{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` re", "shortDescription": {"text": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-fi"}, "fullDescription": {"text": "Replace with: `uses: GoTestTools/gotestfmt-action@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED117", "name": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workfl", "shortDescription": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter "}, "fullDescription": {"text": "Replace with a scoped block: `permissions:\\n  contents: read\\n  issues: write` (only the scopes you need)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `github.com/pulumi/pulumi-kubernetes/sdk/v4` \u2014 points to a LOCAL path: `replace github.com/pu", "shortDescription": {"text": "[MINED128] go.mod replaces `github.com/pulumi/pulumi-kubernetes/sdk/v4` \u2014 points to a LOCAL path: `replace github.com/pulumi/pulumi-kubernetes/sdk/v4 => ../sdk` overrides the canonical dependency with a different source (points to a LOCAL p"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_reque", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate "}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. T", "shortDescription": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import time` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1093"}, "properties": {"repository": "pulumi/pulumi-kubernetes", "repoUrl": "https://github.com/pulumi/pulumi-kubernetes", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 107183, "scanner": "repobility-ast-engine", "fingerprint": "0507b35d31256f3afc85698a61c621115bede79390df79122be30128b5653df6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0507b35d31256f3afc85698a61c621115bede79390df79122be30128b5653df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/_utilities.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 107182, "scanner": "repobility-ast-engine", "fingerprint": "9987d0bfd84976ae177a270d6582ae82f64d69b96c6e8a8eb028d367eaa21e1b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9987d0bfd84976ae177a270d6582ae82f64d69b96c6e8a8eb028d367eaa21e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/_utilities.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107181, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aefb7cb7a8ed4e4ea915fe5f813920dcd22353ff2a28c084b61eab9fb17a526b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/AuditAnnotationPatch.cs", "duplicate_line": 7, "correlation_key": "fp|aefb7cb7a8ed4e4ea915fe5f813920dcd22353ff2a28c084b61eab9fb17a526b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Outputs/AuditAnnotationPatch.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107180, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8473f67bba5a12018e5da01dbbc5365cd11a73906768fcfd1e1426ce1b38f4dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/AuditAnnotation.cs", "duplicate_line": 7, "correlation_key": "fp|8473f67bba5a12018e5da01dbbc5365cd11a73906768fcfd1e1426ce1b38f4dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Outputs/AuditAnnotation.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107179, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a00713deee4d960f2c71f16ba888c0fc5f2004d86767cb66e6001a24e9dd462", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/MutatingAdmissionPolicyList.cs", "duplicate_line": 35, "correlation_key": "fp|8a00713deee4d960f2c71f16ba888c0fc5f2004d86767cb66e6001a24e9dd462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/MutatingAdmissionPolicyList.cs"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107178, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cc1043c5d533121885bc33511c53e00087f43a07e4503a098be1d5525150c14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/MutatingAdmissionPolicyBindingList.cs", "duplicate_line": 35, "correlation_key": "fp|2cc1043c5d533121885bc33511c53e00087f43a07e4503a098be1d5525150c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/MutatingAdmissionPolicyBindingList.cs"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107177, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1eb106e5f78f2e2166a7ad2ef8cf0bb2ea2c801f131a4a18838fdf45ab871d4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidationPatchArgs.cs", "duplicate_line": 7, "correlation_key": "fp|b1eb106e5f78f2e2166a7ad2ef8cf0bb2ea2c801f131a4a18838fdf45ab871d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ValidationPatchArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107176, "scanner": "repobility-ai-code-hygiene", "fingerprint": "acdb84d2f485ec8fa8b307d46f85456c1bd0c96d132e32419f9768310876c0f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidationArgs.cs", "duplicate_line": 7, "correlation_key": "fp|acdb84d2f485ec8fa8b307d46f85456c1bd0c96d132e32419f9768310876c0f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ValidationArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107175, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad7d5f6ac6aeb2639d360af4a6177a6661311894beb0796bba49671b8df4d09d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidatingAdmissionPolicyStatusArgs.cs", "duplicate_line": 