{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DEPCUR-GHA", "name": "GitHub Action `julia-actions/setup-julia@v2` is 1 major version(s) behind (latest v3.0.2)", "shortDescription": {"text": "GitHub Action `julia-actions/setup-julia@v2` is 1 major version(s) behind (latest v3.0.2)"}, "fullDescription": {"text": "`uses: julia-actions/setup-julia@v2` is 1 major version(s) behind the latest published release v3.0.2. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 70 more): Same pattern found in 70 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 70 more): Same pattern found in 70 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 49 more): Same pattern found in 49 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED041", "name": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs.", "shortDescription": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`", "shortDescription": {"text": "Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`"}, "fullDescription": {"text": "`uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1224"}, "properties": {"repository": "Taaitaaiger/jlrs", "repoUrl": "https://github.com/Taaitaaiger/jlrs", "branch": "master"}, "results": [{"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `julia-actions/setup-julia@v2` is 1 major version(s) behind (latest v3.0.2)"}, "properties": {"repobilityId": 123462, "scanner": "repobility-dependency-currency", "fingerprint": "e363b4ed2f96431e3282deb1e3c2c27641d68d6c7611105fd8b3581b63bc5861", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "julia-actions/setup-julia", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.2", "correlation_key": "fp|e363b4ed2f96431e3282deb1e3c2c27641d68d6c7611105fd8b3581b63bc5861", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ffi.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `julia-actions/setup-julia@v2` is 1 major version(s) behind (latest v3.0.2)"}, "properties": {"repobilityId": 123459, "scanner": "repobility-dependency-currency", "fingerprint": "d6d8772db23d63fb20f276e78d5d4e0e715d8b671c22f56244fb206e4730b971", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "julia-actions/setup-julia", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.2", "correlation_key": "fp|d6d8772db23d63fb20f276e78d5d4e0e715d8b671c22f56244fb206e4730b971", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/beta.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 123458, "scanner": "repobility-dependency-currency", "fingerprint": "e9e62ef61a2ba6bd515290df9946535c154e42461374b0e5f16c16f706a73a4d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|e9e62ef61a2ba6bd515290df9946535c154e42461374b0e5f16c16f706a73a4d", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/beta.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `julia-actions/setup-julia@v2` is 1 major version(s) behind (latest v3.0.2)"}, "properties": {"repobilityId": 123456, "scanner": "repobility-dependency-currency", "fingerprint": "18efb1280c1cc7105ed4b1947d27896bde73b65f227c76faa15e9765154e85ba", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "julia-actions/setup-julia", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.0.2", "correlation_key": "fp|18efb1280c1cc7105ed4b1947d27896bde73b65f227c76faa15e9765154e85ba", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `ilammy/msvc-dev-cmd@v1` is minor version(s) behind (latest v1.13.0)"}, "properties": {"repobilityId": 123460, "scanner": "repobility-dependency-currency", "fingerprint": "8626da02ab428d120e9d7c7ff381b5c381249f88b3a7496d528f540e268b18fd", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "ilammy/msvc-dev-cmd", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v1.13.0", "correlation_key": "fp|8626da02ab428d120e9d7c7ff381b5c381249f88b3a7496d528f540e268b18fd", "current_version": "v1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/beta.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `ilammy/msvc-dev-cmd@v1` is minor version(s) behind (latest v1.13.0)"}, "properties": {"repobilityId": 123457, "scanner": "repobility-dependency-currency", "fingerprint": "d1b9661e1a3a37fc091729451785b22a6b38791d6b3aa744fc7cad3b41acc3ec", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "ilammy/msvc-dev-cmd", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v1.13.0", "correlation_key": "fp|d1b9661e1a3a37fc091729451785b22a6b38791d6b3aa744fc7cad3b41acc3ec", "current_version": "v1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "239216ecf356e4fbb9b02dfc2c09170a76ed802e4d2c756e19e0d4080fab0099", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/module/model/alias_model.rs", "duplicate_line": 34, "correlation_key": "fp|239216ecf356e4fbb9b02dfc2c09170a76ed802e4d2c756e19e0d4080fab0099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/module/model/const_model.rs"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2b0a9ccbb24a9b08e1929bd086ba9179b54bbef8b676b1457dc1eec6c7134ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 21, "correlation_key": "fp|f2b0a9ccbb24a9b08e1929bd086ba9179b54bbef8b676b1457dc1eec6c7134ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/valid_layout.