{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2026-0097", "name": "rand: RUSTSEC-2026-0097", "shortDescription": {"text": "rand: RUSTSEC-2026-0097"}, "fullDescription": {"text": "Rand is unsound with a custom logger using `rand::rng()`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path.", "shortDescription": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHIX_AUTH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1074"}, "properties": {"repository": "a-kenji/tui-term", "repoUrl": "https://github.com/a-kenji/tui-term", "branch": "development"}, "results": [{"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 105560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68f0b47c4865512386223c041a3bb6bc096d2403713abd99e0222d45d177932e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "benches/benches.rs", "duplicate_line": 2, "correlation_key": "fp|68f0b47c4865512386223c041a3bb6bc096d2403713abd99e0222d45d177932e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/iai.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 105559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e3e4241782502d1e7564ddca28044602c62afc45223e89b2cd703776c0f6507", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "benches/benches.rs", "duplicate_line": 6, "correlation_key": "fp|3e3e4241782502d1e7564ddca28044602c62afc45223e89b2cd703776c0f6507"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/divan.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 105604, "scanner": "repobility-threat-engine", "fingerprint": "7275ceacd41b9e5f605db0caf2ef5859fc0c93cae6a8c72e5ca046ad7fd4eb1a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7275ceacd41b9e5f605db0caf2ef5859fc0c93cae6a8c72e5ca046ad7fd4eb1a", "aggregated_count": 6}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 105558, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "RUSTSEC-2026-0097", "level": "error", "message": {"text": "rand: RUSTSEC-2026-0097"}, "properties": {"repobilityId": 105607, "scanner": "osv-scanner", "fingerprint": "a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-cq8v-f236-94qc"], "package": "rand", "rule_id": "RUSTSEC-2026-0097", "scanner": "osv-scanner", "correlation_key": "vuln|rand|GHSA-CQ8V-F236-94QC|cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-cq8v-f236-94qc", "RUSTSEC-2026-0097"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a22e3aa5f0c463335f53b031b0648b51d94f3563915cac37a8666a217ed7a5dc", "ee2ad9157999fcb0c8f925391a5e09946511288ceed3e6c5f5b05828611b879f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 105606, "scanner": "repobility-threat-engine", "fingerprint": "bd7d9f6b11022b3d1185ea8dc1f7bdd9e093f4e3b72362b233dc40cb45c62326", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd7d9f6b11022b3d1185ea8dc1f7bdd9e093f4e3b72362b233dc40cb45c62326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/nested_shell_async.rs"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 105605, "scanner": "repobility-threat-engine", "fingerprint": "d9ea1a128d879de18bc9bd9d6b43af7d678e0da108a9d69afadbdc9b1a50c014", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d9ea1a128d879de18bc9bd9d6b43af7d678e0da108a9d69afadbdc9b1a50c014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/nested_shell.rs"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105603, "scanner": "repobility-threat-engine", "fingerprint": "f7b4ed7021c752c65b340750a5567cecf908e937c5c72f6e9bed3a507740fad7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7b4ed7021c752c65b340750a5567cecf908e937c5c72f6e9bed3a507740fad7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/iai.rs"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105602, "scanner": "repobility-threat-engine", "fingerprint": "b0be43fe7fd0065bb034a13e25333791b93cdc87918cdf0ba5c77ca2452e5d4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b0be43fe7fd0065bb034a13e25333791b93cdc87918cdf0ba5c77ca2452e5d4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/divan.rs"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105601, "scanner": "repobility-threat-engine", "fingerprint": "c3f5fc73fd380c9e1cfe4341c0e077505e280ca6367d3dac1fdfa40514707543", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c3f5fc73fd380c9e1cfe4341c0e077505e280ca6367d3dac1fdfa40514707543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benches/benches.rs"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105585, "scanner": "repobility-supply-chain", "fingerprint": "575d5ecb89d661a180c611bd456e6bf6ffd20154dd2a06a5a09c8159803d7e41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|575d5ecb89d661a180c611bd456e6bf6ffd20154dd2a06a5a09c8159803d7e41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105584, "scanner": "repobility-supply-chain", "fingerprint": "796a369b8e9e2304b9942ea9be60b455be3c7ac04f7ff5c89a3f014c3fa1f6f5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|796a369b8e9e2304b9942ea9be60b455be3c7ac04f7ff5c89a3f014c3fa1f6f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105583, "scanner": "repobility-supply-chain", "fingerprint": "37ad1e500024b0ca69c45c7b6103abf73bff9efb64ef41566347a95400d0047c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|37ad1e500024b0ca69c45c7b6103abf73bff9efb64ef41566347a95400d0047c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105582, "scanner": "repobility-supply-chain", "fingerprint": "e90be5564e3ebb353a59fbaa0aa5d2595ce1ce9eece9e6ee30c519b260a11b87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e90be5564e3ebb353a59fbaa0aa5d2595ce1ce9eece9e6