{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`", "shortDescription": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "fullDescription": {"text": "`uses: softprops/action-gh-release@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `postgres:18` unpinned", "shortDescription": {"text": "Workflow container/services image `postgres:18` unpinned"}, "fullDescription": {"text": "`container/services image: postgres:18` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `php:8.4-cli-alpine` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `php:8.4-cli-alpine` not pinned by digest"}, "fullDescription": {"text": "`FROM php:8.4-cli-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1011"}, "properties": {"repository": "efureev/laravel-trees", "repoUrl": "https://github.com/efureev/laravel-trees", "branch": "master"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 94822, "scanner": "repobility-docker", "fingerprint": "6d2a4fdba3a2ef74e876adf2c94442356d7fb664dfb2e86b898a10c040c03576", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "php:8.4-cli-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6d2a4fdba3a2ef74e876adf2c94442356d7fb664dfb2e86b898a10c040c03576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 94821, "scanner": "repobility-docker", "fingerprint": "5c4d99171fa4eed27a93528d9fdba3e8543a065c165026909e3587791dfc0096", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 30 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 30, "correlation_key": "fp|5c4d99171fa4eed27a93528d9fdba3e8543a065c165026909e3587791dfc0096", "dependency_install_line": 32}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".docker/Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 94820, "scanner": "repobility-docker", "fingerprint": "fda32fdf8d99d5810878bd4ab62f8c1a5cc3c32a2512184ead3127f9e7343c8c", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|fda32fdf8d99d5810878bd4ab62f8c1a5cc3c32a2512184ead3127f9e7343c8c", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".docker/Dockerfile"}, "region": {"startLine": 30}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94829, "scanner": "repobility-docker", "fingerprint": "bdd2de72f2b9264d258884f8b4b81f7b513f6e2473eb2f09ac7365eb1ed2a890", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "coverage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bdd2de72f2b9264d258884f8b4b81f7b513f6e2473eb2f09ac7365eb1ed2a890"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94827, "scanner": "repobility-docker", "fingerprint": "169b59189db92eeade5020b99f05576afd1aa282d293fa375d7b30f45d2e343d", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "coverage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|169b59189db92eeade5020b99f05576afd1aa282d293fa375d7b30f45d2e343d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 94826, "scanner": "repobility-docker", "fingerprint": "bd0c463a123dc280e407ab9cdf2baad08fe1451f1f3081cb3be33a6b459b8afb", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|bd0c463a123dc280e407ab9cdf2baad08fe1451f1f3081cb3be33a6b459b8afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 94824, "scanner": "repobility-docker", "fingerprint": "f658543e7457a0fe50f05c1acd4d0e6c9468d8ca9393783d58f3310d6601065b", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "app", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f658543e7457a0fe50f05c1acd4d0e6c9468d8ca9393783d58f3310d6601065b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 94823, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94807, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed1a07d0e4ce23c3b2863518462d82c1687e3d9fc4bc2394f46c4f3c11171529", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/RootTest.php", "duplicate_line": 20, "correlation_key": "fp|ed1a07d0e4ce23c3b2863518462d82c1687e3d9fc4bc2394f46c4f3c11171529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Uuid/RootTest.php"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94806, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e28633092cf6ea5e13dbf4ce5f20bef339fc120a4ad0927c983f4bf6427ee0d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/ChildrenTest.php", "duplicate_line": 14, "correlation_key": "fp|e28633092cf6ea5e13dbf4ce5f20bef339fc120a4ad0927c983f4bf6427ee0d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Uuid/ParentsTest.php"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94805, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b13fa5135d17b2cf3daf756b3eabe88673f59680b25d6efe4986619a3f55ccf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/ParentsTest.php", "duplicate_line": 12, "correlation_key": "fp|4b13fa5135d17b2cf3daf756b3eabe88673f59680b25d6efe4986619a3f55ccf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Uuid/ParentsTest.php"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94804, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3c681e538289f4de55817f496240fdbf8f3791d88643b020c3821faeb2525d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/DownTest.php", "duplicate_line": 14, "correlation_key": "fp|d3c681e538289f4de55817f496240fdbf8f3791d88643b020c3821faeb2525d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/UpTest.php"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94803, "scanner": "repobility-ai-code-hygiene", "fingerprint": "776311543208204ac4122ea220a7c762c0dfcf259836f9e74bef85d097fcc785", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/QueryBuilderTest.php", "duplicate_line": 