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c289360c2406272f15fda691a9c3a86d3baf32a6c17fabe97a5f7d747fa0dd46", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/unbox.rs", "duplicate_line": 17, "correlation_key": "fp|c289360c2406272f15fda691a9c3a86d3baf32a6c17fabe97a5f7d747fa0dd46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/valid_layout.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "592773b7724bd243bc710fc9b0de31c7507831a098976269f8c1e538fb8d2deb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 21, "correlation_key": "fp|592773b7724bd243bc710fc9b0de31c7507831a098976269f8c1e538fb8d2deb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/valid_field.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2573206e490189b9690e1f9af6cdfb6ce08fd1d8062bb9062b4cc5fcc717ea0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/unbox.rs", "duplicate_line": 17, "correlation_key": "fp|f2573206e490189b9690e1f9af6cdfb6ce08fd1d8062bb9062b4cc5fcc717ea0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/valid_field.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a211571842e6b4c39ff4001bf23b1790f51a17b2863d5a8c413177189f4d217a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 21, "correlation_key": "fp|a211571842e6b4c39ff4001bf23b1790f51a17b2863d5a8c413177189f4d217a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/unbox.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e679b767e0fe7621e3019b12092858b3837c6954ca3a734f849a4313932e4174", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/foreign_type.rs", "duplicate_line": 24, "correlation_key": "fp|e679b767e0fe7621e3019b12092858b3837c6954ca3a734f849a4313932e4174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/opaque_type.rs"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8743fdefde6167fbb2ba4ec7cf22adadbc52422fd44d7eff498fafed45ee9e14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 17, "correlation_key": "fp|8743fdefde6167fbb2ba4ec7cf22adadbc52422fd44d7eff498fafed45ee9e14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/is_bits.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37c01b5eed8daa74fcd20aa7d3004929fde960c437ae7e33d6a3883b03a7b30b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 19, "correlation_key": "fp|37c01b5eed8daa74fcd20aa7d3004929fde960c437ae7e33d6a3883b03a7b30b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/construct_type.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "544472c8342a5479f6ca6da72e9aa884c011e3b895a03aa0a5b894646063b2d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs_macros/src/derive/ccall_arg.rs", "duplicate_line": 17, "correlation_key": "fp|544472c8342a5479f6ca6da72e9aa884c011e3b895a03aa0a5b894646063b2d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/derive/ccall_return.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cce0358c8bc4179b84b6b8472a48cacb09e92516014c059276825fdbc5164d60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs/src/runtime/builder/async_builder.rs", "duplicate_line": 67, "correlation_key": "fp|cce0358c8bc4179b84b6b8472a48cacb09e92516014c059276825fdbc5164d60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/runtime/builder/mod.rs"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14b07f9000a15e92c0ec3b0debd8652fe3fda33fcad287079b8f2992c8415ecf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs/src/gc_safe/raw_fair_mutex.rs", "duplicate_line": 11, "correlation_key": "fp|14b07f9000a15e92c0ec3b0debd8652fe3fda33fcad287079b8f2992c8415ecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/gc_safe/raw_mutex.rs"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2303ed0549a727b99961533fb60a564b5818c62679273f0f0755759e948db194", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs/src/data/layout/valid_layout.rs", "duplicate_line": 29, "correlation_key": "fp|2303ed0549a727b99961533fb60a564b5818c62679273f0f0755759e948db194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/data/managed/mod.rs"}, "region": {"startLine": 154}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 123416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dbdff76f24d9871d8699b9bf0988b38c720d2533e388a86d86a3e5afa4a08a9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/jlrs/src/data/managed/background_task.rs", "duplicate_line": 87, "correlation_key": "fp|dbdff76f24d9871d8699b9bf0988b38c720d2533e388a86d86a3e5afa4a08a9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/data/managed/delegated_task.rs"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 123483, "scanner": "repobility-threat-engine", "fingerprint": "a8bbd00f775770ae4100168ccfcac4034761920fead06a1c6690141f0ac00837", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a8bbd00f775770ae4100168ccfcac4034761920fead06a1c6690141f0ac00837", "aggregated_count": 4}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 123482, "scanner": "repobility-threat-engine", "fingerprint": "0b5e2629a304e3dbb6914f8220c1d830b9d55516652870bab56fb3f763834809", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b5e2629a304e3dbb6914f8220c1d830b9d55516652870bab56fb3f763834809"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/constant_bytes.