7, "correlation_key": "fp|ad7d5f6ac6aeb2639d360af4a6177a6661311894beb0796bba49671b8df4d09d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ValidatingAdmissionPolicyStatusArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107174, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e027f8d4817a5f7962e25a54a21fb4e43c564a8cbb1be24a5c62fc194454c17a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidatingAdmissionPolicyBindingSpecPatchArgs.cs", "duplicate_line": 14, "correlation_key": "fp|e027f8d4817a5f7962e25a54a21fb4e43c564a8cbb1be24a5c62fc194454c17a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ValidatingAdmissionPolicyBindingSpecPatchArgs.cs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107173, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e9908708c3d34d40adff6777c34ce8acdf15f7f6177f4aa6a40a01aacfbea86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ParamRefPatchArgs.cs", "duplicate_line": 7, "correlation_key": "fp|9e9908708c3d34d40adff6777c34ce8acdf15f7f6177f4aa6a40a01aacfbea86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ParamRefPatchArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107172, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6c123cf7118cc25d7eba7f8d350d28a42aec78d0fd76720f9b15a5374e8d246", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ParamRefArgs.cs", "duplicate_line": 7, "correlation_key": "fp|a6c123cf7118cc25d7eba7f8d350d28a42aec78d0fd76720f9b15a5374e8d246"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/ParamRefArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107171, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33788dc98405f9b492dfe50feab83198eb8f0feff0c8a9fc1b32c997cdfec992", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsArgs.cs", "duplicate_line": 9, "correlation_key": "fp|33788dc98405f9b492dfe50feab83198eb8f0feff0c8a9fc1b32c997cdfec992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/NamedRuleWithOperationsPatchArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107170, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78c573b0f736738b02d7677daaae679c44d9ce71bfe3280f3f09f204fbf920fc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsPatchArgs.cs", "duplicate_line": 7, "correlation_key": "fp|78c573b0f736738b02d7677daaae679c44d9ce71bfe3280f3f09f204fbf920fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/NamedRuleWithOperationsPatchArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107169, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a05c3176cfa5b613b0694fd017f094cb50cd69593b66e20ffa37efd584595929", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsArgs.cs", "duplicate_line": 7, "correlation_key": "fp|a05c3176cfa5b613b0694fd017f094cb50cd69593b66e20ffa37efd584595929"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1Alpha1/Inputs/NamedRuleWithOperationsArgs.cs"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107168, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72df3a8ffcc41119a61753ac23154b6f33783120c2a1f353c1efad5d94092196", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/Validation.cs", "duplicate_line": 17, "correlation_key": "fp|72df3a8ffcc41119a61753ac23154b6f33783120c2a1f353c1efad5d94092196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ValidationPatch.cs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107167, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3e1b08b392aa0619855627be8ebc6e9101032b9ac2a6bb259ba2ad93b21b2a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ValidatingWebhook.cs", "duplicate_line": 33, "correlation_key": "fp|e3e1b08b392aa0619855627be8ebc6e9101032b9ac2a6bb259ba2ad93b21b2a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ValidatingWebhookPatch.cs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107166, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d382b92c8e3b67cee879cffe360d9ecad3a318150cfb35dc13d145af394b772", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/MutatingWebhookPatch.cs", "duplicate_line": 34, "correlation_key": "fp|7d382b92c8e3b67cee879cffe360d9ecad3a318150cfb35dc13d145af394b772"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ValidatingWebhookPatch.cs"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107165, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe9bc40a097b2541d375e04825f3fb4cf0d11c8bfcce132a7bde98c8732245dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/MutatingWebhook.cs", "duplicate_line": 34, "correlation_key": "fp|fe9bc40a097b2541d375e04825f3fb4cf0d11c8bfcce132a7bde98c8732245dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ValidatingWebhook.cs"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107164, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c38111f9cae3d48f247f907e2baf10be69d58c777a8f173666cbe5beb0e6f174", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ServiceReference.cs", "duplicate_line": 17, "correlation_key": "fp|c38111f9cae3d48f247f907e2baf10be69d58c777a8f173666cbe5beb0e6f174"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/ServiceReferencePatch.cs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107163, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea733b838ef8f2c807590bb5fe11290443d4782fe1fedf20e77438b0c9d76b6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/RuleWithOperations.cs", "duplicate_line": 