{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `vscode-jsonrpc` is 1 major version(s) behind (8.2.1 -> 9.0.0)", "shortDescription": {"text": "npm package `vscode-jsonrpc` is 1 major version(s) behind (8.2.1 -> 9.0.0)"}, "fullDescription": {"text": "`vscode-jsonrpc` is pinned/resolved at 8.2.1 but the latest stable release on the npm registry is 9.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.", "shortDescription": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5039", "name": "stdlib: GO-2026-5039", "shortDescription": {"text": "stdlib: GO-2026-5039"}, "fullDescription": {"text": "Arbitrary inputs are included in errors without any escaping in net/textproto"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5038", "name": "stdlib: GO-2026-5038", "shortDescription": {"text": "stdlib: GO-2026-5038"}, "fullDescription": {"text": "Quadratic complexity in WordDecoder.DecodeHeader in mime"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-5037", "name": "stdlib: GO-2026-5037", "shortDescription": {"text": "stdlib: GO-2026-5037"}, "fullDescription": {"text": "Inefficient candidate hostname parsing in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4986", "name": "stdlib: GO-2026-4986", "shortDescription": {"text": "stdlib: GO-2026-4986"}, "fullDescription": {"text": "Quadratic string concatentation in consumeComment in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4982", "name": "stdlib: GO-2026-4982", "shortDescription": {"text": "stdlib: GO-2026-4982"}, "fullDescription": {"text": "Bypass of meta content URL escaping causes XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4981", "name": "stdlib: GO-2026-4981", "shortDescription": {"text": "stdlib: GO-2026-4981"}, "fullDescription": {"text": "Crash when handling long CNAME response in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4980", "name": "stdlib: GO-2026-4980", "shortDescription": {"text": "stdlib: GO-2026-4980"}, "fullDescription": {"text": "Escaper bypass leads to XSS in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4977", "name": "stdlib: GO-2026-4977", "shortDescription": {"text": "stdlib: GO-2026-4977"}, "fullDescription": {"text": "Quadratic string concatenation in consumePhrase in net/mail"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4976", "name": "stdlib: GO-2026-4976", "shortDescription": {"text": "stdlib: GO-2026-4976"}, "fullDescription": {"text": "ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4971", "name": "stdlib: GO-2026-4971", "shortDescription": {"text": "stdlib: GO-2026-4971"}, "fullDescription": {"text": "Panic in Dial and LookupPort when handling NUL byte on Windows in net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4947", "name": "stdlib: GO-2026-4947", "shortDescription": {"text": "stdlib: GO-2026-4947"}, "fullDescription": {"text": "Unexpected work during chain building in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4946", "name": "stdlib: GO-2026-4946", "shortDescription": {"text": "stdlib: GO-2026-4946"}, "fullDescription": {"text": "Inefficient policy validation in crypto/x509"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4918", "name": "stdlib: GO-2026-4918", "shortDescription": {"text": "stdlib: GO-2026-4918"}, "fullDescription": {"text": "Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4870", "name": "stdlib: GO-2026-4870", "shortDescription": {"text": "stdlib: GO-2026-4870"}, "fullDescription": {"text": "Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4869", "name": "stdlib: GO-2026-4869", "shortDescription": {"text": "stdlib: GO-2026-4869"}, "fullDescription": {"text": "Unbounded allocation for old GNU sparse in archive/tar"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4865", "name": "stdlib: GO-2026-4865", "shortDescription": {"text": "stdlib: GO-2026-4865"}, "fullDescription": {"text": "JsBraceDepth Context Tracking Bugs (XSS) in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4864", "name": "stdlib: GO-2026-4864", "shortDescription": {"text": "stdlib: GO-2026-4864"}, "fullDescription": {"text": "TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4603", "name": "stdlib: GO-2026-4603", "shortDescription": {"text": "stdlib: GO-2026-4603"}, "fullDescription": {"text": "URLs in meta content attribute actions are not escaped in html/template"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4602", "name": "stdlib: GO-2026-4602", "shortDescription": {"text": "stdlib: GO-2026-4602"}, "fullDescription": {"text": "FileInfo can escape from a Root in os"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GO-2026-4601", "name": "stdlib: GO-2026-4601", "shortDescription": {"text": "stdlib: GO-2026-4601"}, "fullDescription": {"text": "Incorrect parsing of IPv6 host literals in net/url"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.", "shortDescription": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT003", "name": "User-editable role instructions are inserted into the system prompt", "shortDescription": {"text": "User-editable role instructions are inserted into the system prompt"}, "fullDescription": {"text": "Fleet or role instructions that users can edit should be treated as untrusted configuration. Prepending them to every system prompt lets stored text override runtime behavior."}, "properties": {"scanner": "repobility-agent-runtime", "category": "llm_injection", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "go.mod replaces `github.com/github/copilot-sdk/go` \u2014 points to a LOCAL path", "shortDescription": {"text": "go.mod replaces `github.com/github/copilot-sdk/go` \u2014 points to a LOCAL path"}, "fullDescription": {"text": "`replace github.com/github/copilot-sdk/go => ../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: actions/setup-dotnet@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "package.json dep `@github/copilot-sdk` pulled from URL/Git", "shortDescription": {"text": "package.json dep `@github/copilot-sdk` pulled from URL/Git"}, "fullDescription": {"text": "`dependencies.@github/copilot-sdk` = `file:..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `input` inside async function `main`", "shortDescription": {"text": "Blocking call `input` inside async function `main`"}, "fullDescription": {"text": "`input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._path` used but never assigned in __init__", "shortDescription": {"text": "`self._path` used but never assigned in __init__"}, "fullDescription": {"text": "Method `readdir_with_types` of class `_TestSessionFsProvider` reads `self._path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_empty_mode_accepts_uri_connection", "shortDescription": {"text": "Phantom test coverage: test_empty_mode_accepts_uri_connection"}, "fullDescription": {"text": "Test function `test_empty_mode_accepts_uri_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `stat` used but not imported", "shortDescription": {"text": "Missing import: `stat` used but not imported"}, "fullDescription": {"text": "The file uses `stat.something(...)` but never imports `stat`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/706"}, "properties": {"repository": "github/copilot-sdk", "repoUrl": "https://github.com/github/copilot-sdk", "branch": "main"}, "results": [{"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 56640, "scanner": "repobility-threat-engine", "fingerprint": "3ee4d2ddff0c31a613c2359b86eca89bd1cd2e9cc265ffecd27018423f6abe0c", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|258|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/scripts/build-wheels.mjs"}, "region": {"startLine": 258}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 56607, "scanner": "repobility-agent-runtime", "fingerprint": "9cb388b3ed8c8950a2249d1460e66c8f629708cb34f613236d93da720db21462", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9cb388b3ed8c8950a2249d1460e66c8f629708cb34f613236d93da720db21462"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/java-smoke-test.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `vscode-jsonrpc` is 1 major version(s) behind (8.2.1 -> 9.0.0)"}, "properties": {"repobilityId": 56592, "scanner": "repobility-dependency-currency", "fingerprint": "b9165a02f80253f5f538b79be9887aebda736c56489a92bceee939e7e841fa0b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "vscode-jsonrpc", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.0.0", "correlation_key": "fp|b9165a02f80253f5f538b79be9887aebda736c56489a92bceee939e7e841fa0b", "current_version": "8.2.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56538, "scanner": "repobility-ast-engine", "fingerprint": "6c2f1e01496e517453b160158ae2d4c6319e807f865027cf22aa44782eb34aad", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c2f1e01496e517453b160158ae2d4c6319e807f865027cf22aa44782eb34aad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session.py"}, "region": {"startLine": 1709}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56537, "scanner": "repobility-ast-engine", "fingerprint": "b9885704e4c9edbe80c367c5d48d2f07437fa1ab42c550a3565164ea2b3adb1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b9885704e4c9edbe80c367c5d48d2f07437fa1ab42c550a3565164ea2b3adb1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session.py"}, "region": {"startLine": 1658}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56536, "scanner": "repobility-ast-engine", "fingerprint": "6332027410fe10eb900c785ca0c79aed9dce87b4a9ddd5bb2fa672a4b859282e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6332027410fe10eb900c785ca0c79aed9dce87b4a9ddd5bb2fa672a4b859282e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56535, "scanner": "repobility-ast-engine", "fingerprint": "86010a34f440e360cfd34ae1cb0d80fe3b2f2cb5fe6a1e704eff7840b5c674cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|86010a34f440e360cfd34ae1cb0d80fe3b2f2cb5fe6a1e704eff7840b5c674cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56534, "scanner": "repobility-ast-engine", "fingerprint": "4d2bf33f6ab6194f45b420c75b8d47c502de384768e573267f9b0fee83ffafe2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d2bf33f6ab6194f45b420c75b8d47c502de384768e573267f9b0fee83ffafe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56533, "scanner": "repobility-ast-engine", "fingerprint": "4da3f98239a430e30e905524dd29006802ed730ba5f2a4a85727afbb3b0d7977", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4da3f98239a430e30e905524dd29006802ed730ba5f2a4a85727afbb3b0d7977"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56532, "scanner": "repobility-ast-engine", "fingerprint": "c473fc6a19de0a932264bae9f8f04c0a01d5009b17dc0ca3248f99e46abeeb4f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c473fc6a19de0a932264bae9f8f04c0a01d5009b17dc0ca3248f99e46abeeb4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56531, "scanner": "repobility-ast-engine", "fingerprint": "190c8a7dcf17b6b1d65826c216495037aa69fbd968e1de99fcf9fad3d70b92e6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|190c8a7dcf17b6b1d65826c216495037aa69fbd968e1de99fcf9fad3d70b92e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56530, "scanner": "repobility-ast-engine", "fingerprint": "93b6ac35db80b23cc679b9209d2b46ad8508c7e321cd2a9687c2db9bc6120ceb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93b6ac35db80b23cc679b9209d2b46ad8508c7e321cd2a9687c2db9bc6120ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56529, "scanner": "repobility-ast-engine", "fingerprint": "2075b4655bd61f739e68b9c64e2fa542385ea5a74936e31ab9772b8c43b4eaae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2075b4655bd61f739e68b9c64e2fa542385ea5a74936e31ab9772b8c43b4eaae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56528, "scanner": "repobility-ast-engine", "fingerprint": "5bf5d0dd30ee55d5985ebf4cd0f615976863d2075283dfeddcc80877b35fa91a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5bf5d0dd30ee55d5985ebf4cd0f615976863d2075283dfeddcc80877b35fa91a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56527, "scanner": "repobility-ast-engine", "fingerprint": "f7eb60631f4db83f5c88d79c6a0d6a4350a01897b1ceb8db4d2be8e3cd4148fa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7eb60631f4db83f5c88d79c6a0d6a4350a01897b1ceb8db4d2be8e3cd4148fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56526, "scanner": "repobility-ast-engine", "fingerprint": "e544fd83bee9ecdd12ff3037ed0d8f0d70ecbd113ae3b0875b31b175e9d3bdbc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e544fd83bee9ecdd12ff3037ed0d8f0d70ecbd113ae3b0875b31b175e9d3bdbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56525, "scanner": "repobility-ast-engine", "fingerprint": "acfad923c700767b5498f026235c9064103476e8e726265a7c71a399776c5dcc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|acfad923c700767b5498f026235c9064103476e8e726265a7c71a399776c5dcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/tools.