13, "correlation_key": "fp|776311543208204ac4122ea220a7c762c0dfcf259836f9e74bef85d097fcc785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Ulid/QueryBuilderTest.php"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfa079686861b68ccd2276a8954d971ed938b49f7cb865c92224ea87cd77c5cb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/DeleteTest.php", "duplicate_line": 29, "correlation_key": "fp|dfa079686861b68ccd2276a8954d971ed938b49f7cb865c92224ea87cd77c5cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Ulid/DeleteTest.php"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "688f2a93ea78c9c18802b5158db88a23b2ae11f1cee5e8329eed2dad93d4ca9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/DeleteTest.php", "duplicate_line": 13, "correlation_key": "fp|688f2a93ea78c9c18802b5158db88a23b2ae11f1cee5e8329eed2dad93d4ca9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Ulid/DeleteTest.php"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94800, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bfdf37c1420b9a69868370a0dd7b7a3e8d3bbdf754a1818c583d1f2ccebea592", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/CreationTest.php", "duplicate_line": 22, "correlation_key": "fp|bfdf37c1420b9a69868370a0dd7b7a3e8d3bbdf754a1818c583d1f2ccebea592"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/Ulid/CreationTest.php"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94799, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c6d8e901daf0f1d2ee5904c19a79dab7c643eb4796103af03269dbefa6eb360", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/DeleteTest.php", "duplicate_line": 13, "correlation_key": "fp|5c6d8e901daf0f1d2ee5904c19a79dab7c643eb4796103af03269dbefa6eb360"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/SoftDeleteTest.php"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94798, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b2fa1b7848963326d8f9414f4f8caf0c658334bf0ae8d71a98f633ba8fdfd49", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/RootTest.php", "duplicate_line": 12, "correlation_key": "fp|6b2fa1b7848963326d8f9414f4f8caf0c658334bf0ae8d71a98f633ba8fdfd49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/RootTest.php"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94797, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1fd6f4ba9b71f6b629bb5d7bc7b5e26d8996f34f52cee928b5f9176b14f390db", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/PrependTest.php", "duplicate_line": 35, "correlation_key": "fp|1fd6f4ba9b71f6b629bb5d7bc7b5e26d8996f34f52cee928b5f9176b14f390db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/PrependTest.php"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94796, "scanner": "repobility-ai-code-hygiene", "fingerprint": "746e8f123a2b5069f2a195faf1150e4da5eee8196295acb2c14791b119f43cf7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Uno/ChildrenTest.php", "duplicate_line": 14, "correlation_key": "fp|746e8f123a2b5069f2a195faf1150e4da5eee8196295acb2c14791b119f43cf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/ParentsTest.php"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94795, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4ffa29453500e36a1bc18a267b8e8c9fa7e41605da984305cfe77601bf589df5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/InsertBeforeTest.php", "duplicate_line": 43, "correlation_key": "fp|4ffa29453500e36a1bc18a267b8e8c9fa7e41605da984305cfe77601bf589df5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/InsertBeforeTest.php"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94794, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1071c6d8ab6b9ae92d4120313d7cfe2bdfcad90a1f477f3e56f467152f2c151e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/InsertAfterTest.php", "duplicate_line": 28, "correlation_key": "fp|1071c6d8ab6b9ae92d4120313d7cfe2bdfcad90a1f477f3e56f467152f2c151e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/InsertAfterTest.php"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94793, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89304f355d49717e672adc6bd7dc61c059279f5632af28902b459ba2acf346be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/DeleteTest.php", "duplicate_line": 29, "correlation_key": "fp|89304f355d49717e672adc6bd7dc61c059279f5632af28902b459ba2acf346be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/DeleteTest.php"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94792, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f28406c243157a24f3dd14a0c317e093ed3ad5864c368ce55a8ccce37df9156a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/AppendTest.php", "duplicate_line": 35, "correlation_key": "fp|f28406c243157a24f3dd14a0c317e093ed3ad5864c368ce55a8ccce37df9156a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Uno/AppendTest.php"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94791, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f34978850a50745adf580302a6563c078e1e68fc3f8b90b99c5ae5347f767a75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/QueryBuilderTest.php", "duplicate_line": 