18, "correlation_key": "fp|ea733b838ef8f2c807590bb5fe11290443d4782fe1fedf20e77438b0c9d76b6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/RuleWithOperationsPatch.cs"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107162, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a460b09b6ee5b5deb2fb48afc1aef6bb1c0157c241361d5caa9a55a52e4f86f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/NamedRuleWithOperations.cs", "duplicate_line": 19, "correlation_key": "fp|5a460b09b6ee5b5deb2fb48afc1aef6bb1c0157c241361d5caa9a55a52e4f86f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/NamedRuleWithOperationsPatch.cs"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107161, "scanner": "repobility-ai-code-hygiene", "fingerprint": "57d1d8dd8d7e10aa9545c8d1644b8fb392bc3a1bacb0bdab1ff74c7305d67b2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Outputs/MutatingWebhook.cs", "duplicate_line": 35, "correlation_key": "fp|57d1d8dd8d7e10aa9545c8d1644b8fb392bc3a1bacb0bdab1ff74c7305d67b2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Outputs/MutatingWebhookPatch.cs"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107160, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94dee7523796b778a653a184d16db44a06f8da9d26eae8a014a2499c7853fec6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/MutatingWebhookPatchArgs.cs", "duplicate_line": 9, "correlation_key": "fp|94dee7523796b778a653a184d16db44a06f8da9d26eae8a014a2499c7853fec6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidatingWebhookPatchArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107159, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1559c4b646242216806dea02253cc1aa2e53fc87b5e91e17c27bfe40d29e2106", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/MutatingWebhookArgs.cs", "duplicate_line": 9, "correlation_key": "fp|1559c4b646242216806dea02253cc1aa2e53fc87b5e91e17c27bfe40d29e2106"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/ValidatingWebhookArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107158, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ce57905b83812c42b9ef306150ab113d070e8f2089bdd08f662ee72b143d455", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/RuleWithOperationsArgs.cs", "duplicate_line": 20, "correlation_key": "fp|5ce57905b83812c42b9ef306150ab113d070e8f2089bdd08f662ee72b143d455"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/RuleWithOperationsPatchArgs.cs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107157, "scanner": "repobility-ai-code-hygiene", "fingerprint": "927931eac92a9cf5dc17fc611ad0a07e0f9e0407cf4d32f664206ad9885be018", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsArgs.cs", "duplicate_line": 9, "correlation_key": "fp|927931eac92a9cf5dc17fc611ad0a07e0f9e0407cf4d32f664206ad9885be018"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/RuleWithOperationsPatchArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107156, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1076f6b435d6ca04a53f3ea1da53ef6fa2dc69ecae0976a7d71282815e5f2624", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsArgs.cs", "duplicate_line": 9, "correlation_key": "fp|1076f6b435d6ca04a53f3ea1da53ef6fa2dc69ecae0976a7d71282815e5f2624"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/RuleWithOperationsArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107155, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5fcbda45f24b9c2ce985115462f533430e6d9646708a0742774cfb4a219ae1ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsArgs.cs", "duplicate_line": 9, "correlation_key": "fp|5fcbda45f24b9c2ce985115462f533430e6d9646708a0742774cfb4a219ae1ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/dotnet/AdmissionRegistration/V1/Inputs/NamedRuleWithOperationsPatchArgs.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107154, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c05ed16f1efa03b5348fbc8b2e38d3685083a5993c2e0441635d45d21214322", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "provider/pkg/provider/yaml/v2/configfile.go", "duplicate_line": 74, "correlation_key": "fp|4c05ed16f1efa03b5348fbc8b2e38d3685083a5993c2e0441635d45d21214322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/provider/yaml/v2/configgroup.go"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107153, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5bdf1a9c1bdbc8a14519d1952774a05885f8e37fa0333a1b0c46ca67611697e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "provider/pkg/await/condition/observer.go", "duplicate_line": 118, "correlation_key": "fp|5bdf1a9c1bdbc8a14519d1952774a05885f8e37fa0333a1b0c46ca67611697e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/util.