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56523, "scanner": "repobility-ast-engine", "fingerprint": "10374e8b7dd11b9c99cf521084a4ef9a36db40c0ce3c82b856db5d8e1b376d3e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10374e8b7dd11b9c99cf521084a4ef9a36db40c0ce3c82b856db5d8e1b376d3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_pending_work_resume_e2e.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56522, "scanner": "repobility-ast-engine", "fingerprint": "5f18a3f0fe95624a12c7a43037c2fa17b120feb09b745adca0bf5954e499ba5a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f18a3f0fe95624a12c7a43037c2fa17b120feb09b745adca0bf5954e499ba5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_client_options_e2e.py"}, "region": {"startLine": 275}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56521, "scanner": "repobility-ast-engine", "fingerprint": "5f7efcfdbc254dd84bab6ddb7e1983671575e61f1ebafe28296385693cb453f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5f7efcfdbc254dd84bab6ddb7e1983671575e61f1ebafe28296385693cb453f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_sqlite_e2e.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56520, "scanner": "repobility-ast-engine", "fingerprint": "9005b93218e766e1c35c2753d23d20f162df081fcb1150f6139238102ac8e1e7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9005b93218e766e1c35c2753d23d20f162df081fcb1150f6139238102ac8e1e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_rpc_session_state_e2e.py"}, "region": {"startLine": 528}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56519, "scanner": "repobility-ast-engine", "fingerprint": "63a75e1e925dd61f83e68dda5175931b786cbc31e5d42f5be93fe19540a31df1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63a75e1e925dd61f83e68dda5175931b786cbc31e5d42f5be93fe19540a31df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_rpc_workspace_checkpoints_e2e.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56518, "scanner": "repobility-ast-engine", "fingerprint": "dc2779744d4117a055d33b9a677132fc454ace2ae00d074d2333bc74608629a5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc2779744d4117a055d33b9a677132fc454ace2ae00d074d2333bc74608629a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_suspend_e2e.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56517, "scanner": "repobility-ast-engine", "fingerprint": "c5b276f4d30159883c5eb8a301240a13e96fb0c7e603ac23b15292ee7d4c38f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5b276f4d30159883c5eb8a301240a13e96fb0c7e603ac23b15292ee7d4c38f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_permissions_e2e.py"}, "region": {"startLine": 460}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56516, "scanner": "repobility-ast-engine", "fingerprint": "170c51fb7f2d67285ca4d5f85598c214bcd7f2baaa0c9d796c98faf9bb7b77a7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|170c51fb7f2d67285ca4d5f85598c214bcd7f2baaa0c9d796c98faf9bb7b77a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_rpc_remote_e2e.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56515, "scanner": "repobility-ast-engine", "fingerprint": "46afa85a6dcbc1b756f267385ab71b1b4fcc7a16c0647a95b7f9dcf48e9db05c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46afa85a6dcbc1b756f267385ab71b1b4fcc7a16c0647a95b7f9dcf48e9db05c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_rpc_remote_e2e.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56514, "scanner": "repobility-ast-engine", "fingerprint": "a35e421265d4eb9ce7cbd426427072ac13b1754579bdb050429487f197b9b080", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a35e421265d4eb9ce7cbd426427072ac13b1754579bdb050429487f197b9b080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 56493, "scanner": "repobility-ast-engine", "fingerprint": "4a9fb576d0a4aec19d2e20279932ba64e47f1b58e38ea8864cc53b52ff6224a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a9fb576d0a4aec19d2e20279932ba64e47f1b58e38ea8864cc53b52ff6224a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_rpc_mcp_and_skills_e2e.py"}, "region": {"startLine": 342}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: case=1, continue=1, if=2, match=1, nested_bonus=4, while=1."}, "properties": {"repobilityId": 56635, "scanner": "repobility-threat-engine", "fingerprint": "b59d0ad7fb1122bf9e90726b8036bcc9b54ccdd0f894cb3f6bcfcae589e8cd66", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "case": 1, "match": 1, "while": 1, "continue": 1, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|b59d0ad7fb1122bf9e90726b8036bcc9b54ccdd0f894cb3f6bcfcae589e8cd66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/samples/chat.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_system_message_for_mode` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=1, or=1."}, "properties": {"repobilityId": 56634, "scanner": "repobility-threat-engine", "fingerprint": "8aeb5926c44131f9b5861b411b13f9d78d9e0a07be9e285cb5c503a1b56b728f", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_system_message_for_mode", "breakdown": {"if": 6, "or": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|8aeb5926c44131f9b5861b411b13f9d78d9e0a07be9e285cb5c503a1b56b728f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/_mode.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_post_create_options_patch` has cognitive complexity 14 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=5, nested_bonus=4, or=1, ternary=4."}, "properties": {"repobilityId": 56633, "scanner": "repobility-threat-engine", "fingerprint": "63435635f136758544d78096b1fbbb39b94ddd7426d8b3fb8563ef1a0c4650a9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 14 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_post_create_options_patch", "breakdown": {"if": 5, "or": 1, "ternary": 4, "nested_bonus": 4}, "complexity": 14, "correlation_key": "fp|63435635f136758544d78096b1fbbb39b94ddd7426d8b3fb8563ef1a0c4650a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/_mode.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 56628, "scanner": "repobility-threat-engine", "fingerprint": "56e75c0967c5c91d6cfd31db8bbaa75ce99134a13d81b254228c783d7c1ebce0", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Invalid \" + kind + \" tool name: must not be null or empty.\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|56e75c0967c5c91d6cfd31db8bbaa75ce99134a13d81b254228c783d7c1ebce0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/src/main/java/com/github/copilot/rpc/ToolSet.java"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 56622, "scanner": "repobility-threat-engine", "fingerprint": "9588df8dad4d85b1082a58db82c97f6b0e51f775c673af80c0d974eff5157ed6", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = session.Disconnect(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9588df8dad4d85b1082a58db82c97f6b0e51f775c673af80c0d974eff5157ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/mode_empty.go"}, "region": {"startLine": 262}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 56621, "scanner": "repobility-threat-engine", "fingerprint": "58dc754172e423934e409ac2869da1e61bb1f4a509857a1703b5b0b4c552a813", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = f.Close(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|58dc754172e423934e409ac2869da1e61bb1f4a509857a1703b5b0b4c552a813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/internal/flock/flock.go"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56606, "scanner": "repobility-dependency-currency", "fingerprint": "97f0161f8848c443d6a81e730c37ceb968481a02cd879d8fa72be6adf2be6cc9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|97f0161f8848c443d6a81e730c37ceb968481a02cd879d8fa72be6adf2be6cc9", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/scripts/codegen/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56604, "scanner": "repobility-dependency-currency", "fingerprint": "fc4e0c1ffc3d307fa852e6fbebde67bcfa66fe0fd8d4e97b986ec84a22deaeef", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|fc4e0c1ffc3d307fa852e6fbebde67bcfa66fe0fd8d4e97b986ec84a22deaeef", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/samples/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56603, "scanner": "repobility-dependency-currency", "fingerprint": "234735adea1275708dcc764afb42082ee6d63720ca5f7712d90aa438cf27a588", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|234735adea1275708dcc764afb42082ee6d63720ca5f7712d90aa438cf27a588", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codegen/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@actions/github` is minor version(s) behind (9.0.0 -> 9.1.1)"}, "properties": {"repobilityId": 56602, "scanner": "repobility-dependency-currency", "fingerprint": "a0de803826f9ef8a25eb2da5d785a346a490ae246f13c25e3e1c0c3d8c344edc", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@actions/github", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "9.1.1", "correlation_key": "fp|a0de803826f9ef8a25eb2da5d785a346a490ae246f13c25e3e1c0c3d8c344edc", "current_version": "9.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/corrections/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56601, "scanner": "repobility-dependency-currency", "fingerprint": "6c381c7b94c286acebc36e6a2b2a6712155a68517d83292bf3ca3eab68633449", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|6c381c7b94c286acebc36e6a2b2a6712155a68517d83292bf3ca3eab68633449", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/docs-validation/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56600, "scanner": "repobility-dependency-currency", "fingerprint": "8a0ac3ddea88827f0a910883fecab37ed96f1015a520568c29d11fac3f35a396", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|8a0ac3ddea88827f0a910883fecab37ed96f1015a520568c29d11fac3f35a396", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/harness/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@modelcontextprotocol/sdk` is minor version(s) behind (1.26.0 -> 1.29.0)"}, "properties": {"repobilityId": 56599, "scanner": "repobility-dependency-currency", "fingerprint": "c8ca9b36cb2710f7ad3103c1de238b6908adb4c2177a44cdbcdd1e94699a4500", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@modelcontextprotocol/sdk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.29.0", "correlation_key": "fp|c8ca9b36cb2710f7ad3103c1de238b6908adb4c2177a44cdbcdd1e94699a4500", "current_version": "1.26.