ee30c519b260a11b87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105581, "scanner": "repobility-supply-chain", "fingerprint": "fd4f2bb255c14ac8c7a65f6d3d6f332e340e39e7e39b1698b6b6e1d515cdaae7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd4f2bb255c14ac8c7a65f6d3d6f332e340e39e7e39b1698b6b6e1d515cdaae7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105580, "scanner": "repobility-supply-chain", "fingerprint": "330ba2930db76e80f18c067166a14e43e4ec4c467e68d326b65cf98a29932cd2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|330ba2930db76e80f18c067166a14e43e4ec4c467e68d326b65cf98a29932cd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105579, "scanner": "repobility-supply-chain", "fingerprint": "0f1acbdc92305681c09152a7c719b42a8445542bfdc17070886b6d011c619492", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f1acbdc92305681c09152a7c719b42a8445542bfdc17070886b6d011c619492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105578, "scanner": "repobility-supply-chain", "fingerprint": "20d14c3200327e5304d3cfd3584a4e76d3cd9fba655c81824ffb110e623baf5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20d14c3200327e5304d3cfd3584a4e76d3cd9fba655c81824ffb110e623baf5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105577, "scanner": "repobility-supply-chain", "fingerprint": "fa2c32fec8be1e0273b0fdf74a6210a786cdeab66ad13debf0a6ae4287277d0f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa2c32fec8be1e0273b0fdf74a6210a786cdeab66ad13debf0a6ae4287277d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105576, "scanner": "repobility-supply-chain", "fingerprint": "038df009c47bbe1026c3f3596cde884886d6b9ca8694ab82390aa62d781bba9b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|038df009c47bbe1026c3f3596cde884886d6b9ca8694ab82390aa62d781bba9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105575, "scanner": "repobility-supply-chain", "fingerprint": "bdcece1dc8168e1ea5d85a694c8c637fb2599cf5a8e382ac721fd1eba1200db5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bdcece1dc8168e1ea5d85a694c8c637fb2599cf5a8e382ac721fd1eba1200db5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105574, "scanner": "repobility-supply-chain", "fingerprint": "04054b22e771dbef40c16a582d866b35abad3cf52f58df2c662f080bb99d069a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04054b22e771dbef40c16a582d866b35abad3cf52f58df2c662f080bb99d069a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105573, "scanner": "repobility-supply-chain", "fingerprint": "cb94b66c87d1edc1fdb4b6693588d2b7acdd7cd75b42fb00855330685dd9100f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb94b66c87d1edc1fdb4b6693588d2b7acdd7cd75b42fb00855330685dd9100f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105572, "scanner": "repobility-supply-chain", "fingerprint": "9385a5a578f88375bcae5b2f51447eec8775ecf6022323f7c7e8ddd045251a5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9385a5a578f88375bcae5b2f51447eec8775ecf6022323f7c7e8ddd045251a5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105571, "scanner": "repobility-supply-chain", "fingerprint": "85376559a77e83de780a14b3aa2b949e62914c5bfcc2ba5dccaafbee13cf496d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85376559a77e83de780a14b3aa2b949e62914c5bfcc2ba5dccaafbee13cf496d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105570, "scanner": "repobility-supply-chain", "fingerprint": "29c00a78d41ba0e14d9ed2b66421ac508af940b9b84c4c804b2b92a57413153e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|29c00a78d41ba0e14d9ed2b66421ac508af940b9b84c4c804b2b92a57413153e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105569, "scanner": "repobility-supply-chain", "fingerprint": "d4a88d8cfe73f78e0aa28e27682d47bec796ebd84d7e0ebbb5341b52d59cdeb2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d4a88d8cfe73f78e0aa28e27682d47bec796ebd84d7e0ebbb5341b52d59cdeb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105568, "scanner": "repobility-supply-chain", "fingerprint": "e1b96c7923afb2a4f9b44ca4a16ae0dc462ce514340623d764a34f951155b8c3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e1b96c7923afb2a4f9b44ca4a16ae0dc462ce514340623d764a34f951155b8c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105567, "scanner": "repobility-supply-chain", "fingerprint": "1bbd059e394cef832442da3902a63801e3a570294560e429ba965cf78809d509", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1bbd059e394cef832442da3902a63801e3a570294560e429ba965cf78809d509"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105566, "scanner": "repobility-supply-chain", "fingerprint": "7c0efd9905ce9f0cfd6725e86e0d5a9dd9b02d9fe12c2c632bad272552e6667a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c0efd9905ce9f0cfd6725e86e0d5a9dd9b02d9fe12c2c632bad272552e6667a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105565, "scanner": "repobility-supply-chain", "fingerprint": "579f7780143fbcc2ee50b5a44cb8a2b2abd8e989c9a9b83cba365947f979ea13", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|579f7780143fbcc2ee50b5a44cb8a2b2abd8e989c9a9b83cba365947f979ea13"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105564, "scanner": "repobility-supply-chain", "fingerprint": "7d8a02f52888ef91a21691b5fffbdd3886d36596cee2a8ea13707fde156fc8e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d8a02f52888ef91a21691b5fffbdd3886d36596cee2a8ea13707fde156fc8e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 