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 107152, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7abcaa3845216b1f4448be462cf44062422f0afa72cc6bf6eb8768bbce9b013d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "provider/pkg/await/deployment.go", "duplicate_line": 5, "correlation_key": "fp|7abcaa3845216b1f4448be462cf44062422f0afa72cc6bf6eb8768bbce9b013d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/statefulset.go"}, "region": {"startLine": 5}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 107148, "scanner": "repobility-threat-engine", "fingerprint": "c733fba95a27ef9e2d896636183579fa6acc69130f311b37b4936d972fdbc9e9", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = pods.EachListItem(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c733fba95a27ef9e2d896636183579fa6acc69130f311b37b4936d972fdbc9e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/watchers.go"}, "region": {"startLine": 135}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 107147, "scanner": "repobility-threat-engine", "fingerprint": "450d6606c29be484ad4f1c1a543292753c04a8dc052040292650821ba0132c86", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = jia.processJobEvent(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|450d6606c29be484ad4f1c1a543292753c04a8dc052040292650821ba0132c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/job.go"}, "region": {"startLine": 174}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 107146, "scanner": "repobility-threat-engine", "fingerprint": "f19da18c55cb9d8e441536419dd6a176e47e5e7dd3aa30f77f754015760ab353", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = fmt.Fprintf(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f19da18c55cb9d8e441536419dd6a176e47e5e7dd3aa30f77f754015760ab353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/internal/awaiter.go"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 107151, "scanner": "repobility-threat-engine", "fingerprint": "01b0cd795fb77d0ba3911edc7aa2fe0bc6b1292bf1e383a1bd9793a812ff26a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|01b0cd795fb77d0ba3911edc7aa2fe0bc6b1292bf1e383a1bd9793a812ff26a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci-cluster-destroy.sh"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 107150, "scanner": "repobility-threat-engine", "fingerprint": "74daf18e481abc7170e3025b0fd27c7306dc16baf25084b9fee217217cd6a741", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|74daf18e481abc7170e3025b0fd27c7306dc16baf25084b9fee217217cd6a741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci-cluster-create.sh"}, "region": {"startLine": 7}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 107149, "scanner": "repobility-threat-engine", "fingerprint": "ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ffe4d81a7489f28099dfb64f1d43f221c7bd1f8d79fc0a1d608b942842e235c6"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 107145, "scanner": "repobility-threat-engine", "fingerprint": "fb770cdc794beaed81d24f2d155e49e91fedfcd0ac24f63598b4544dd5209ca6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb770cdc794beaed81d24f2d155e49e91fedfcd0ac24f63598b4544dd5209ca6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/helm/upstream.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 107144, "scanner": "repobility-threat-engine", "fingerprint": "c7dcebcdd439cae05952a1bb79b8682135853a2ab7870086e9bd21f266a11298", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7dcebcdd439cae05952a1bb79b8682135853a2ab7870086e9bd21f266a11298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/clients/memcache.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 107143, "scanner": "repobility-threat-engine", "fingerprint": "4ffd4a0c8ba337b13460b315804c65e365d76cfca453a3f7b777639cba8cb83b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ffd4a0c8ba337b13460b315804c65e365d76cfca453a3f7b777639cba8cb83b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/condition/kubectl.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 107142, "scanner": "repobility-threat-engine", "fingerprint": "4cd764d2310373e872f20700137fd6e63809f777df4a3a5d4462ce63cf14f4cc", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4cd764d2310373e872f20700137fd6e63809f777df4a3a5d4462ce63cf14f4cc", "aggregated_count": 3}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 107138, "scanner": "repobility-threat-engine", "fingerprint": "9b3140f1a544f1ef1e4ee1c8fe4f37d0e07d4cf440fa514118050d9d52cbc42e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9b3140f1a544f1ef1e4ee1c8fe4f37d0e07d4cf440fa514118050d9d52cbc42e", "aggregated_count": 4}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 107137, "scanner": "repobility-threat-engine", "fingerprint": "d4fada4e04605ca41fe56c50430dc39ed52a8cd1c5438cebc44874d25536e079", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4fada4e04605ca41fe56c50430dc39ed52a8cd1c5438cebc44874d25536e079"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/checker/internal/load.go"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 107136, "scanner": "repobility-threat-engine", "fingerprint": "26de31c0efafa7d835517624c0c8a7bd53f00b100ca8d4deb9938987e64b8309", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|26de31c0efafa7d835517624c0c8a7bd53f00b100ca8d4deb9938987e64b8309"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/checker/internal/convert.go"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 107135, "scanner": "repobility-threat-engine", "fingerprint": "bdded295d7c7e78f0b156843512a4788ffd6463252b36266c3d86da115b3065d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdded295d7c7e78f0b156843512a4788ffd6463252b36266c3d86da115b3065d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/cmd/pulumi-gen-kubernetes/merge.