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/harness/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)"}, "properties": {"repobilityId": 56597, "scanner": "repobility-dependency-currency", "fingerprint": "e3da9dd7f00fff87f32b73380af5682ee11f391c19932fbcbe052f2c284df889", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|e3da9dd7f00fff87f32b73380af5682ee11f391c19932fbcbe052f2c284df889", "current_version": "4.21.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `semver` is minor version(s) behind (7.7.3 -> 7.8.2)"}, "properties": {"repobilityId": 56596, "scanner": "repobility-dependency-currency", "fingerprint": "461708ba298164921ca381c2aca3a4b3525de13206718131d9b084d9eac18654", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "semver", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.8.2", "correlation_key": "fp|461708ba298164921ca381c2aca3a4b3525de13206718131d9b084d9eac18654", "current_version": "7.7.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `esbuild` is minor version(s) behind (0.27.2 -> 0.28.0)"}, "properties": {"repobilityId": 56594, "scanner": "repobility-dependency-currency", "fingerprint": "b4225d0b6e24957837be5a9b20d071eecf1ee792221cc3cedd4680499911d105", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "esbuild", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.28.0", "correlation_key": "fp|b4225d0b6e24957837be5a9b20d071eecf1ee792221cc3cedd4680499911d105", "current_version": "0.27.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@platformatic/vfs` is minor version(s) behind (0.3.0 -> 0.4.0)"}, "properties": {"repobilityId": 56593, "scanner": "repobility-dependency-currency", "fingerprint": "fefdc99525c540ea97f7fafab4bfacb81b066d286bc3f29bc62fc681570443e1", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@platformatic/vfs", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.4.0", "correlation_key": "fp|fefdc99525c540ea97f7fafab4bfacb81b066d286bc3f29bc62fc681570443e1", "current_version": "0.3.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56461, "scanner": "repobility-ai-code-hygiene", "fingerprint": "789e0bc5d9f06d92ea00ba7987a16c1a41100205e64b630ace27d011d1a17a2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "rust/src/canvas_dispatch.rs", "duplicate_line": 24, "correlation_key": "fp|789e0bc5d9f06d92ea00ba7987a16c1a41100205e64b630ace27d011d1a17a2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/session_fs_dispatch.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56460, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3db3b383edf39145d904e77e23774edb5db97fadf5009004b39945015d57699f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "java/src/main/java/com/github/copilot/rpc/CreateSessionRequest.java", "duplicate_line": 15, "correlation_key": "fp|3db3b383edf39145d904e77e23774edb5db97fadf5009004b39945015d57699f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/src/main/java/com/github/copilot/rpc/ResumeSessionRequest.java"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 56645, "scanner": "repobility-threat-engine", "fingerprint": "dd769a7cb720447b5682ba55e2de581199e891419d1fd72c9d0e349275ee2e46", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd769a7cb720447b5682ba55e2de581199e891419d1fd72c9d0e349275ee2e46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/subscription.rs"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 56639, "scanner": "repobility-threat-engine", "fingerprint": "d41cf7196750035a5450d0f03770a12fdc1e6dfe4797790872d670d904d7e3d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d41cf7196750035a5450d0f03770a12fdc1e6dfe4797790872d670d904d7e3d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/samples/chat.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 56637, "scanner": "repobility-threat-engine", "fingerprint": "8812f85d221e90e0c35ff1aa1a3c9836b1be3c0cd733ea017bab9aa3362d718b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8812f85d221e90e0c35ff1aa1a3c9836b1be3c0cd733ea017bab9aa3362d718b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/session_fs_provider.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 56636, "scanner": "repobility-threat-engine", "fingerprint": "2becc59112cd9f86e25c2bcb9bea4da45919802bca2eface38035e9666ed48d7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2becc59112cd9f86e25c2bcb9bea4da45919802bca2eface38035e9666ed48d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/canvas.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 56632, "scanner": "repobility-threat-engine", "fingerprint": "67a27f5cf85eac044eca73e20fc23fb9d6a1a9f74728d143ec989b8f7cbb925d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|67a27f5cf85eac044eca73e20fc23fb9d6a1a9f74728d143ec989b8f7cbb925d", "aggregated_count": 4}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 56631, "scanner": "repobility-threat-engine", "fingerprint": "a6dc68966b52aad86623b682d5572208172bc802965ee2cca7e67a88f05816b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6dc68966b52aad86623b682d5572208172bc802965ee2cca7e67a88f05816b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/samples/manual-tool-resume.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 56630, "scanner": "repobility-threat-engine", "fingerprint": "d86fb545859adb8ff99571e3dd5e5ac87b16cc4c82051301756433c081a1e3a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d86fb545859adb8ff99571e3dd5e5ac87b16cc4c82051301756433c081a1e3a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/samples/chat.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 56629, "scanner": "repobility-threat-engine", "fingerprint": "baf4c0b116b2b5d95d21d013178dae2df22978da2e1a1c6bcbbf987ec14b8791", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|baf4c0b116b2b5d95d21d013178dae2df22978da2e1a1c6bcbbf987ec14b8791"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/examples/basic-example.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 56624, "scanner": "repobility-threat-engine", "fingerprint": "c59007fd8d6776af9caad0a4a270fe46de39ef354eac6216db83193d8e5bb0a3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c59007fd8d6776af9caad0a4a270fe46de39ef354eac6216db83193d8e5bb0a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/manual_tool_resume/main.go"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 56623, "scanner": "repobility-threat-engine", "fingerprint": "d6f48e84265dacc11e50e35becbe82078318f39db122020430bc13abe1b5a194", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d6f48e84265dacc11e50e35becbe82078318f39db122020430bc13abe1b5a194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/chat.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 56617, "scanner": "repobility-threat-engine", "fingerprint": "537939c16c37080b51999e17b8ad02e42658df05cf9b994440b6e17bf2ff30ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|537939c16c37080b51999e17b8ad02e42658df05cf9b994440b6e17bf2ff30ca", "aggregated_count": 3}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 56616, "scanner": "repobility-threat-engine", "fingerprint": "6a4138ad822589a6b1f87892a0b46fa657881ac2142aa9e7e9e83ad1ef09f28e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a4138ad822589a6b1f87892a0b46fa657881ac2142aa9e7e9e83ad1ef09f28e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/mode_empty.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 56615, "scanner": "repobility-threat-engine", "fingerprint": "76da968d064be3a2ae50584faaebbbe262905915054174a073834affee919cde", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76da968d064be3a2ae50584faaebbbe262905915054174a073834affee919cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/internal/embeddedcli/embeddedcli.go"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 56614, "scanner": "repobility-threat-engine", "fingerprint": "db2ac4ccd2e913fe69a1241d0770e553089178f45ffbc4f4fb5edd980e61fab3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|db2ac4ccd2e913fe69a1241d0770e553089178f45ffbc4f4fb5edd980e61fab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/definetool.go"}, "region": {"startLine": 217}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 56613, "scanner": "repobility-threat-engine", "fingerprint": "75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d"}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@github/copilot` is patch version(s) behind (1.0.57 -> 1.0.59)"}, "properties": {"repobilityId": 56605, "scanner": "repobility-dependency-currency", "fingerprint": "f60583a7bba0b70c90c96cb2fdfa60527b805a68aa3ab8d840540a5d9b07be38", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@github/copilot", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.59", "correlation_key": "fp|f60583a7bba0b70c90c96cb2fdfa60527b805a68aa3ab8d840540a5d9b07be38", "current_version": "1.0.57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/scripts/codegen/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@github/copilot` is patch version(s) behind (1.0.57 -> 1.0.59)"}, "properties": {"repobilityId": 56598, "scanner": "repobility-dependency-currency", "fingerprint": "b96647fa0c85d86d49cc961d981d4b86879706f93bb3b9f8741d38ef2646499f", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@github/copilot", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.59", "correlation_key": "fp|b96647fa0c85d86d49cc961d981d4b86879706f93bb3b9f8741d38ef2646499f", "current_version": "1.0.57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/harness/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `prettier` is patch version(s) behind (3.8.1 -> 3.8.3)"}, "properties": {"repobilityId": 56595, "scanner": "repobility-dependency-currency", "fingerprint": "fa169dd1f5423892f776c302d85845f4a676d8dd54e2a37f7dfc636c46044b8c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.8.3", "correlation_key": "fp|fa169dd1f5423892f776c302d85845f4a676d8dd54e2a37f7dfc636c46044b8c", "current_version": "3.8.