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 123481, "scanner": "repobility-threat-engine", "fingerprint": "2b13094240febdcb0d41ee2a156b9fe1d778c54a80f45c8bcc97275a5d0b6e88", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b13094240febdcb0d41ee2a156b9fe1d778c54a80f45c8bcc97275a5d0b6e88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/runtime/handle/mt_handle/mod.rs"}, "region": {"startLine": 220}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 123480, "scanner": "repobility-threat-engine", "fingerprint": "a30be6a92578174f876206976aaf4dd3dbcaf67a74e1fd2670633da12a2b6286", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a30be6a92578174f876206976aaf4dd3dbcaf67a74e1fd2670633da12a2b6286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/data/layout/union.rs"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 123477, "scanner": "repobility-threat-engine", "fingerprint": "b17f1ec465193ef7ce8066123d319303f0c2f0f6555fca5f49c1f6e6239078c9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b17f1ec465193ef7ce8066123d319303f0c2f0f6555fca5f49c1f6e6239078c9", "aggregated_count": 15}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 123476, "scanner": "repobility-threat-engine", "fingerprint": "d812a9fbff66490dbe765408ec6658bcf63c39eadedc0ee88787b266aa8793e0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d812a9fbff66490dbe765408ec6658bcf63c39eadedc0ee88787b266aa8793e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/build.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 123475, "scanner": "repobility-threat-engine", "fingerprint": "f1942cbd152744f61f1422a3826171dac92db71fd4de9fc69262b6b866fc74af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1942cbd152744f61f1422a3826171dac92db71fd4de9fc69262b6b866fc74af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ffi/jlrs_sys/build.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 123474, "scanner": "repobility-threat-engine", "fingerprint": "6386b3a039d3dc2559022fb46aecb3cdf972bafab15092ce5be18ae187326b76", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6386b3a039d3dc2559022fb46aecb3cdf972bafab15092ce5be18ae187326b76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ffi/jl_sys/build.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 123473, "scanner": "repobility-threat-engine", "fingerprint": "44225f2d02f07de9392e89b9bbfcbeeba5afc56ffc0bb4e1af7363baad3801fc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44225f2d02f07de9392e89b9bbfcbeeba5afc56ffc0bb4e1af7363baad3801fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ffi/ffi-validator/src/types.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 70 more): Same pattern found in 70 additional files. Review if needed."}, "properties": {"repobilityId": 123470, "scanner": "repobility-threat-engine", "fingerprint": "dcffccd14a0d07c471a9cd804b6daea10988d8abb8006276a8a883df78749abe", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 70 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dcffccd14a0d07c471a9cd804b6daea10988d8abb8006276a8a883df78749abe", "aggregated_count": 70}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 123469, "scanner": "repobility-threat-engine", "fingerprint": "97680d88b94005767db3e8aa8607b3e6b88ae32b40f05273c4d60dfeaf9fd2ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97680d88b94005767db3e8aa8607b3e6b88ae32b40f05273c4d60dfeaf9fd2ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/call_function.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 123468, "scanner": "repobility-threat-engine", "fingerprint": "050c0b93ae6c3b3357c46fd3ec4d6bb0019c8f20a27511c3914be5635540f864", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|050c0b93ae6c3b3357c46fd3ec4d6bb0019c8f20a27511c3914be5635540f864"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/background_task.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 123467, "scanner": "repobility-threat-engine", "fingerprint": "623209ca00ca1f811299b4f8e9dc770ee2da796ac876d83e9ddf8c5dc26ef3d0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|623209ca00ca1f811299b4f8e9dc770ee2da796ac876d83e9ddf8c5dc26ef3d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/arrays.rs"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 49 more): Same pattern found in 49 additional files. Review if needed."}, "properties": {"repobilityId": 123466, "scanner": "repobility-threat-engine", "fingerprint": "22a593052dcadf66a4528aa7fc43cbbf7202c3b8d168064edf3adeb985ed5ce8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 49 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|22a593052dcadf66a4528aa7fc43cbbf7202c3b8d168064edf3adeb985ed5ce8", "aggregated_count": 49}}}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 123461, "scanner": "repobility-dependency-currency", "fingerprint": "6637a494a96f9deb62949c627fc9b5cb3c039fb31ea7bf602dfb7e3ef343016d", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|6637a494a96f9deb62949c627fc9b5cb3c039fb31ea7bf602dfb7e3ef343016d", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ffi.