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 107132, "scanner": "repobility-threat-engine", "fingerprint": "f24e302c8cfadf0f40059482c5be8009e3b969ce88cbeca494e3de7dd6548f55", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f24e302c8cfadf0f40059482c5be8009e3b969ce88cbeca494e3de7dd6548f55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/esc-action/index.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107229, "scanner": "repobility-supply-chain", "fingerprint": "dd1cfaf9246a96b193d4c5ab028ca8c0eeab2be91f85f1738a781e4b432872ce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd1cfaf9246a96b193d4c5ab028ca8c0eeab2be91f85f1738a781e4b432872ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pulumi/action-release-by-pr-label` pinned to mutable ref `@main`: `uses: pulumi/action-release-by-pr-label@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107228, "scanner": "repobility-supply-chain", "fingerprint": "2dee3718503e2e294c26efbf371e95122a4dad64381a27244af6349c25927f47", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2dee3718503e2e294c26efbf371e95122a4dad64381a27244af6349c25927f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 107227, "scanner": "repobility-supply-chain", "fingerprint": "ca04a2cf6f9258de68c89bbe0d7d15246194309ff78375680824be0b67b99d77", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ca04a2cf6f9258de68c89bbe0d7d15246194309ff78375680824be0b67b99d77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/weekly-pulumi-update.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107226, "scanner": "repobility-supply-chain", "fingerprint": "bf204331e781fab38d1e7d168cc406e8e371bf842083a8631d5931824492d3d1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bf204331e781fab38d1e7d168cc406e8e371bf842083a8631d5931824492d3d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/run-acceptance-tests.yml"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pulumi/publish-go-sdk-action` pinned to mutable ref `@v1`: `uses: pulumi/publish-go-sdk-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107225, "scanner": "repobility-supply-chain", "fingerprint": "4c417173a2808744df583f6e6b3053bdba750b86dc63df681f4b1c99e2947543", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c417173a2808744df583f6e6b3053bdba750b86dc63df681f4b1c99e2947543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 600}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107224, "scanner": "repobility-supply-chain", "fingerprint": "bde2d5382a0ca4e28e24e6806e597ce2222dda79b8d3e1487ce1959b11e53140", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bde2d5382a0ca4e28e24e6806e597ce2222dda79b8d3e1487ce1959b11e53140"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pulumi/publish-go-sdk-action` pinned to mutable ref `@v1`: `uses: pulumi/publish-go-sdk-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107211, "scanner": "repobility-supply-chain", "fingerprint": "5f5bc244da1ac3f1fd112dbb4814c4b6ab4c838c4c59f861358aeb25c754738a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5f5bc244da1ac3f1fd112dbb4814c4b6ab4c838c4c59f861358aeb25c754738a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/prerelease.yml"}, "region": {"startLine": 600}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `GoTestTools/gotestfmt-action` pinned to mutable ref `@v2`: `uses: GoTestTools/gotestfmt-action@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107210, "scanner": "repobility-supply-chain", "fingerprint": "8a07b4d5172222205639358f64e68ddf0d12393c040a10fc8949c4ab380cf287", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8a07b4d5172222205639358f64e68ddf0d12393c040a10fc8949c4ab380cf287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/prerelease.yml"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pulumi/action-release-by-pr-label` pinned to mutable ref `@main`: `uses: pulumi/action-release-by-pr-label@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 107209, "scanner": "repobility-supply-chain", "fingerprint": "d0d64a8a7e1cec891ab2bce4b9395ebd6887a6a955fa8ed3c3b9d07c79172e3e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d0d64a8a7e1cec891ab2bce4b9395ebd6887a6a955fa8ed3c3b9d07c79172e3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release_command.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 107208, "scanner": "repobility-supply-chain", "fingerprint": "4ed8626466e5e7b10a855880e40b2e551f110706b1a32544a78fd961f3014b57", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4ed8626466e5e7b10a855880e40b2e551f110706b1a32544a78fd961f3014b57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/kubernetes-update-check.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/pulumi/pulumi-kubernetes/sdk/v4` \u2014 points to a LOCAL path: `replace github.com/pulumi/pulumi-kubernetes/sdk/v4 => ../sdk` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 107207, "scanner": "repobility-supply-chain", "fingerprint": "9dcd267c2738582cb4d818f545cbc4caf9ff8f0b63923c00dc361d675e0f81c7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9dcd267c2738582cb4d818f545cbc4caf9ff8f0b63923c00dc361d675e0f81c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/go.mod"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `(` \u2014 points to a LOCAL path: `replace ( => ../provider` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 107206, "scanner": "repobility-supply-chain", "fingerprint": "c40ddc8f8b06d3dfb9623500aa1107590316a18df018ada345aa020247838736", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c40ddc8f8b06d3dfb9623500aa1107590316a18df018ada345aa020247838736"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/go.mod"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 107141, "scanner": "repobility-threat-engine", "fingerprint": "46e985f71aaeb6d3fe5ae2813dfaef9a80cafb7bd5be277f023a7a6bdf6a96c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46e985f71aaeb6d3fe5ae2813dfaef9a80cafb7bd5be277f023a7a6bdf6a96c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/host/fake/host.