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@github/copilot` is patch version(s) behind (1.0.57 -> 1.0.59)"}, "properties": {"repobilityId": 56591, "scanner": "repobility-dependency-currency", "fingerprint": "1fae95f6c300157ed598cae51386a7ab34133893d36ba24d7407c98dbeb48be5", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@github/copilot", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "1.0.59", "correlation_key": "fp|1fae95f6c300157ed598cae51386a7ab34133893d36ba24d7407c98dbeb48be5", "current_version": "1.0.57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 56685, "scanner": "osv-scanner", "fingerprint": "1443cb6210c71298bbfd1ae2320198f24275eaaee95602b5b1837718bef27291", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 56684, "scanner": "osv-scanner", "fingerprint": "36b9d254990d9feee9333193ccf9ce97513df1f650a847c59a22689e8195d601", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 56683, "scanner": "osv-scanner", "fingerprint": "ccccf54ae05f864cdf4abb9c1c869be04ce3a9aa07acc21fbaf04de367ce9245", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 56682, "scanner": "osv-scanner", "fingerprint": "0c31b4b2398fd690cc2ebb681b2254ac980be215b1ffeb73e1569a2fff49064e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 56681, "scanner": "osv-scanner", "fingerprint": "c566e0082bca28395aded2fedaf8ad795a38426329ff8ed3bd60b4ed58f5a130", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 56680, "scanner": "osv-scanner", "fingerprint": "5aaa946fcdaf14a2067909b41bddde49caf8500cbcbd50ceaf205550e0fe0a1b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 56679, "scanner": "osv-scanner", "fingerprint": "574eba1896654532d871478e939b934790a887023464b8c3971bd4c6036fc40d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 56678, "scanner": "osv-scanner", "fingerprint": "115928cabbb62a86535f74d7bba1cc263ff03239240a62665603c5c5f7338c5a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 56677, "scanner": "osv-scanner", "fingerprint": "18d388bc8e48c933881e8060ba29b6fad9435fef5fe10d3cdc997591f9241288", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 56676, "scanner": "osv-scanner", "fingerprint": "d527b7bdabf5dec32c9281a1fda6f07a21791f5820ea1391b2470f606494e048", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 56675, "scanner": "osv-scanner", "fingerprint": "8cac8a1a704cc6210d2bf2695f0922f98262345e6e2516e3a38f58a3a6c607b4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 56674, "scanner": "osv-scanner", "fingerprint": "e50d5f3e886b7ae67b7b8c7f61f6cbefb7e3d1457bb4c87481c1f764c97906f3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 56673, "scanner": "osv-scanner", "fingerprint": "2124aa83eb6550ac7d49c3a411258698995bcda9178d79fcd22594ec9387a3a3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 56672, "scanner": "osv-scanner", "fingerprint": "dd8e69fa76b26c738561a7d1ec23142bb4582422e245f664f3f18175ba1571cf", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 56671, "scanner": "osv-scanner", "fingerprint": "d9c7b71faeefe4a67750ae3b795eaf7c165154cdddeaf15b711209c4a2bd8863", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 56670, "scanner": "osv-scanner", "fingerprint": "f484fc15f9e34522a4c5e6eb30175db40ebd9e26aabc63c5e6f9c1ff94bd76e1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 56669, "scanner": "osv-scanner", "fingerprint": "543de27fe31adfbdaf8570d82d90d8b7ad01578b9d977b64ff8110d6dc679080", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 56668, "scanner": "osv-scanner", "fingerprint": "abfe441c8a56ecb45424083f388d6ebda8f188528b326dae6f2db0aa7179e04a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 56667, "scanner": "osv-scanner", "fingerprint": "1fe497d30d08da61183284b637236cd7345e3a37572e72506be9bd404242d0de", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 56666, "scanner": "osv-scanner", "fingerprint": "7c49248d94772b32e9dafd59fa4d8ff2412cd803a0cb1edd6ddaedda8cf99857", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|go/samples/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5039", "level": "error", "message": {"text": "stdlib: GO-2026-5039"}, "properties": {"repobilityId": 56665, "scanner": "osv-scanner", "fingerprint": "4e25d1c38e679bd2a3a2b6c3183a550cc5c3ac27f21fd52fdf08704f70986cec", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42507"], "package": "stdlib", "rule_id": "GO-2026-5039", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42507|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5038", "level": "error", "message": {"text": "stdlib: GO-2026-5038"}, "properties": {"repobilityId": 56664, "scanner": "osv-scanner", "fingerprint": "117a9005823b5b17bb9659def80a0d295877bcd47ed4cfc64012510e1bb9b456", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-42504"], "package": "stdlib", "rule_id": "GO-2026-5038", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42504|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-5037", "level": "error", "message": {"text": "stdlib: GO-2026-5037"}, "properties": {"repobilityId": 56663, "scanner": "osv-scanner", "fingerprint": "408b1a8515d530cd07b437172dd7fc370e9ef7ea8c2c895a62c8762b29d3b363", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27145"], "package": "stdlib", "rule_id": "GO-2026-5037", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27145|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4986", "level": "error", "message": {"text": "stdlib: GO-2026-4986"}, "properties": {"repobilityId": 56662, "scanner": "osv-scanner", "fingerprint": "d5fb844854276fd1757d19c44e6e2633f4c91648a665da1425b5237acd978b48", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39820", "CVE-2026-39820"], "package": "stdlib", "rule_id": "GO-2026-4986", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39820|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4982", "level": "error", "message": {"text": "stdlib: GO-2026-4982"}, "properties": {"repobilityId": 56661, "scanner": "osv-scanner", "fingerprint": "c01d004aa5b1ec5632a420eb71f869d2f0b8f9076e0f2a055dea3bdef59b9224", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39823", "CVE-2026-39823"], "package": "stdlib", "rule_id": "GO-2026-4982", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39823|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4981", "level": "error", "message": {"text": "stdlib: GO-2026-4981"}, "properties": {"repobilityId": 56660, "scanner": "osv-scanner", "fingerprint": "d616874ec6a8eec9646d2224d21684484add07020de25fd131ad9a8194e96073", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33811", "CVE-2026-33811"], "package": "stdlib", "rule_id": "GO-2026-4981", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33811|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4980", "level": "error", "message": {"text": "stdlib: GO-2026-4980"}, "properties": {"repobilityId": 56659, "scanner": "osv-scanner", "fingerprint": "753d3df79182d50e2b7be20929858fe8b01fb9185aa709f86bcd4a7488f3078f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39826", "CVE-2026-39826"], "package": "stdlib", "rule_id": "GO-2026-4980", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39826|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4977", "level": "error", "message": {"text": "stdlib: GO-2026-4977"}, "properties": {"repobilityId": 56658, "scanner": "osv-scanner", "fingerprint": "463a196fdfa237fe4fb112938ed6ad8cf4372c10d9b5ae40d454ba91e445cae7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-42499", "CVE-2026-42499"], "package": "stdlib", "rule_id": "GO-2026-4977", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-42499|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4976", "level": "error", "message": {"text": "stdlib: GO-2026-4976"}, "properties": {"repobilityId": 56657, "scanner": "osv-scanner", "fingerprint": "afaec3acf02c20e21ada86e4ec555750298e34f32197eb48b78857540f4d67d7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39825", "CVE-2026-39825"], "package": "stdlib", "rule_id": "GO-2026-4976", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39825|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4971", "level": "error", "message": {"text": "stdlib: GO-2026-4971"}, "properties": {"repobilityId": 56656, "scanner": "osv-scanner", "fingerprint": "d10863b3733f09f3c8df989c764d5400591b94e111d107e7c1b949a75a03609c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-39836", "CVE-2026-39836"], "package": "stdlib", "rule_id": "GO-2026-4971", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-39836|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4947", "level": "error", "message": {"text": "stdlib: GO-2026-4947"}, "properties": {"repobilityId": 56655, "scanner": "osv-scanner", "fingerprint": "6fe6b95b251f890075b1d561ae1b6c7f5e193b16ffdb2488f6f7014cb31615fd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32280", "CVE-2026-32280"], "package": "stdlib", "rule_id": "GO-2026-4947", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32280|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4946", "level": "error", "message": {"text": "stdlib: GO-2026-4946"}, "properties": {"repobilityId": 56654, "scanner": "osv-scanner", "fingerprint": "e3f46126f90ea2848386c9d4d354254456c158f76edae1eceef32a14eadda3fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32281", "CVE-2026-32281"], "package": "stdlib", "rule_id": "GO-2026-4946", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32281|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4918", "level": "error", "message": {"text": "stdlib: GO-2026-4918"}, "properties": {"repobilityId": 56653, "scanner": "osv-scanner", "fingerprint": "6629383a778c752de6e7f58fde24fb00ce44623d634923abd9b230d7bc57cf18", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-33814", "CVE-2026-33814"], "package": "stdlib", "rule_id": "GO-2026-4918", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-33814|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4870", "level": "error", "message": {"text": "stdlib: GO-2026-4870"}, "properties": {"repobilityId": 56652, "scanner": "osv-scanner", "fingerprint": "8258bc19c8e863aa7496b1212690b64efbe56c798bae0412fa941b6f1475ee62", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32283", "CVE-2026-32283"], "package": "stdlib", "rule_id": "GO-2026-4870", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32283|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4869", "level": "error", "message": {"text": "stdlib: GO-2026-4869"}, "properties": {"repobilityId": 56651, "scanner": "osv-scanner", "fingerprint": "21084572e12cc26df73fae96f256c435230b13addf56cd85cf3f42be23b327e2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32288", "CVE-2026-32288"], "package": "stdlib", "rule_id": "GO-2026-4869", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32288|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4865", "level": "error", "message": {"text": "stdlib: GO-2026-4865"}, "properties": {"repobilityId": 56650, "scanner": "osv-scanner", "fingerprint": "bacbbfb45d065ed0cd6065f045dcb87e5a3a6a31e98ca982cd5110cab3867ab1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32289", "CVE-2026-32289"], "package": "stdlib", "rule_id": "GO-2026-4865", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32289|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4864", "level": "error", "message": {"text": "stdlib: GO-2026-4864"}, "properties": {"repobilityId": 56649, "scanner": "osv-scanner", "fingerprint": "24d078110ef3ef22ebb0434fe9e1cb393c551088665b412bfb8a9ee78ae20ff2", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-32282", "CVE-2026-32282"], "package": "stdlib", "rule_id": "GO-2026-4864", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-32282|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4603", "level": "error", "message": {"text": "stdlib: GO-2026-4603"}, "properties": {"repobilityId": 56648, "scanner": "osv-scanner", "fingerprint": "d2c2438e3071efe95136bba171d960bbe2f1a1d2be21ed0a7a832f52ca218cfd", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27142", "CVE-2026-27142"], "package": "stdlib", "rule_id": "GO-2026-4603", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27142|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4602", "level": "error", "message": {"text": "stdlib: GO-2026-4602"}, "properties": {"repobilityId": 56647, "scanner": "osv-scanner", "fingerprint": "8fa19ed6ce4a1793194a0072b8da26ce9fa5ab3bebc41a9dd23f69cd9efa3d9f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-27139", "CVE-2026-27139"], "package": "stdlib", "rule_id": "GO-2026-4602", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-27139|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "GO-2026-4601", "level": "error", "message": {"text": "stdlib: