca352262054760daf1bea2be7f75c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.cross-gnu"}, "region": {"startLine": 1}}}]}, {"ruleId": "stripe-access-token", "level": "error", "message": {"text": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."}, "properties": {"repobilityId": 134485, "scanner": "gitleaks", "fingerprint": "e58d11041bdd94a98f9070dcf7502f2a9c0f6661c59a98b194ed332efb7b44ad", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "REDACTED\"", "rule_id": "stripe-access-token", "scanner": "gitleaks", "detector": "stripe-access-token", "correlation_key": "secret|token|23|redacted", "duplicate_count": 1, "duplicate_rule_ids": ["private-key", "stripe-access-token"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["a6edecd0c71e7d4f66a2d5eb0c6245fbdfbe9a6e4e0b05e1f17b06e57e166ffa", "e58d11041bdd94a98f9070dcf7502f2a9c0f6661c59a98b194ed332efb7b44ad"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "components/reactions/http/README.md"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134425, "scanner": "repobility-supply-chain", "fingerprint": "ab5e2fe5ddbc94ff275b70eb0275017478d1022a69cc9766b1d707c7a80fcdfa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab5e2fe5ddbc94ff275b70eb0275017478d1022a69cc9766b1d707c7a80fcdfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1471}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_CI_TRIGGER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134424, "scanner": "repobility-supply-chain", "fingerprint": "8d67c3ccaa161c4effb81ba507aa0f636f80cf514d2d97de1964fd243d800e5e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d67c3ccaa161c4effb81ba507aa0f636f80cf514d2d97de1964fd243d800e5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1469}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134423, "scanner": "repobility-supply-chain", "fingerprint": "2d5f784ecd867fa84008545d1f5622ba912743d5cde12e255c5a66c949c5c4ab", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d5f784ecd867fa84008545d1f5622ba912743d5cde12e255c5a66c949c5c4ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1442}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134422, "scanner": "repobility-supply-chain", "fingerprint": "970f4fc3609f466d8e54b8edfe105e1804f32ee7b18f5835ce11af8fa85e9c8c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|970f4fc3609f466d8e54b8edfe105e1804f32ee7b18f5835ce11af8fa85e9c8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1434}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134421, "scanner": "repobility-supply-chain", "fingerprint": "e64e9ca18b0926384d8c969a8005c7a02cf9e7c3f3ae2821f96ec7e8bd7749ed", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e64e9ca18b0926384d8c969a8005c7a02cf9e7c3f3ae2821f96ec7e8bd7749ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1268}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134420, "scanner": "repobility-supply-chain", "fingerprint": "e449274f8c7a62b3a5c8ad94c399c29fa3b0887403655cce253737d21793b9be", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e449274f8c7a62b3a5c8ad94c399c29fa3b0887403655cce253737d21793b9be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1128}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134419, "scanner": "repobility-supply-chain", "fingerprint": "b0c8378e47f5a8b348d09daf7dfea7837ddb49c35de406b44123fb6e8e0ee7bf", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0c8378e47f5a8b348d09daf7dfea7837ddb49c35de406b44123fb6e8e0ee7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1109}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134418, "scanner": "repobility-supply-chain", "fingerprint": "d9e01fa96f9ce2fb9eeb9fd3c15aa64fff25c0d3850668e5fa399e5e30f9571b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9e01fa96f9ce2fb9eeb9fd3c15aa64fff25c0d3850668e5fa399e5e30f9571b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1074}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134417, "scanner": "repobility-supply-chain", "fingerprint": "f250dac4f3be8bbf86f8a44cb9cd7f2816934086fc8bf47a4ed663734bef4302", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f250dac4f3be8bbf86f8a44cb9cd7f2816934086fc8bf47a4ed663734bef4302"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1060}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134416, "scanner": "repobility-supply-chain", "fingerprint": "ba44f8825e36a6cfeaa22d0a83b2ca18285ac1417a4eb6dd4363bc1398cd7e8b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ba44f8825e36a6cfeaa22d0a83b2ca18285ac1417a4eb6dd4363bc1398cd7e8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1046}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134415, "scanner": "repobility-supply-chain", "fingerprint": "14213317262d3db2b5dbdceb8d50c80664850a20501299a2aaf42ebcaef40e20", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14213317262d3db2b5dbdceb8d50c80664850a20501299a2aaf42ebcaef40e20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 1030}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134414, "scanner": "repobility-supply-chain", "fingerprint": "e204a329a4939465f9590511534e595e42ab56e334ecd99778ba03642f1c9573", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e204a329a4939465f9590511534e595e42ab56e334ecd99778ba03642f1c9573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 855}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134413, "scanner": "repobility-supply-chain", "fingerprint": "71d0681a5b79686d09fa39eed87ab81a485cd96068c4d8b5c2df9a2576d8d961", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|71d0681a5b79686d09fa39eed87ab81a485cd96068c4d8b5c2df9a2576d8d961"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 854}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134412, "scanner": "repobility-supply-chain", "fingerprint": "098ef1e41d5adb37e6db9938a34500a115f6bbab902ed7f1da38d55e11f711e9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|098ef1e41d5adb37e6db9938a34500a115f6bbab902ed7f1da38d55e11f711e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 853}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134411, "scanner": "repobility-supply-chain", "fingerprint": "085a3ab4008ed94d5fd2acc25c33b8a8ed8fa31373ffc4d428ff4c080ef709fa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|085a3ab4008ed94d5fd2acc25c33b8a8ed8fa31373ffc4d428ff4c080ef709fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 801}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134410, "scanner": "repobility-supply-chain", "fingerprint": "054a8d48f347f1280e3f7181914ba282744fb7a67f296933da71137285bd482d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|054a8d48f347f1280e3f7181914ba282744fb7a67f296933da71137285bd482d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 790}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134409, "scanner": "repobility-supply-chain", "fingerprint": "0de6ced97098a4606041550d46a7720a4fd151088696b2cb9ee971b7894cb85a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0de6ced97098a4606041550d46a7720a4fd151088696b2cb9ee971b7894cb85a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 685}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134408, "scanner": "repobility-supply-chain", "fingerprint": "7ce3e304dc5558c3d39e7ef6f5ef3e287b5f42bd4bbf907f294fea9347fa6fdd", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ce3e304dc5558c3d39e7ef6f5ef3e287b5f42bd4bbf907f294fea9347fa6fdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 477}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134407, "scanner": "repobility-supply-chain", "fingerprint": "5744af00d673f052c8cd143b612818384fffb87fc961777b2b0188969f381e5d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5744af00d673f052c8cd143b612818384fffb87fc961777b2b0188969f381e5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134406, "scanner": "repobility-supply-chain", "fingerprint": "3858c35c6d7e74964e1440e71e8c7f0b41c1f47ee1638aa300de094314721e02", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3858c35c6d7e74964e1440e71e8c7f0b41c1f47ee1638aa300de094314721e02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 460}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134405, "scanner": "repobility-supply-chain", "fingerprint": "e0916cde2ded0e34c5f3b4cea408aa9af2559d28a598810ca61ea4c1949f8e1d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e0916cde2ded0e34c5f3b4cea408aa9af2559d28a598810ca61ea4c1949f8e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 458}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 134404, "scanner": "repobility-supply-chain", "fingerprint": "521bbaae5417eec976b48eb1760dee169de9af62a0fbf354aa6a22a112ef8dba", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|521bbaae5417eec976b48eb1760dee169de9af62a0fbf354aa6a22a112ef8dba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/implement-source.lock.yml"}, "region": {"startLine": 152}}}]}]}]}