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 107140, "scanner": "repobility-threat-engine", "fingerprint": "7b5daa173ad9247d178004b7cf380b36f3b4ed99875e8657fa6a8bb929e86b2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b5daa173ad9247d178004b7cf380b36f3b4ed99875e8657fa6a8bb929e86b2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/helm/keyring.go"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 107139, "scanner": "repobility-threat-engine", "fingerprint": "6279b010a96a38bb44527749a83fd9245d3ef51977e7f2674f4d06ac0c0dce3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6279b010a96a38bb44527749a83fd9245d3ef51977e7f2674f4d06ac0c0dce3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/await/condition/deleted.go"}, "region": {"startLine": 154}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 107134, "scanner": "repobility-threat-engine", "fingerprint": "164619cafe6b961814cd242332e8b1facfd7a625543eb1e53c0bb05bcf6627be", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|164619cafe6b961814cd242332e8b1facfd7a625543eb1e53c0bb05bcf6627be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/pkg/helm/values.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 107133, "scanner": "repobility-threat-engine", "fingerprint": "70eef4aaa09e82237d38a537b7375090edc3a7208ac0d4c9b9c63771e3f926df", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Get(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|70eef4aaa09e82237d38a537b7375090edc3a7208ac0d4c9b9c63771e3f926df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "provider/cmd/pulumi-gen-kubernetes/download.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107223, "scanner": "repobility-supply-chain", "fingerprint": "17afaecba9dc3fa46a5d705416a545849bb9c0644ff658574364774f58dabe90", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17afaecba9dc3fa46a5d705416a545849bb9c0644ff658574364774f58dabe90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 1352}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107222, "scanner": "repobility-supply-chain", "fingerprint": "a9f25d400eca38379bc08af67cb234c1ec3547856826a52cea15e66ad84ac8e3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9f25d400eca38379bc08af67cb234c1ec3547856826a52cea15e66ad84ac8e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 1232}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107221, "scanner": "repobility-supply-chain", "fingerprint": "37a7ff20643326311567794ea5f160ef250ed521c1c49ab35e34746da1ff1bc2", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37a7ff20643326311567794ea5f160ef250ed521c1c49ab35e34746da1ff1bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 1196}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107220, "scanner": "repobility-supply-chain", "fingerprint": "f12236522d3324953fb6075e1c9edfd4b1f759426ca2115be10dfff1dbb7ff18", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f12236522d3324953fb6075e1c9edfd4b1f759426ca2115be10dfff1dbb7ff18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 1180}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107219, "scanner": "repobility-supply-chain", "fingerprint": "7113f6a3ec8e42c57dd007b59aa318d055489e9e05be7bf6f9e6b9a9517123d4", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7113f6a3ec8e42c57dd007b59aa318d055489e9e05be7bf6f9e6b9a9517123d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 1164}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107218, "scanner": "repobility-supply-chain", "fingerprint": "f028c332ea661f5475c23fb48da477f298a9a5bac623d46db5216028a2de0fbc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f028c332ea661f5475c23fb48da477f298a9a5bac623d46db5216028a2de0fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 984}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107217, "scanner": "repobility-supply-chain", "fingerprint": "bd599368324967dd564f0a101a0368a1e73d3e94f13f85771c97fb3e8fd7ff95", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bd599368324967dd564f0a101a0368a1e73d3e94f13f85771c97fb3e8fd7ff95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 983}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107216, "scanner": "repobility-supply-chain", "fingerprint": "f2de8b1b9f202471ab034f9c6256c150fa4dec192c9c5fd6ce40a598f8e2c5d5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2de8b1b9f202471ab034f9c6256c150fa4dec192c9c5fd6ce40a598f8e2c5d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 