GO-2026-4601"}, "properties": {"repobilityId": 56646, "scanner": "osv-scanner", "fingerprint": "e965f9bc7b964b3d2c637790d9a3eb46c54dbbf6af66b59412cff82c9d3144ab", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-golang-2026-25679", "CVE-2026-25679"], "package": "stdlib", "rule_id": "GO-2026-4601", "scanner": "osv-scanner", "correlation_key": "vuln|stdlib|CVE-2026-25679|go/go.mod"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/go.mod"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 56644, "scanner": "repobility-threat-engine", "fingerprint": "b133f6477a981691a288406f3c9f16ef37f59fc7e8bda3205118692031c00988", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b133f6477a981691a288406f3c9f16ef37f59fc7e8bda3205118692031c00988"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/subscription.rs"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 56643, "scanner": "repobility-threat-engine", "fingerprint": "ff64941d8c531be13a7bf2b5ee63419debb6b868abe3481dfa9a8fda72b670c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ff64941d8c531be13a7bf2b5ee63419debb6b868abe3481dfa9a8fda72b670c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/permission.rs"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 56642, "scanner": "repobility-threat-engine", "fingerprint": "a2c705d360e01d58df2955de83734a0217e9bf9a631d04f1557b72d01134e97f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2c705d360e01d58df2955de83734a0217e9bf9a631d04f1557b72d01134e97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/canvas.rs"}, "region": {"startLine": 217}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 56641, "scanner": "repobility-threat-engine", "fingerprint": "52162891fbc9869f3a4bb21b7a30965903a62e3c2dd9705fc7614dd053248fe4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|52162891fbc9869f3a4bb21b7a30965903a62e3c2dd9705fc7614dd053248fe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/scripts/build-wheels.mjs"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 56638, "scanner": "repobility-threat-engine", "fingerprint": "ab4e52fdfac2a64bcb09ed5a81bfabd0b449142564b64e1648d414e205810fd3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab4e52fdfac2a64bcb09ed5a81bfabd0b449142564b64e1648d414e205810fd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/samples/chat.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 56627, "scanner": "repobility-threat-engine", "fingerprint": "3b9c1fedc85c2fae04a1bf91094b71c45e269f3793e94df74ff19f503818ddfe", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3b9c1fedc85c2fae04a1bf91094b71c45e269f3793e94df74ff19f503818ddfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/src/main/java/com/github/copilot/rpc/ProviderConfig.java"}, "region": {"startLine": 143}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 56626, "scanner": "repobility-threat-engine", "fingerprint": "d8fcbdceb7dfd34578bac0b109adc3d1ba689fbf835236facae580fec3c20231", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8fcbdceb7dfd34578bac0b109adc3d1ba689fbf835236facae580fec3c20231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/src/main/java/com/github/copilot/rpc/McpHttpServerConfig.java"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 56625, "scanner": "repobility-threat-engine", "fingerprint": "ef079ddf798402241820c589116a94f5e8f1df9efd3933a75dd8028fcfed4351", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(S", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ef079ddf798402241820c589116a94f5e8f1df9efd3933a75dd8028fcfed4351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "java/src/main/java/com/github/copilot/rpc/ElicitationContext.java"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 56620, "scanner": "repobility-threat-engine", "fingerprint": "755f18183608c9738f494e97f0ee1e5af374da9cd2e7d5d4cf7b8f0ce8052e33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|755f18183608c9738f494e97f0ee1e5af374da9cd2e7d5d4cf7b8f0ce8052e33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/manual_tool_resume/main.go"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 56619, "scanner": "repobility-threat-engine", "fingerprint": "5afec2bea54d9f081ed70a5b2b4f2341e8c4c4d85b7f2289ba4d822abdacad19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5afec2bea54d9f081ed70a5b2b4f2341e8c4c4d85b7f2289ba4d822abdacad19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/internal/jsonrpc2/frame.go"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 56618, "scanner": "repobility-threat-engine", "fingerprint": "679412bd7918c0ebdbc3392599a991191249393cab6dcacf50c2451dd1e54665", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|679412bd7918c0ebdbc3392599a991191249393cab6dcacf50c2451dd1e54665"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/internal/embeddedcli/embeddedcli.go"}, "region": {"startLine": 142}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 56612, "scanner": "repobility-threat-engine", "fingerprint": "ac0e6f3dbf7348a2817c511e312329241e05a266e46313e9114ac4e8ce47b361", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(CanvasProviderOpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|rust/src/canvas.rs|229|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust/src/canvas.rs"}, "region": {"startLine": 229}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 56611, "scanner": "repobility-threat-engine", "fingerprint": "243b9510d06d2b19339fcf540c25d98c3e364ac74f6cca5fe325502ad3506579", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(self, ctx: CanvasProviderOpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|python/copilot/canvas.py|152|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/canvas.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 56610, "scanner": "repobility-threat-engine", "fingerprint": "8323807a6954ca40dfbd9e9682635a1733b207d9d47ee14eb45c8ef1db85823a", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, c rpc.CanvasProviderOpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|go/canvas.go|95|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/canvas.go"}, "region": {"startLine": 95}}}]}, {"ruleId": "AGT003", "level": "error", "message": {"text": "User-editable role instructions are inserted into the system prompt"}, "properties": {"repobilityId": 56609, "scanner": "repobility-agent-runtime", "fingerprint": "9838f3103060ea63aa20ca0d078d07131943ac3ccb126e851f3c4d6e4cc46591", "category": "llm_injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File appears to combine a user-editable role/fleet instruction with system prompt construction without visible bounds or sanitizer.", "evidence": {"rule_id": "AGT003", "scanner": "repobility-agent-runtime", "data_flow": "user_editable_role_to_system_prompt", "references": ["https://owasp.org/www-project-top-10-for-large-language-model-applications/"], "correlation_key": "fp|9838f3103060ea63aa20ca0d078d07131943ac3ccb126e851f3c4d6e4cc46591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/copilot/generated/session_events.py"}, "region": {"startLine": 6878}}}]}, {"ruleId": "AGT003", "level": "error", "message": {"text": "User-editable role instructions are inserted into the system prompt"}, "properties": {"repobilityId": 56608, "scanner": "repobility-agent-runtime", "fingerprint": "b50baa412f3b22f2a644e7383a38b7a2e468580615573e9faad92cb2e5131d74", "category": "llm_injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File appears to combine a user-editable role/fleet instruction with system prompt construction without visible bounds or sanitizer.", "evidence": {"rule_id": "AGT003", "scanner": "repobility-agent-runtime", "data_flow": "user_editable_role_to_system_prompt", "references": ["https://owasp.org/www-project-top-10-for-large-language-model-applications/"], "correlation_key": "fp|b50baa412f3b22f2a644e7383a38b7a2e468580615573e9faad92cb2e5131d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/src/generated/session-events.ts"}, "region": {"startLine": 463}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "go.mod replaces `github.com/github/copilot-sdk/go` \u2014 points to a LOCAL path"}, "properties": {"repobilityId": 56590, "scanner": "repobility-supply-chain", "fingerprint": "47b79e10316e02a99977b35506c0f523acb494fbda07c8dc40425a3edc7d72e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47b79e10316e02a99977b35506c0f523acb494fbda07c8dc40425a3edc7d72e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "go/samples/go.mod"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 56565, "scanner": "repobility-supply-chain", "fingerprint": "91d7631a1cb6d9bef72ef16b6e642d60dfc3b2bf062e8ef49f845ef73d5b20aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|91d7631a1cb6d9bef72ef16b6e642d60dfc3b2bf062e8ef49f845ef73d5b20aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56564, "scanner": "repobility-supply-chain", "fingerprint": "8654a41a4d3b2fbc8c4098d977e72fca41d8db251cdce146b12eabf40eb949ee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8654a41a4d3b2fbc8c4098d977e72fca41d8db251cdce146b12eabf40eb949ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 56563, "scanner": "repobility-supply-chain", "fingerprint": "4f6d6f0ae20236d85f167120703fb782ef7ec8f68c3c492b6ee8cdc7f06c28d8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f6d6f0ae20236d85f167120703fb782ef7ec8f68c3c492b6ee8cdc7f06c28d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56562, "scanner": "repobility-supply-chain", "fingerprint": "882b19165dc815c94325a5c77d0a53e224efc6f717b07c780dce69d9b2d2e036", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|882b19165dc815c94325a5c77d0a53e224efc6f717b07c780dce69d9b2d2e036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56561, "scanner": "repobility-supply-chain", "fingerprint": "8b233a56af152d193d6febf783cf6560efe2a55a03acbc512f4ad48908c8bf0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b233a56af152d193d6febf783cf6560efe2a55a03acbc512f4ad48908c8bf0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6.0.2`"}, "properties": {"repobilityId": 56560, "scanner": "repobility-supply-chain", "fingerprint": "d8a2ec9e377a40869443028ebf06315c111d0790594f91d91d9a4aa43397c6c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d8a2ec9e377a40869443028ebf06315c111d0790594f91d91d9a4aa43397c6c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/copilot-setup-steps.