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 123455, "scanner": "repobility-dependency-currency", "fingerprint": "aaa87cb5b5821a52a77c727e116806ba0ff3235c723e8bb27591480f78828e02", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|aaa87cb5b5821a52a77c727e116806ba0ff3235c723e8bb27591480f78828e02", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 123479, "scanner": "repobility-threat-engine", "fingerprint": "ba325e0c1ba541f4434bb8e5837d6481f8ae58d3db2d1f2843e7e9b6cfd43894", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba325e0c1ba541f4434bb8e5837d6481f8ae58d3db2d1f2843e7e9b6cfd43894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/convert/compatible.rs"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED041", "level": "error", "message": {"text": "[MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but conventionally used for trait stubs."}, "properties": {"repobilityId": 123478, "scanner": "repobility-threat-engine", "fingerprint": "54c2d162d4753c1cfae1667ffe61ff4de5a18d35e68dbc704dbfaf5a0e448f2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unimplemented-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347994+00:00", "triaged_in_corpus": 15, "observations_count": 1422, "ai_coder_pattern_id": 115}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54c2d162d4753c1cfae1667ffe61ff4de5a18d35e68dbc704dbfaf5a0e448f2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs/src/convert/ccall_types.rs"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 123472, "scanner": "repobility-threat-engine", "fingerprint": "ae460a6da6dc5a8893ec9cca5124dab4f829d4b8073594ac90dea761afb487d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ae460a6da6dc5a8893ec9cca5124dab4f829d4b8073594ac90dea761afb487d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/jlrs_macros/src/module/model/parameters.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 123471, "scanner": "repobility-threat-engine", "fingerprint": "99c3ca0d62cde1cc3ddf04270ab5991adef8880c0455cb84e8a8f1a66b333d55", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99c3ca0d62cde1cc3ddf04270ab5991adef8880c0455cb84e8a8f1a66b333d55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ffi/ffi-validator/src/types.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 123465, "scanner": "repobility-threat-engine", "fingerprint": "16111ba04cf6e01ed79dc8ea7ffdbf07619dfc3d5be07f416b1e619797600b46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|16111ba04cf6e01ed79dc8ea7ffdbf07619dfc3d5be07f416b1e619797600b46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/background_task.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 123464, "scanner": "repobility-threat-engine", "fingerprint": "d4d583df72fd385a8a7e18050a1d0e5b28d78a3061f7bd6ab71608795f714154", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4d583df72fd385a8a7e18050a1d0e5b28d78a3061f7bd6ab71608795f714154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/async_rt.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 123463, "scanner": "repobility-threat-engine", "fingerprint": "95fa02fc809613cfcd3162e27346b3d274e3079c15fe322557492277b484aef9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95fa02fc809613cfcd3162e27346b3d274e3079c15fe322557492277b484aef9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches/arrays.rs"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 123454, "scanner": "repobility-supply-chain", "fingerprint": "e061865ba17e51eb4bc3fe4fab8f296c04364ff0e69f141f273d9bcd955ea76f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e061865ba17e51eb4bc3fe4fab8f296c04364ff0e69f141f273d9bcd955ea76f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123453, "scanner": "repobility-supply-chain", "fingerprint": "12022a16f570434de52e4fbca080f080b85350b993df62d68dbf69871ef80203", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|12022a16f570434de52e4fbca080f080b85350b993df62d68dbf69871ef80203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123452, "scanner": "repobility-supply-chain", "fingerprint": "c26680ca49daf064d26c739a73e2086e71b1d348efa79be4ab81408f625e8134", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c26680ca49daf064d26c739a73e2086e71b1d348efa79be4ab81408f625e8134"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123451, "scanner": "repobility-supply-chain", "fingerprint": "9a671cf0f0bdb65f2f102bf5d5fc32278173d1d510267acd0387463215cc3724", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9a671cf0f0bdb65f2f102bf5d5fc32278173d1d510267acd0387463215cc3724"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123450, "scanner": "repobility-supply-chain", "fingerprint": "61fdf26b42880b7ff94c1ccc3437ee0d63d552a1fd6a1678dabe86cc7377bc22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61fdf26b42880b7ff94c1ccc3437ee0d63d552a1fd6a1678dabe86cc7377bc22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123449, "scanner": "repobility-supply-chain", "fingerprint": "e91968260b5cd383ea40cd8e2fdabb82252609dcfb35ffe12bcaa895626854fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e91968260b5cd383ea40cd8e2fdabb82252609dcfb35ffe12bcaa895626854fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123448, "scanner": "repobility-supply-chain", "fingerprint": "7ce0943416eb210a4fa93fb240cd7125d3cb77eea7b4041e2a7673dd2d685879", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ce0943416eb210a4fa93fb240cd7125d3cb77eea7b4041e2a7673dd2d685879"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123447, "scanner": "repobility-supply-chain", "fingerprint": "19b3382a43e44a5d319099913733844b60f934509e40a327e514211eba9ac07b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|19b3382a43e44a5d319099913733