738}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107215, "scanner": "repobility-supply-chain", "fingerprint": "17775eddd978cc188d85ef249d99b09388225e30d476a18b97984e6bcc4663d3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17775eddd978cc188d85ef249d99b09388225e30d476a18b97984e6bcc4663d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107214, "scanner": "repobility-supply-chain", "fingerprint": "a20a33f094a8a3b4e5b54a62dbeb87838480e8d809f70456d4aeb38af0281cd6", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a20a33f094a8a3b4e5b54a62dbeb87838480e8d809f70456d4aeb38af0281cd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 493}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107213, "scanner": "repobility-supply-chain", "fingerprint": "5d71ac9f722e7cba61835aa663ffc4bb3f9aeca4fe1d9543799fc5012d6e28a1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d71ac9f722e7cba61835aa663ffc4bb3f9aeca4fe1d9543799fc5012d6e28a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 474}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 107212, "scanner": "repobility-supply-chain", "fingerprint": "70f3699a25c50c6f472981ec17768ebffeed8e95040c24b697d3c661225c2642", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70f3699a25c50c6f472981ec17768ebffeed8e95040c24b697d3c661225c2642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gh-aw-pr-review.lock.yml"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107205, "scanner": "repobility-ast-engine", "fingerprint": "057312910294a2813844a157652327ecfdaa1629ce6a7da5f1b309f7042eef73", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|057312910294a2813844a157652327ecfdaa1629ce6a7da5f1b309f7042eef73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/storage/v1beta1/_inputs.py"}, "region": {"startLine": 2099}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107204, "scanner": "repobility-ast-engine", "fingerprint": "d0b7b1e708079ac6e57946fdd4d761eaa40afebdf5d4698fd072c7b90c94ce4a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0b7b1e708079ac6e57946fdd4d761eaa40afebdf5d4698fd072c7b90c94ce4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/storage/v1/_inputs.py"}, "region": {"startLine": 2513}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107203, "scanner": "repobility-ast-engine", "fingerprint": "d9b7f801d359c7d0e4efe500b2608b55bd5e612b7a156adf8fc41a36b9bf65cf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9b7f801d359c7d0e4efe500b2608b55bd5e612b7a156adf8fc41a36b9bf65cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/storage/v1alpha1/_inputs.py"}, "region": {"startLine": 669}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107202, "scanner": "repobility-ast-engine", "fingerprint": "11dd45c4e4cbec056c74a6e1b73d004298086e8271f55ca0867254d5256736fd", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11dd45c4e4cbec056c74a6e1b73d004298086e8271f55ca0867254d5256736fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/core/v1/_inputs.py"}, "region": {"startLine": 6892}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `os` used but not imported: The file uses `os.something(...)` but never imports `os`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107201, "scanner": "repobility-ast-engine", "fingerprint": "1f32e0d620871ba551d87bcadf19b1a074715083f4e1a05990cccf5200c82ace", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f32e0d620871ba551d87bcadf19b1a074715083f4e1a05990cccf5200c82ace"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/core/v1/_inputs.py"}, "region": {"startLine": 25527}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107200, "scanner": "repobility-ast-engine", "fingerprint": "15afba06bf656a80a8a822a83808d02a997dbf9766b158dbc588173ad543ef2b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15afba06bf656a80a8a822a83808d02a997dbf9766b158dbc588173ad543ef2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/core/v1/_inputs.py"}, "region": {"startLine": 6514}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107199, "scanner": "repobility-ast-engine", "fingerprint": "3df983f4348cccdbc8d05c1c6280a3141b8ccdb7adfcdf179720cbe6e7cadde4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3df983f4348cccdbc8d05c1c6280a3141b8ccdb7adfcdf179720cbe6e7cadde4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1alpha3/_inputs.py"}, "region": {"startLine": 842}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107198, "scanner": "repobility-ast-engine", "fingerprint": "ef098f3467cc2faa84f6644778f2040643b81e4ec083cf2102078d9068968159", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef098f3467cc2faa84f6644778f2040643b81e4ec083cf2102078d9068968159"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1beta1/_inputs.py"}, "region": {"startLine": 2247}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107197, "scanner": "repobility-ast-engine", "fingerprint": "0e22edbb866cd1f4577e9c6eb551bee877351a263c6ec75d1cb3554e2cf81733", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e22edbb866cd1f4577e9c6eb551bee877351a263c6ec75d1cb3554e2cf81733"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1beta1/_inputs.py"}, "region": {"startLine": 5192}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107196, "scanner": "repobility-ast-engine", "fingerprint": "0847f5f1920da31ca709fa45143a701684182512fcfe0b70a529aff7bc4e6d4c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0847f5f1920da31ca709fa45143a701684182512fcfe0b70a529aff7bc4e6d4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1/_inputs.py"}, "region": {"startLine": 