43, "correlation_key": "fp|f34978850a50745adf580302a6563c078e1e68fc3f8b90b99c5ae5347f767a75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/QueryBuilderTest.php"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94790, "scanner": "repobility-ai-code-hygiene", "fingerprint": "08a5d51615a14ddd2ea5e6f573e9ea74fdb45b4fa8121d1446c1b4399abbdeb9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/MovementTest.php", "duplicate_line": 43, "correlation_key": "fp|08a5d51615a14ddd2ea5e6f573e9ea74fdb45b4fa8121d1446c1b4399abbdeb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/MovementTest.php"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94789, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fffd8c3fae76dace0160d3bc88c32b41fc931400d0debd73b519e5182625d4d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/MoveTest.php", "duplicate_line": 12, "correlation_key": "fp|7fffd8c3fae76dace0160d3bc88c32b41fc931400d0debd73b519e5182625d4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/MovementTest.php"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94788, "scanner": "repobility-ai-code-hygiene", "fingerprint": "609c88d4f781604b3c0ea132b487f085bf5dd4a022f027033edf51513b5c9463", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/DeleteTest.php", "duplicate_line": 68, "correlation_key": "fp|609c88d4f781604b3c0ea132b487f085bf5dd4a022f027033edf51513b5c9463"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/DeletionTest.php"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94787, "scanner": "repobility-ai-code-hygiene", "fingerprint": "055671b527ba314db69fe24e42b68761a0f401d6880f726d16dc262c5a278b58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/DeletionTest.php", "duplicate_line": 22, "correlation_key": "fp|055671b527ba314db69fe24e42b68761a0f401d6880f726d16dc262c5a278b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/DeletionTest.php"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94786, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c4f02b75fb8f23f7f5afd895af9b03501b93424f04d6f09fbcefdef7335fd26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/CreationTest.php", "duplicate_line": 23, "correlation_key": "fp|3c4f02b75fb8f23f7f5afd895af9b03501b93424f04d6f09fbcefdef7335fd26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/CreationTest.php"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94785, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c07032dbedca8048766f6dbdab25a57e9189e65ccaaa3110197e02d7347d9ab7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/Ulid/BasicTest.php", "duplicate_line": 26, "correlation_key": "fp|c07032dbedca8048766f6dbdab25a57e9189e65ccaaa3110197e02d7347d9ab7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Uuid/BasicTest.php"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94784, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aa97bd26f883dfa3b7e00cb9687cec6867f62a610196164c4c6e11ea4d541a09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/MoveTest.php", "duplicate_line": 12, "correlation_key": "fp|aa97bd26f883dfa3b7e00cb9687cec6867f62a610196164c4c6e11ea4d541a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Ulid/MovementTest.php"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94783, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9472aa5c5b9c79066c1ceb352174bf50b2e1a9ab812b87f3ec7ff759d0f839a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/DeleteTest.php", "duplicate_line": 68, "correlation_key": "fp|9472aa5c5b9c79066c1ceb352174bf50b2e1a9ab812b87f3ec7ff759d0f839a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/Ulid/DeletionTest.php"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94782, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a17c09e192ab4be2850f0a1ceadd1e610a371eee9b4ccea1c0cf3051a8fc458", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/Tree/Multi/AppendTest.php", "duplicate_line": 22, "correlation_key": "fp|4a17c09e192ab4be2850f0a1ceadd1e610a371eee9b4ccea1c0cf3051a8fc458"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/Tree/Multi/PrependTest.php"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94781, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2521f1d35803a3c6705e13c973e1abdde3bf2c3e96c79263fafe78b135e8cad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/Functional/CollectionCustomKeyTest.php", "duplicate_line": 14, "correlation_key": "fp|b2521f1d35803a3c6705e13c973e1abdde3bf2c3e96c79263fafe78b135e8cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/CollectionTest.php"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 94780, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc8e8cfd04e161fddf8e89ec88efe51dc01238bd398b11420520a5c70537869e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/AbstractTestCase.php", "duplicate_line": 9, "correlation_key": "fp|cc8e8cfd04e161fddf8e89ec88efe51dc01238bd398b11420520a5c70537869e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/Functional/AbstractFunctionalTestCase.php"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 94832, "scanner": "repobility-docker", "fingerprint": "16b40d4ab26c1a34d2a0c46a8f21f44bcab6f6c3ad752631e409a18c6ab6bd20", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|16b40d4ab26c1a34d2a0c46a8f21f44bcab6f6c3ad752631e409a18c6ab6bd20", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 