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-java` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 56559, "scanner": "repobility-supply-chain", "fingerprint": "de292a5d73030ba170e5ab32cc36eecce1487bf628f6472b2c50763561317e1c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de292a5d73030ba170e5ab32cc36eecce1487bf628f6472b2c50763561317e1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56558, "scanner": "repobility-supply-chain", "fingerprint": "df422af65058669d5c4cbe31e12f03270919457d138ec67b7a22f5714eee7620", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df422af65058669d5c4cbe31e12f03270919457d138ec67b7a22f5714eee7620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56557, "scanner": "repobility-supply-chain", "fingerprint": "6c5755bb1dfe5c230a587285d2c14494979aeaa95459d77c4cee0f440ce80f99", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6c5755bb1dfe5c230a587285d2c14494979aeaa95459d77c4cee0f440ce80f99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 56556, "scanner": "repobility-supply-chain", "fingerprint": "32710691e3004b0f540d7d1180e1e2653fa74cf9184e13a031bf0c415bb41268", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32710691e3004b0f540d7d1180e1e2653fa74cf9184e13a031bf0c415bb41268"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56555, "scanner": "repobility-supply-chain", "fingerprint": "c2ebf7e52aa2cd68f30587f67a964c2987fe48b76f6c208a0551c1064262dbf9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c2ebf7e52aa2cd68f30587f67a964c2987fe48b76f6c208a0551c1064262dbf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56554, "scanner": "repobility-supply-chain", "fingerprint": "7708c941daeb1433cff0eb16a0c1c33767735e809f225e0e426b4343e9376085", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7708c941daeb1433cff0eb16a0c1c33767735e809f225e0e426b4343e9376085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-go` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56553, "scanner": "repobility-supply-chain", "fingerprint": "2c0a2622eef60120eda21b1fc1a7c6da39e60ca70444de3aa2c1c2b75cf07bee", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c0a2622eef60120eda21b1fc1a7c6da39e60ca70444de3aa2c1c2b75cf07bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56552, "scanner": "repobility-supply-chain", "fingerprint": "4d0bebdb01947dcad02db16bbea8dc8725171f2714f6fc001de13a991352bb9e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d0bebdb01947dcad02db16bbea8dc8725171f2714f6fc001de13a991352bb9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56551, "scanner": "repobility-supply-chain", "fingerprint": "dc01b65baf14ec0fa389383af87087cc31885bcb1450ee7a9a7cc6d038d2c435", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc01b65baf14ec0fa389383af87087cc31885bcb1450ee7a9a7cc6d038d2c435"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 56550, "scanner": "repobility-supply-chain", "fingerprint": "430fe800bde11900f79098e5ddcfbd1b678d061c39f6c7eead55d00f49beb5b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|430fe800bde11900f79098e5ddcfbd1b678d061c39f6c7eead55d00f49beb5b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56549, "scanner": "repobility-supply-chain", "fingerprint": "5e4f1fbebc31380878ed091a906afd777e2754b70a7018b9c770f37413e1fc98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e4f1fbebc31380878ed091a906afd777e2754b70a7018b9c770f37413e1fc98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56548, "scanner": "repobility-supply-chain", "fingerprint": "05583d66256511ce7d412c4245f979b1c141711291fdd355f58319f298cb07d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|05583d66256511ce7d412c4245f979b1c141711291fdd355f58319f298cb07d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56547, "scanner": "repobility-supply-chain", "fingerprint": "7b7b46baa299e70bc3e84eb00fbc5926530037bfc27b0e18ecf5aeb14f523cad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7b7b46baa299e70bc3e84eb00fbc5926530037bfc27b0e18ecf5aeb14f523cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56546, "scanner": "repobility-supply-chain", "fingerprint": "1ea7a2a2d37e5ddfaefd9935b822077b156808407c70475ba37cccb6f167b770", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1ea7a2a2d37e5ddfaefd9935b822077b156808407c70475ba37cccb6f167b770"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56545, "scanner": "repobility-supply-chain", "fingerprint": "bb01d8b8b03dcfada69f78ac5b056cb5d2cc9a688acbad98c931f70f8624e60a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb01d8b8b03dcfada69f78ac5b056cb5d2cc9a688acbad98c931f70f8624e60a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docs-validation.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 56544, "scanner": "repobility-supply-chain", "fingerprint": "b9a5d5511e206e8b9bbf12a46c1cd38a9691393f0a4cff1333a631c29e710765", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9a5d5511e206e8b9bbf12a46c1cd38a9691393f0a4cff1333a631c29e710765"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/corrections-tests.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 56543, "scanner": "repobility-supply-chain", "fingerprint": "22a4e0bd69dc06ddc568630efe19496d3c962b4b511a777b213b57299c999ea8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|22a4e0bd69dc06ddc568630efe19496d3c962b4b511a777b213b57299c999ea8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/corrections-tests.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 56541, "scanner": "repobility-supply-chain", "fingerprint": "456aa5979e40f3161dc71ae27accc38a06cf4a69ec7c9a6814f3457a1a06193a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|456aa5979e40f3161dc71ae27accc38a06cf4a69ec7c9a6814f3457a1a06193a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nodejs-sdk-tests.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6.0.2`"}, "properties": {"repobilityId": 56540, "scanner": "repobility-supply-chain", "fingerprint": "398fe9fa89f5ade1233aa074ecf8a391d2df723b0f1ce8fb5fe96d088c310bea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|398fe9fa89f5ade1233aa074ecf8a391d2df723b0f1ce8fb5fe96d088c310bea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nodejs-sdk-tests.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "package.json dep `@github/copilot-sdk` pulled from URL/Git"}, "properties": {"repobilityId": 56539, "scanner": "repobility-supply-chain", "fingerprint": "a1b6fb9f5419625abaf772343c709b7468e853ba844203dda0e24d7d1641815a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1b6fb9f5419625abaf772343c709b7468e853ba844203dda0e24d7d1641815a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nodejs/samples/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `input` inside async function `main`"}, "properties": {"repobilityId": 56524, "scanner": "repobility-ast-engine", "fingerprint": "f64f3672baccb7b5b7081812cf8f86988c31207f9d968739d5ee59c5a1c8a827", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f64f3672baccb7b5b7081812cf8f86988c31207f9d968739d5ee59c5a1c8a827"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/samples/chat.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56513, "scanner": "repobility-ast-engine", "fingerprint": "16f60801dd5e68a7ed1b118132e552aa18e2b81904615c8af60ca66edf9e63e7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16f60801dd5e68a7ed1b118132e552aa18e2b81904615c8af60ca66edf9e63e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 603}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56512, "scanner": "repobility-ast-engine", "fingerprint": "1ecd5a0edf1628834f023e38c6c91311607fd55ee1c06ca4ab2b63a1a7cf24de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ecd5a0edf1628834f023e38c6c91311607fd55ee1c06ca4ab2b63a1a7cf24de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 599}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56511, "scanner": "repobility-ast-engine", "fingerprint": "013f4f0a21be5b65d37077190ec32c663405edea7853e8dbf440dc8f38160f35", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|013f4f0a21be5b65d37077190ec32c663405edea7853e8dbf440dc8f38160f35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 592}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56510, "scanner": "repobility-ast-engine", "fingerprint": "93484f68c086bbcf94657d3d1d9ba705fdf746a14a4aa4f4c1d6edf69169a287", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|93484f68c086bbcf94657d3d1d9ba705fdf746a14a4aa4f4c1d6edf69169a287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 580}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56509, "scanner": "repobility-ast-engine", "fingerprint": "c805cd0367db16f7041c223c2a7ca8f49213804b513e5996b60a9737edb74087", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c805cd0367db16f7041c223c2a7ca8f49213804b513e5996b60a9737edb74087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 577}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56508, "scanner": "repobility-ast-engine", "fingerprint": "17ba3b7797403f728ccf0897be011a0de67007a55425c2e5908e0b37d0c3c070", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|17ba3b7797403f728ccf0897be011a0de67007a55425c2e5908e0b37d0c3c070"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 571}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56507, "scanner": "repobility-ast-engine", "fingerprint": "ad458f14d3fc9834f3b4e8d80ef1bd04b01af7dc77f368c92d013079908f24fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad458f14d3fc9834f3b4e8d80ef1bd04b01af7dc77f368c92d013079908f24fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 566}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._path` used but never assigned in __init__"}, "properties": {"repobilityId": 56506, "scanner": "repobility-ast-engine", "fingerprint": "fbfcd00a4175437713d90da1c344460937acb8d2cf6f4aa240d3ff17962694e3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fbfcd00a4175437713d90da1c344460937acb8d2cf6f4aa240d3ff17962694e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 563}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56505, "scanner": "repobility-ast-engine", "fingerprint": "5788660edfea10a95b31aaf40e2451328b7fcdffe7e5fa81830e6a6a0246c58c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5788660edfea10a95b31aaf40e2451328b7fcdffe7e5fa81830e6a6a0246c58c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 473}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56504, "scanner": "repobility-ast-engine", "fingerprint": "41bc94552d875f6446e9b457b7345ae048cb352a230f031eb9f2ca820311fab4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|41bc94552d875f6446e9b457b7345ae048cb352a230f031eb9f2ca820311fab4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 470}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56503, "scanner": "repobility-ast-engine", "fingerprint": "31feeb2b4348900e17f4938bdd126a82f4447e4146a2641b20e1dfe7425a1678", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31feeb2b4348900e17f4938bdd126a82f4447e4146a2641b20e1dfe7425a1678"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 467}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56502, "scanner": "repobility-ast-engine", "fingerprint": "d9c94a87c288084a296a196758d04e514c25bc1d70f3e8a68843e6decfcecac9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d9c94a87c288084a296a196758d04e514c25bc1d70f3e8a68843e6decfcecac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 464}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56501, "scanner": "repobility-ast-engine", "fingerprint": "8c26110619bdf7e1ecac515ab46cf21b8b0c251a369583d95516364c4a8a7f25", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c26110619bdf7e1ecac515ab46cf21b8b0c251a369583d95516364c4a8a7f25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 461}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56500, "scanner": "repobility-ast-engine", "fingerprint": "e4af0da372204142131d56bfeaa6f759fb8406b3299ec6d9530a832792972b27", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4af0da372204142131d56bfeaa6f759fb8406b3299ec6d9530a832792972b27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 458}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56499, "scanner": "repobility-ast-engine", "fingerprint": "0c5dd1f1fd76af463528d60c6108878435fc4b2c1ebe229dc3664edd4b6e94e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c5dd1f1fd76af463528d60c6108878435fc4b2c1ebe229dc3664edd4b6e94e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 