844b60f934509e40a327e514211eba9ac07b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123446, "scanner": "repobility-supply-chain", "fingerprint": "544c54c5c205eaa2a704a8cda4648c8963389851ad22c0b549355a9f1e660edd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|544c54c5c205eaa2a704a8cda4648c8963389851ad22c0b549355a9f1e660edd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123445, "scanner": "repobility-supply-chain", "fingerprint": "e7f81b4a4fecce0286898250237c6b22413bd346f6dada68ca54619c415589ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e7f81b4a4fecce0286898250237c6b22413bd346f6dada68ca54619c415589ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123444, "scanner": "repobility-supply-chain", "fingerprint": "352520f0a5926b37ccf22fc9bb2dd3ff20529f3f5e2bd39be0b8ae58256cc1ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|352520f0a5926b37ccf22fc9bb2dd3ff20529f3f5e2bd39be0b8ae58256cc1ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123443, "scanner": "repobility-supply-chain", "fingerprint": "426d800b19841cf109f1b565b519347edfb17b8a08609a6e7b7d2486f4a409c1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|426d800b19841cf109f1b565b519347edfb17b8a08609a6e7b7d2486f4a409c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123442, "scanner": "repobility-supply-chain", "fingerprint": "c382d7a9a002b6db23a63a6219d53d733e8228fe8ee92b94470db6e0525c674f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c382d7a9a002b6db23a63a6219d53d733e8228fe8ee92b94470db6e0525c674f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 123441, "scanner": "repobility-supply-chain", "fingerprint": "09d1544cf4da639a34ea813f038dfb1a434c298277a8866fbe23409daefde0e5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|09d1544cf4da639a34ea813f038dfb1a434c298277a8866fbe23409daefde0e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123440, "scanner": "repobility-supply-chain", "fingerprint": "f7750a211c497765bbb4f981e3fbc83386e4d706863c2afadcf28424634b7fd1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7750a211c497765bbb4f981e3fbc83386e4d706863c2afadcf28424634b7fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123439, "scanner": "repobility-supply-chain", "fingerprint": "fd38c3577c7093d45a4bac337b2779297f484df801fac5d687516ac4e0571e40", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd38c3577c7093d45a4bac337b2779297f484df801fac5d687516ac4e0571e40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123438, "scanner": "repobility-supply-chain", "fingerprint": "32864ca8865e31629b4006539f2ea829abfec880b6fbf0cd546aeaf6bbe630ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32864ca8865e31629b4006539f2ea829abfec880b6fbf0cd546aeaf6bbe630ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123437, "scanner": "repobility-supply-chain", "fingerprint": "e8dd39d679f4c6609506276aa47da639edf3892cfb3442e5050574dc3197967c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8dd39d679f4c6609506276aa47da639edf3892cfb3442e5050574dc3197967c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123436, "scanner": "repobility-supply-chain", "fingerprint": "4806a568ddfa6114cb2696b5097b9ed4aea5d25446602046de5859b9177c5ba3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4806a568ddfa6114cb2696b5097b9ed4aea5d25446602046de5859b9177c5ba3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123435, "scanner": "repobility-supply-chain", "fingerprint": "e2464cf0368ba25c90703de8eb6d2ce5a512d12449ccc434824b72fe4a93da91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2464cf0368ba25c90703de8eb6d2ce5a512d12449ccc434824b72fe4a93da91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123434, "scanner": "repobility-supply-chain", "fingerprint": "2d34720d1892299482f83ae287008ad5220ca63063b7d1d910fe35a21339d254", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d34720d1892299482f83ae287008ad5220ca63063b7d1d910fe35a21339d254"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123433, "scanner": "repobility-supply-chain", "fingerprint": "d54f9e19dcbc5b110e9c4d1b9e3803d7189f75ff9e05c90e25049518dce6ca42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d54f9e19dcbc5b110e9c4d1b9e3803d7189f75ff9e05c90e25049518dce6ca42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 123432, "scanner": "repobility-supply-chain", "fingerprint": "04a666ec2f7090f56b40666e94f05d32d61323fae6fd52bac715a1b97e0213ef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04a666ec2f7090f56b40666e94f05d32d61323fae6fd52bac715a1b97e0213ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `julia-actions/setup-julia` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 123431, "scanner": "repobility-supply-chain", "fingerprint": "8c8d8db4a3989c0ce8e5891810e60d4741461f0b48ffe1e3c3fa541d523a600f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c8d8db4a3989c0ce8e5891810e60d4741461f0b48ffe1e3c3fa541d523a600f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 123430, "scanner": "repobility-supply-chain", "fingerprint": "637581d1d0776a4d15869cc6a9173504c1674a1cc537198eb50c2bc291b06a35", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|637581d1d0776a4d15869cc6a9173504c1674a1cc537198eb50c2bc291b06a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/main.yml"}, "region": {"startLine": 23}}}]}]}]}