105563, "scanner": "repobility-supply-chain", "fingerprint": "7c882fac50dbd3cd575c95949a93011e1a2b6cae766dc460a21e4b944a05e8e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7c882fac50dbd3cd575c95949a93011e1a2b6cae766dc460a21e4b944a05e8e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v31`"}, "properties": {"repobilityId": 105562, "scanner": "repobility-supply-chain", "fingerprint": "1adf9a94c5e479dc33edf27cc1c305bfdf631e687cc84b3d3f55b046e5992404", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1adf9a94c5e479dc33edf27cc1c305bfdf631e687cc84b3d3f55b046e5992404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105561, "scanner": "repobility-supply-chain", "fingerprint": "f905b642cb846549b4d0a9f2b244c070f73c13873683413c2d6e0377d42d3342", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f905b642cb846549b4d0a9f2b244c070f73c13873683413c2d6e0377d42d3342"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105600, "scanner": "repobility-supply-chain", "fingerprint": "812463d05092e106fab5f260bc42ff32d52353c69480e3da1ef32e2306682cf1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|812463d05092e106fab5f260bc42ff32d52353c69480e3da1ef32e2306682cf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/actionlint.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105599, "scanner": "repobility-supply-chain", "fingerprint": "c883f4bb09b4c76a066c2b264bdb0b683d097804de92fbeb5e2dbdbc6051bf88", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c883f4bb09b4c76a066c2b264bdb0b683d097804de92fbeb5e2dbdbc6051bf88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105598, "scanner": "repobility-supply-chain", "fingerprint": "2e138be96663cb0950b6625091bfd7b15cb7f94c7d12ab86171ac74a1333ed2c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2e138be96663cb0950b6625091bfd7b15cb7f94c7d12ab86171ac74a1333ed2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105597, "scanner": "repobility-supply-chain", "fingerprint": "6cde8fe1ceb81d63ec30e0cb30217b63d57d47bc06c4467e896e6f49e18779bf", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cde8fe1ceb81d63ec30e0cb30217b63d57d47bc06c4467e896e6f49e18779bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix-develop.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105596, "scanner": "repobility-supply-chain", "fingerprint": "424f789dd6e96889d82de802f78c52cb51b17fb2acd1ed3bd66ce9a1cbf08f7b", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|424f789dd6e96889d82de802f78c52cb51b17fb2acd1ed3bd66ce9a1cbf08f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105595, "scanner": "repobility-supply-chain", "fingerprint": "ef320ff51b2c6c36a5735b3a59071998cebc6bc7b8fe4d3fe36858762c7d1ce0", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ef320ff51b2c6c36a5735b3a59071998cebc6bc7b8fe4d3fe36858762c7d1ce0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 189}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105594, "scanner": "repobility-supply-chain", "fingerprint": "14eb2d26055bb1edead85a076b6722b0032a5f14dcd7eb34519d7b692c7dd9c4", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14eb2d26055bb1edead85a076b6722b0032a5f14dcd7eb34519d7b692c7dd9c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105593, "scanner": "repobility-supply-chain", "fingerprint": "b9fb617f2bd4d0506213ab29ea83b992feb7fa2d81dc9ebd41d7131e954580bc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9fb617f2bd4d0506213ab29ea83b992feb7fa2d81dc9ebd41d7131e954580bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105592, "scanner": "repobility-supply-chain", "fingerprint": "350b8f8b8f0bea94ed337964862954d695c7f2dbc69b9588f7a7133e137efb45", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|350b8f8b8f0bea94ed337964862954d695c7f2dbc69b9588f7a7133e137efb45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105591, "scanner": "repobility-supply-chain", "fingerprint": "45f383b28a7dfbc4fdfc9f799ae5ab03b407732b22d6bbc860986f22bc97e4b6", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45f383b28a7dfbc4fdfc9f799ae5ab03b407732b22d6bbc860986f22bc97e4b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105590, "scanner": "repobility-supply-chain", "fingerprint": "bc7b31a87b02fafdb61dd8c0c844c8c6caf04a4b6938c3265939b2ce8d9b0f04", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc7b31a87b02fafdb61dd8c0c844c8c6caf04a4b6938c3265939b2ce8d9b0f04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105589, "scanner": "repobility-supply-chain", "fingerprint": "556d8d7a25005d16822e2c037018f640da140322572a5fbee9f454fa76935211", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|556d8d7a25005d16822e2c037018f640da140322572a5fbee9f454fa76935211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105588, "scanner": "repobility-supply-chain", "fingerprint": "10c63500dd1ae5efa748748bb75c08de40e4fa18798e4ec20e36d91c4013e2af", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10c63500dd1ae5efa748748bb75c08de40e4fa18798e4ec20e36d91c4013e2af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105587, "scanner": "repobility-supply-chain", "fingerprint": "7533d18836e26e95f4364b8def775d68ef10c5ad56815c8a882178e0bcd78bf1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7533d18836e26e95f4364b8def775d68ef10c5ad56815c8a882178e0bcd78bf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 105586, "scanner": "repobility-supply-chain", "fingerprint": "a491c0797449cdc926b3adc12969637700ced3184bdb925dd9d491eab78522c8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a491c0797449cdc926b3adc12969637700ced3184bdb925dd9d491eab78522c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nix.yml"}, "region": {"startLine": 31}}}]}]}]}