455}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56498, "scanner": "repobility-ast-engine", "fingerprint": "d8061c6990f8280b69fd34267cae079f70a538d9142cb38c43b62c269020ca9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8061c6990f8280b69fd34267cae079f70a538d9142cb38c43b62c269020ca9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 452}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56497, "scanner": "repobility-ast-engine", "fingerprint": "18a19e171d287fa745faa9617d984840e2dfb9ced3b614dc944fb0fad2734bc5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18a19e171d287fa745faa9617d984840e2dfb9ced3b614dc944fb0fad2734bc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 449}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56496, "scanner": "repobility-ast-engine", "fingerprint": "72a4d1d80bd4c711ecf73e3096e7bb9642fcde1b3eb889961a3caca1081dbfc4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72a4d1d80bd4c711ecf73e3096e7bb9642fcde1b3eb889961a3caca1081dbfc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 446}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._exc` used but never assigned in __init__"}, "properties": {"repobilityId": 56495, "scanner": "repobility-ast-engine", "fingerprint": "e4cc566ade37904a5aa6abdbd78aebfb72ed6f7da326c03410af7e34bd70b1f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4cc566ade37904a5aa6abdbd78aebfb72ed6f7da326c03410af7e34bd70b1f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 443}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_mode_accepts_uri_connection"}, "properties": {"repobilityId": 56492, "scanner": "repobility-ast-engine", "fingerprint": "119eeb8d69c59c145d9551534f568ea553630cd3221989a85a30725d4b9dd3c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|119eeb8d69c59c145d9551534f568ea553630cd3221989a85a30725d4b9dd3c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_mode_accepts_session_fs"}, "properties": {"repobilityId": 56491, "scanner": "repobility-ast-engine", "fingerprint": "6473d1048406fc6068f347815be83a2a34739d9da70aa2fd3a41f05dedc4c051", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6473d1048406fc6068f347815be83a2a34739d9da70aa2fd3a41f05dedc4c051"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_mode_accepts_base_directory"}, "properties": {"repobilityId": 56490, "scanner": "repobility-ast-engine", "fingerprint": "d40fdfc25ce3cf9a4208c0a04217ccd835510506d3e2ad734cee126f10ef3196", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d40fdfc25ce3cf9a4208c0a04217ccd835510506d3e2ad734cee126f10ef3196"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_empty_mode_requires_storage"}, "properties": {"repobilityId": 56489, "scanner": "repobility-ast-engine", "fingerprint": "566117a1c44f9aaff5c5ce9da24ee876298d673824cfef43a6bad32fa3c85082", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|566117a1c44f9aaff5c5ce9da24ee876298d673824cfef43a6bad32fa3c85082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_colon"}, "properties": {"repobilityId": 56488, "scanner": "repobility-ast-engine", "fingerprint": "cc011acc9814f89a8703f70bbf59bf698e88bd4d1d260db0935f88a31a1a4aed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cc011acc9814f89a8703f70bbf59bf698e88bd4d1d260db0935f88a31a1a4aed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_empty"}, "properties": {"repobilityId": 56487, "scanner": "repobility-ast-engine", "fingerprint": "4377fbc0b80df23daad753c7894302198e4031f13233f6d1906150bf80be6ea8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4377fbc0b80df23daad753c7894302198e4031f13233f6d1906150bf80be6ea8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_rejects_bad_name"}, "properties": {"repobilityId": 56486, "scanner": "repobility-ast-engine", "fingerprint": "72b2246f7b74a2c938f5fc1dc4a7a975a2b7dc39f6619d2a8d44c845af62cd4b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72b2246f7b74a2c938f5fc1dc4a7a975a2b7dc39f6619d2a8d44c845af62cd4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_tool_set.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_confirm_throws_when_capability_is_missing"}, "properties": {"repobilityId": 56485, "scanner": "repobility-ast-engine", "fingerprint": "05304c152253e836ffad9d0ce396dbb193ee3ef9e7e1e628d92e38e68d2bea48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05304c152253e836ffad9d0ce396dbb193ee3ef9e7e1e628d92e38e68d2bea48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_commands_and_elicitation.py"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_elicitation_throws_when_capability_is_missing"}, "properties": {"repobilityId": 56484, "scanner": "repobility-ast-engine", "fingerprint": "5de2463552315860b29cad23fb620bb211f0b30d361e1c0ca25f3c39c517bb3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5de2463552315860b29cad23fb620bb211f0b30d361e1c0ca25f3c39c517bb3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_commands_and_elicitation.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_aexit_calls_disconnect"}, "properties": {"repobilityId": 56483, "scanner": "repobility-ast-engine", "fingerprint": "29d34eb3a045a98f9a0bedd38b3dd8db34d57bed80b379175aaad27fcb9faf62", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29d34eb3a045a98f9a0bedd38b3dd8db34d57bed80b379175aaad27fcb9faf62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 1326}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_aexit_calls_stop"}, "properties": {"repobilityId": 56482, "scanner": "repobility-ast-engine", "fingerprint": "a268fd5e4f5c6d60b98b3c4d3886a487ea10d7eda43aa4029c093eaff91bd7a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a268fd5e4f5c6d60b98b3c4d3886a487ea10d7eda43aa4029c093eaff91bd7a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 1309}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_session_state_path"}, "properties": {"repobilityId": 56481, "scanner": "repobility-ast-engine", "fingerprint": "e4a690e2422c262044b356534377ed76856602a735342459c469349ee111cb13", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e4a690e2422c262044b356534377ed76856602a735342459c469349ee111cb13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_initial_cwd"}, "properties": {"repobilityId": 56480, "scanner": "repobility-ast-engine", "fingerprint": "b21e1d3a22adb0dbe3f55bcf3b79d02220beceab36af4f47cf34eff84a07d240", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b21e1d3a22adb0dbe3f55bcf3b79d02220beceab36af4f47cf34eff84a07d240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_port_negative"}, "properties": {"repobilityId": 56479, "scanner": "repobility-ast-engine", "fingerprint": "985e17a7ddb5ebea1226e938c5385d44d005bb0db79ccf0b5c96e230f9c5201b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|985e17a7ddb5ebea1226e938c5385d44d005bb0db79ccf0b5c96e230f9c5201b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_port_zero"}, "properties": {"repobilityId": 56478, "scanner": "repobility-ast-engine", "fingerprint": "481e5c8d00eea4b50697a3f8c7410399d7fc456df03d2013c8284ead32811a9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|481e5c8d00eea4b50697a3f8c7410399d7fc456df03d2013c8284ead32811a9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_port_too_high"}, "properties": {"repobilityId": 56477, "scanner": "repobility-ast-engine", "fingerprint": "d15afbebcb95d351b3a82b5f48679aca07e8c8a80cd2cb1c209240538f3e8f5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d15afbebcb95d351b3a82b5f48679aca07e8c8a80cd2cb1c209240538f3e8f5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_url_format"}, "properties": {"repobilityId": 56476, "scanner": "repobility-ast-engine", "fingerprint": "e082be285fef7e494da9b8624875185823a4e3c9dd5439c92cdf1d83e03255c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e082be285fef7e494da9b8624875185823a4e3c9dd5439c92cdf1d83e03255c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_client.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_yields_without_error_with_tracestate"}, "properties": {"repobilityId": 56475, "scanner": "repobility-ast-engine", "fingerprint": "be49cdfae76b1a2333e212ca52058e3d241e6ebb1cb08f0b8bad5b25416a7bb0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be49cdfae76b1a2333e212ca52058e3d241e6ebb1cb08f0b8bad5b25416a7bb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_telemetry.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_yields_without_error_with_traceparent"}, "properties": {"repobilityId": 56474, "scanner": "repobility-ast-engine", "fingerprint": "aa8f7d24408c4552538876ca74b232335a49ae8d3c146a6f0b822ac461c5f4e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa8f7d24408c4552538876ca74b232335a49ae8d3c146a6f0b822ac461c5f4e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_telemetry.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_yields_without_error_when_otel_not_installed"}, "properties": {"repobilityId": 56473, "scanner": "repobility-ast-engine", "fingerprint": "947c974e6e39ad92d45b4bc08eb0e1f69626a8f9542f55d813a8fbf414de4205", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|947c974e6e39ad92d45b4bc08eb0e1f69626a8f9542f55d813a8fbf414de4205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_telemetry.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_yields_without_error_when_no_traceparent"}, "properties": {"repobilityId": 56472, "scanner": "repobility-ast-engine", "fingerprint": "047c6d4886d8acd23d04b8110b7805e3b6d7cc79fb55beeb5302620f09ac3cc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|047c6d4886d8acd23d04b8110b7805e3b6d7cc79fb55beeb5302620f09ac3cc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_telemetry.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_malformed_timestamp_raises_error"}, "properties": {"repobilityId": 56471, "scanner": "repobility-ast-engine", "fingerprint": "1a65b2a53e01ff92d7e3e40f716d80dfd25439ffb671fcac036d9e30c6bd744b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a65b2a53e01ff92d7e3e40f716d80dfd25439ffb671fcac036d9e30c6bd744b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_event_forward_compatibility.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_malformed_uuid_raises_error"}, "properties": {"repobilityId": 56470, "scanner": "repobility-ast-engine", "fingerprint": "59558c5271992f3a36e6dcd450c1a4d3d8578df5672d88166f64c1c28bfcdd68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59558c5271992f3a36e6dcd450c1a4d3d8578df5672d88166f64c1c28bfcdd68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_event_forward_compatibility.