94831, "scanner": "repobility-docker", "fingerprint": "617531386ff6842d5229be3c1d04c2145194a08207c58eab88c342eb58140f34", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|617531386ff6842d5229be3c1d04c2145194a08207c58eab88c342eb58140f34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `softprops/action-gh-release` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94819, "scanner": "repobility-supply-chain", "fingerprint": "224684d530854cad503d2904d16b0f3724459a7a599764842094eebd9ef6e249", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|224684d530854cad503d2904d16b0f3724459a7a599764842094eebd9ef6e249"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 94818, "scanner": "repobility-supply-chain", "fingerprint": "4ccb687e2ee8f6dd493a1adc13f4e0408f02c5aaa57fd0b7ff4d4eba87734401", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ccb687e2ee8f6dd493a1adc13f4e0408f02c5aaa57fd0b7ff4d4eba87734401"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `postgres:18` unpinned"}, "properties": {"repobilityId": 94817, "scanner": "repobility-supply-chain", "fingerprint": "ec8f951a4c92c625ba4388451ebf3572de865b0f69cf29d3a48b0daa691ae44f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec8f951a4c92c625ba4388451ebf3572de865b0f69cf29d3a48b0daa691ae44f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `qltysh/qlty-action/coverage` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94816, "scanner": "repobility-supply-chain", "fingerprint": "1becf0c66b001428d6f8f1e841e64de6aa98cd4c7ff6eaf383bf5fa7adfdab46", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1becf0c66b001428d6f8f1e841e64de6aa98cd4c7ff6eaf383bf5fa7adfdab46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codacy/codacy-coverage-reporter-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 94815, "scanner": "repobility-supply-chain", "fingerprint": "85519a322ead352f179881a55863e1af1350e90fea1f544361c769187f8e1ed3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85519a322ead352f179881a55863e1af1350e90fea1f544361c769187f8e1ed3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94814, "scanner": "repobility-supply-chain", "fingerprint": "5944e21085333c2934af13780ae9eee5c39c3b717aa6cb0cb403d4c4d3c7aa4d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5944e21085333c2934af13780ae9eee5c39c3b717aa6cb0cb403d4c4d3c7aa4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94813, "scanner": "repobility-supply-chain", "fingerprint": "3a984b37b6be92236a83b9a01fb16dc60da4be84f0597d83fb4d059942600706", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a984b37b6be92236a83b9a01fb16dc60da4be84f0597d83fb4d059942600706"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94812, "scanner": "repobility-supply-chain", "fingerprint": "e7421059e0e0e9f2d83f0d5c61836d96cf1a69bab8dff8c2faad34db869ce17f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e7421059e0e0e9f2d83f0d5c61836d96cf1a69bab8dff8c2faad34db869ce17f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/cache` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 94811, "scanner": "repobility-supply-chain", "fingerprint": "60bddb5922aa2407c68196e33b08b5181f131add78baa726f7f8079a5759d436", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60bddb5922aa2407c68196e33b08b5181f131add78baa726f7f8079a5759d436"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `shivammathur/setup-php` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 94810, "scanner": "repobility-supply-chain", "fingerprint": "917db0554e4bd584c64884d13bd9fdb15b65b44bb6953a645baf180ffc0166ed", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|917db0554e4bd584c64884d13bd9fdb15b65b44bb6953a645baf180ffc0166ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 94809, "scanner": "repobility-supply-chain", "fingerprint": "0e284331781925b1ec5dc99ee976d8afd529252f4928bece2c5c4f16d7781b5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e284331781925b1ec5dc99ee976d8afd529252f4928bece2c5c4f16d7781b5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/php.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `php:8.4-cli-alpine` not pinned by digest"}, "properties": {"repobilityId": 94808, "scanner": "repobility-supply-chain", "fingerprint": "944b4b59fefbc9e957c9383db59ee8d66341a8b1188e2c7f9bc94ef830c5fe95", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|944b4b59fefbc9e957c9383db59ee8d66341a8b1188e2c7f9bc94ef830c5fe95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".docker/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94830, "scanner": "repobility-docker", "fingerprint": "c73408092c8487a07be95315be281327a7db960eaf58ebc121f6ce6375592ae3", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "db", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|c73408092c8487a07be95315be281327a7db960eaf58ebc121f6ce6375592ae3", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94828, "scanner": "repobility-docker", "fingerprint": "535ce2f837c2902c6b618cf076151f66482db7f8af21ed69844bd08387be9fe2", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "coverage", "variable": "DB_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|535ce2f837c2902c6b618cf076151f66482db7f8af21ed69844bd08387be9fe2", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 94825, "scanner": "repobility-docker", "fingerprint": "8abff1292920046ae135614640d277d0876e23c7ffb0db93399cec98d3a008e1", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "app", "variable": "DB_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|8abff1292920046ae135614640d277d0876e23c7ffb0db93399cec98d3a008e1", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 18}}}]}]}]}