1851}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107195, "scanner": "repobility-ast-engine", "fingerprint": "520a76353703369aed3d4385ee60d894a0d1b198f30eb99ae919e52afc090f4b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|520a76353703369aed3d4385ee60d894a0d1b198f30eb99ae919e52afc090f4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1/_inputs.py"}, "region": {"startLine": 4646}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107194, "scanner": "repobility-ast-engine", "fingerprint": "c7325ee281d6d742b39b169908507769b9a601b5d3501a8e64b6f392b4ed5746", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7325ee281d6d742b39b169908507769b9a601b5d3501a8e64b6f392b4ed5746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1alpha2/_inputs.py"}, "region": {"startLine": 583}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `string` used but not imported: The file uses `string.something(...)` but never imports `string`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107193, "scanner": "repobility-ast-engine", "fingerprint": "c0ccfda0bd3894c449cb028340fd107e471a96c13e4d90b5a4507fb83754c280", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0ccfda0bd3894c449cb028340fd107e471a96c13e4d90b5a4507fb83754c280"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1beta2/_inputs.py"}, "region": {"startLine": 1863}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107192, "scanner": "repobility-ast-engine", "fingerprint": "1684f4c80fdf493b8d9cfb587a67ba0f8837eaf089eab7c41b91e79a5fad8e00", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1684f4c80fdf493b8d9cfb587a67ba0f8837eaf089eab7c41b91e79a5fad8e00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/resource/v1beta2/_inputs.py"}, "region": {"startLine": 5121}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107191, "scanner": "repobility-ast-engine", "fingerprint": "fd0135b5809127ca001c2b709028d6631730313c77d3763295042b614682cda9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd0135b5809127ca001c2b709028d6631730313c77d3763295042b614682cda9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/extensions/v1beta1/_inputs.py"}, "region": {"startLine": 3236}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107190, "scanner": "repobility-ast-engine", "fingerprint": "df0ae00b820b451e948c44777971a4073187db2327e4e1b2b3b0cb4b75a393e7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df0ae00b820b451e948c44777971a4073187db2327e4e1b2b3b0cb4b75a393e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/meta/v1/_inputs.py"}, "region": {"startLine": 910}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107189, "scanner": "repobility-ast-engine", "fingerprint": "1d362f449929a7b67770b21314fd92f37d86ad3cc801d4f55821cb2fb7cef0c8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d362f449929a7b67770b21314fd92f37d86ad3cc801d4f55821cb2fb7cef0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/meta/v1/_inputs.py"}, "region": {"startLine": 430}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107188, "scanner": "repobility-ast-engine", "fingerprint": "65714573900c8b66504e1886f90719629fc221501e13e1cfa7389ed644d371aa", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65714573900c8b66504e1886f90719629fc221501e13e1cfa7389ed644d371aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/apiextensions/v1beta1/_inputs.py"}, "region": {"startLine": 2600}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107187, "scanner": "repobility-ast-engine", "fingerprint": "7bc34888839d4fb1a13080b9618426030936f6ae1e02811171b9817736e8c1b9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7bc34888839d4fb1a13080b9618426030936f6ae1e02811171b9817736e8c1b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/apiextensions/v1/_inputs.py"}, "region": {"startLine": 2510}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107186, "scanner": "repobility-ast-engine", "fingerprint": "72fc987b82712c3460a98c52d1bdb3be47318fb48afa0dc19aa6ebfc5fe7d103", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72fc987b82712c3460a98c52d1bdb3be47318fb48afa0dc19aa6ebfc5fe7d103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/networking/v1beta1/_inputs.py"}, "region": {"startLine": 1055}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107185, "scanner": "repobility-ast-engine", "fingerprint": "afdd66c9689aa0a9681b836bee5e0190c6c8fd636aa83d9d56727dfe66440dcb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afdd66c9689aa0a9681b836bee5e0190c6c8fd636aa83d9d56727dfe66440dcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/networking/v1/_inputs.py"}, "region": {"startLine": 1590}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `operator` used but not imported: The file uses `operator.something(...)` but never imports `operator`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 107184, "scanner": "repobility-ast-engine", "fingerprint": "5a9b19bdc91d29c0d49d4df1cabade968f081039ae74fdbef4f1341a23344e57", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a9b19bdc91d29c0d49d4df1cabade968f081039ae74fdbef4f1341a23344e57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sdk/python/pulumi_kubernetes/batch/v1/_inputs.py"}, "region": {"startLine": 2121}}}]}]}]}