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56469, "scanner": "repobility-ast-engine", "fingerprint": "9f329c9f3cdfb96c13aa738be23ab6685781dba9bd47f2ef5dcfb48898f4a2ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9f329c9f3cdfb96c13aa738be23ab6685781dba9bd47f2ef5dcfb48898f4a2ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 257}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56468, "scanner": "repobility-ast-engine", "fingerprint": "765c27ecd7c9f46f86fbbacdc19c17e2aef597b1b7ef977da31b7ad74de57f98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|765c27ecd7c9f46f86fbbacdc19c17e2aef597b1b7ef977da31b7ad74de57f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56467, "scanner": "repobility-ast-engine", "fingerprint": "38522e44714bda1aeeb4b7370eae37f9968da793ded43d0cd4ba6102474ccf2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|38522e44714bda1aeeb4b7370eae37f9968da793ded43d0cd4ba6102474ccf2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 239}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56466, "scanner": "repobility-ast-engine", "fingerprint": "c7d7a31711f6ded08b1d231b7186386bc49bcc2b092e48a45e7bb3e88cfbc633", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7d7a31711f6ded08b1d231b7186386bc49bcc2b092e48a45e7bb3e88cfbc633"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56465, "scanner": "repobility-ast-engine", "fingerprint": "e56bb79c92fbd1f1d8ef23180ed996f9b8737c160b951255143d1693e951b011", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e56bb79c92fbd1f1d8ef23180ed996f9b8737c160b951255143d1693e951b011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.create_jsonrpc_message` used but never assigned in __init__"}, "properties": {"repobilityId": 56464, "scanner": "repobility-ast-engine", "fingerprint": "8a5938d6b7360a24dc501c160decc2aa6eea95845fe4be6b49ab4962163f5fa5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a5938d6b7360a24dc501c160decc2aa6eea95845fe4be6b49ab4962163f5fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_read_exact_partial_data_raises_eof"}, "properties": {"repobilityId": 56463, "scanner": "repobility-ast-engine", "fingerprint": "b7e3e2787571ab79cd2e6071cc607fbcc703469b1f80011f623cbfda23192e3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b7e3e2787571ab79cd2e6071cc607fbcc703469b1f80011f623cbfda23192e3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_read_exact_empty_stream_raises_eof"}, "properties": {"repobilityId": 56462, "scanner": "repobility-ast-engine", "fingerprint": "ed7b05826a8f281aef3778fdd2d44b32774f98108b7dd4f7acb99ae1436ed506", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed7b05826a8f281aef3778fdd2d44b32774f98108b7dd4f7acb99ae1436ed506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/test_jsonrpc.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 56589, "scanner": "repobility-supply-chain", "fingerprint": "d9ce6af7d0233db67599c0543e4f092b3783be931d738b30ed9e6bf9cfdce7d1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9ce6af7d0233db67599c0543e4f092b3783be931d738b30ed9e6bf9cfdce7d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/python-sdk-tests.yml"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56588, "scanner": "repobility-supply-chain", "fingerprint": "5e1fbe3c271ba0401433aa02195119ecf45dc26a6cdf79c19b5b318da52fc262", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e1fbe3c271ba0401433aa02195119ecf45dc26a6cdf79c19b5b318da52fc262"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/java-codegen-check.yml"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56587, "scanner": "repobility-supply-chain", "fingerprint": "13736b3bdee86db003ff094c5ddc1f04519047df375ff2c50e2f71599eb9fc44", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|13736b3bdee86db003ff094c5ddc1f04519047df375ff2c50e2f71599eb9fc44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/java-codegen-check.yml"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 56586, "scanner": "repobility-supply-chain", "fingerprint": "897cf70d9b5090621d381780863f63b8877e39fe3e4167570c8fc88e4af7f467", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|897cf70d9b5090621d381780863f63b8877e39fe3e4167570c8fc88e4af7f467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rust-sdk-tests.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 56585, "scanner": "repobility-supply-chain", "fingerprint": "41cb054689bfde0745361b7364bd176793c8a4c46d8e32068001d413d55ec07f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41cb054689bfde0745361b7364bd176793c8a4c46d8e32068001d413d55ec07f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go-sdk-tests.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 56584, "scanner": "repobility-supply-chain", "fingerprint": "f110a32e0d4257729c5f0375dea4474c16d113dc09789217126125c9dcf1a5e1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f110a32e0d4257729c5f0375dea4474c16d113dc09789217126125c9dcf1a5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dotnet-sdk-tests.yml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56583, "scanner": "repobility-supply-chain", "fingerprint": "f00140ff128f62ca485bae4c077de77995e6599878eac51a5d07bd12002e8a44", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f00140ff128f62ca485bae4c077de77995e6599878eac51a5d07bd12002e8a44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1405}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56582, "scanner": "repobility-supply-chain", "fingerprint": "ea7268b72e3623df7aea41d61ae9d193199a2b926c4d66c84d5898fcce17c3fb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea7268b72e3623df7aea41d61ae9d193199a2b926c4d66c84d5898fcce17c3fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1267}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56581, "scanner": "repobility-supply-chain", "fingerprint": "dc0dd0ed24eb286b49f4d34851431cf09e99448b2651568c01cf7e4136bcdd2a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc0dd0ed24eb286b49f4d34851431cf09e99448b2651568c01cf7e4136bcdd2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1119}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56580, "scanner": "repobility-supply-chain", "fingerprint": "9eb10956b276233800cd20eaba7e48d78f4ffb197cd5ccb00e4244213bfa3831", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9eb10956b276233800cd20eaba7e48d78f4ffb197cd5ccb00e4244213bfa3831"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1082}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56579, "scanner": "repobility-supply-chain", "fingerprint": "934bfbe3c1b289f232a47c9b09f6758d59ad5a9e5a088e01992631ef85da1bf1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|934bfbe3c1b289f232a47c9b09f6758d59ad5a9e5a088e01992631ef85da1bf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1067}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56578, "scanner": "repobility-supply-chain", "fingerprint": "9068e915d5cb0db4db271a2c59cffff2f50fdd0ef2b0c172ac7964e4c6d901f5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9068e915d5cb0db4db271a2c59cffff2f50fdd0ef2b0c172ac7964e4c6d901f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1052}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56577, "scanner": "repobility-supply-chain", "fingerprint": "d115a598a7365d1dc86bcf7a4e94c8e60c4db3d7c7267e8e94e9d6040766d91b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d115a598a7365d1dc86bcf7a4e94c8e60c4db3d7c7267e8e94e9d6040766d91b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 1035}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56576, "scanner": "repobility-supply-chain", "fingerprint": "84b27ff5e38a44db10cc9c8c464a699139b81aa2ee69ef3b05fcbae7d521fcd7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84b27ff5e38a44db10cc9c8c464a699139b81aa2ee69ef3b05fcbae7d521fcd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 856}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56575, "scanner": "repobility-supply-chain", "fingerprint": "45b8713cc3707b1e038116d296c79181daf92ae71e44819326971dc6c0e73a39", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45b8713cc3707b1e038116d296c79181daf92ae71e44819326971dc6c0e73a39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 855}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56574, "scanner": "repobility-supply-chain", "fingerprint": "0da4253534dae22897db69c645210d56670cee582a90c126d55722a705973b50", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0da4253534dae22897db69c645210d56670cee582a90c126d55722a705973b50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 854}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56573, "scanner": "repobility-supply-chain", "fingerprint": "c24d93ee7c7e230ff01e4ad66f5388b02d17bd69e88e5f2af385d69205d8e5ea", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c24d93ee7c7e230ff01e4ad66f5388b02d17bd69e88e5f2af385d69205d8e5ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 802}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56572, "scanner": "repobility-supply-chain", "fingerprint": "9430cd235ad15afa50bc34c6841cba5cef30cfb75675798602b4691b3de7f8e9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9430cd235ad15afa50bc34c6841cba5cef30cfb75675798602b4691b3de7f8e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 791}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56571, "scanner": "repobility-supply-chain", "fingerprint": "16f2aa54fd1239f5f042adcd8fe39a51450f8902b2021aa80f51ba8b63249de7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16f2aa54fd1239f5f042adcd8fe39a51450f8902b2021aa80f51ba8b63249de7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 675}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56570, "scanner": "repobility-supply-chain", "fingerprint": "223133415be7456d34a8b12115d02f1528411f7e00a4c4b3668add1ec837b933", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|223133415be7456d34a8b12115d02f1528411f7e00a4c4b3668add1ec837b933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 443}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56569, "scanner": "repobility-supply-chain", "fingerprint": "fe19c3d34f6b0124c4629253dfe82e961648aa9f77383230be333dca7c9d3f58", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe19c3d34f6b0124c4629253dfe82e961648aa9f77383230be333dca7c9d3f58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 442}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56568, "scanner": "repobility-supply-chain", "fingerprint": "dd182c0b31256783ec97b2e3673be78ed4a28189d22f6fe4f7050e92a4b68dab", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd182c0b31256783ec97b2e3673be78ed4a28189d22f6fe4f7050e92a4b68dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GH_AW_GITHUB_MCP_SERVER_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56567, "scanner": "repobility-supply-chain", "fingerprint": "56ae9e266799ac9da4a8bafb07e059b6a006de637c2a576fa7678eb1673183a5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|56ae9e266799ac9da4a8bafb07e059b6a006de637c2a576fa7678eb1673183a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 424}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_GITHUB_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 56566, "scanner": "repobility-supply-chain", "fingerprint": "b17678f7d0c09cd8dbb569f62ee254c0d013a3d07362edfcc072f0129b26df38", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b17678f7d0c09cd8dbb569f62ee254c0d013a3d07362edfcc072f0129b26df38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/sdk-consistency-review.lock.yml"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.COPILOT_DEVELOPER_CLI_INTEGRATION_HMAC_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 56542, "scanner": "repobility-supply-chain", "fingerprint": "926ad8c4310394ed78932372f3de029463bde1f70f4bded1ec9ebdf016b4317a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|926ad8c4310394ed78932372f3de029463bde1f70f4bded1ec9ebdf016b4317a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nodejs-sdk-tests.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 56494, "scanner": "repobility-ast-engine", "fingerprint": "b2941eab7dc05d61b9e1e15a7508c7422e880acc583ffdd6a2b0e08d33b5f990", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2941eab7dc05d61b9e1e15a7508c7422e880acc583ffdd6a2b0e08d33b5f990"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "python/e2e/test_session_fs_e2e.py"}, "region": {"startLine": 333}}}]}]}]}