{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve", "shortDescription": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible instal"}, "fullDescription": {"text": "Replace `openai` with `openai==` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `create_podcast` (dict): `def create_podcast(... = []/{}/set())` \u2014 Python's defau", "shortDescription": {"text": "[MINED109] Mutable default argument in `create_podcast` (dict): `def create_podcast(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def create_podcast(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /w"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authenticatio", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `ollama` image uses the latest tag", "shortDescription": {"text": "Compose service `ollama` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC017", "name": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.", "shortDescription": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely"}, "fullDescription": {"text": "1) Enforce a maximum input length BEFORE sending to the API: e.g. `if len(text) > 4000: return error`. 2) Use token counting (tiktoken for OpenAI, anthropic's token counter) to enforce token-level limits. 3) Set max_tokens on the API call to cap response cost. 4) Add rate limiting per user/IP to prevent automated abuse. 5) Monitor API spend with alerts for unusual usage patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "llm_injection", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC042", "name": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently s", "shortDescription": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend t"}, "fullDescription": {"text": "Use psycopg2.sql.SQL() + sql.Identifier() for identifiers:\n from psycopg2 import sql\n cr.execute(sql.SQL('UPDATE {} SET x=%s').format(sql.Identifier(table)), (value,))\nNever use f-string in cr.execute(). Values go through %s parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC124", "name": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacke", "shortDescription": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "fullDescription": {"text": "Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`."}, "properties": {"scanner": "repobility-threat-engine", "category": "race_condition", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = ?', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `get_model_for_provider` has cognitive complexity 12 (SonarSource scale). ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `get_model_for_provider` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios ", "shortDescription": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI halluci", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 1 more): Same pattern found in 1 additional files. ", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC016", "name": "[SEC016] LLM Prompt Injection \u2014 User Input in AI Prompt (and 7 more): Same pattern found in 7 additional files. Review i", "shortDescription": {"text": "[SEC016] LLM Prompt Injection \u2014 User Input in AI Prompt (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "1) Separate user content from instructions: use the 'user' role for user text and 'system' role for your instructions \u2014 never concatenate them into one string. 2) Validate and constrain: limit input length, strip control characters, and reject known injection patterns. 3) Use structured output (JSON mode / function calling) so the model returns data, not freeform actions. 4) Apply output validation: check the AI's response before acting on it. 5) Consider a prompt injection detection layer (e.g. Anthropic's constitutional AI, prompt-guard models)."}, "properties": {"scanner": "repobility-threat-engine", "category": "llm_injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 19 more): Same pattern found in 19 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 28 more): Same pattern found in 28 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 8 more): Same pattern found in 8 additional files. ", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 19 more): Same pattern found in 19 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@beta`: `uses: anthropics/claude-code-action@be", "shortDescription": {"text": "[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@beta`: `uses: anthropics/claude-code-action@beta` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/chan"}, "fullDescription": {"text": "Replace with: `uses: anthropics/claude-code-action@<40-char-sha> # beta` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves t", "shortDescription": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially differe"}, "fullDescription": {"text": "Replace with: `FROM python:3.12-slim-bookworm@sha256:`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "[MINED113] Express DELETE /mcp has no auth: Express route DELETE /mcp declared without an auth middleware in its handler", "shortDescription": {"text": "[MINED113] Express DELETE /mcp has no auth: Express route DELETE /mcp declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "fullDescription": {"text": "Add an auth middleware: app.delete('/mcp', requireAuth, handler) \u2014 or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI POST /status has no auth: Handler `check_status` is registered with router/app.post(...) but no Depen", "shortDescription": {"text": "[MINED112] FastAPI POST /status has no auth: Handler `check_status` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_valid_request: Test function `test_valid_request` runs code but contains no asser", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_valid_request: Test function `test_valid_request` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked in", "shortDescription": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._pca_projection` used but never assigned in __init__: Method `search` of class `MultimodalRagStore` rea", "shortDescription": {"text": "[MINED108] `self._pca_projection` used but never assigned in __init__: Method `search` of class `MultimodalRagStore` reads `self._pca_projection`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attribu"}, "fullDescription": {"text": "Initialize `self._pca_projection = ` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /plans/:id/retry/route."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Download the artifact, verify its checksum or signature, pin the version, and then execute it."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `sign", "shortDescription": {"text": "[MINED107] Missing import: `signal` used but not imported: The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import signal` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED007", "name": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection.", "shortDescription": {"text": "[MINED007] Sql String Concat: cursor.execute(f\"... {user_input} ...\") \u2014 SQL injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-89 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/749"}, "properties": {"repository": "Shubhamsaboo/awesome-llm-apps", "repoUrl": "https://github.com/Shubhamsaboo/awesome-llm-apps", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62560, "scanner": "repobility-supply-chain", "fingerprint": "af78b10555e9ff7f9697612c18e1d5f639a6728e0de265a19a59f4941abfe4ed", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af78b10555e9ff7f9697612c18e1d5f639a6728e0de265a19a59f4941abfe4ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/openai_research_agent/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai-agents` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62559, "scanner": "repobility-supply-chain", "fingerprint": "b1f6b9926bca6b5cf745079fb7c75de49f94a6bd02d71a4fe438c92d5b5ad98d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1f6b9926bca6b5cf745079fb7c75de49f94a6bd02d71a4fe438c92d5b5ad98d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/openai_research_agent/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `together` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62558, "scanner": "repobility-supply-chain", "fingerprint": "b06d8affe9c7d59b58f69ae0ec5f6ee44400ddafda1b726464da30603840a1ae", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b06d8affe9c7d59b58f69ae0ec5f6ee44400ddafda1b726464da30603840a1ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/mixture_of_agents/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streamlit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62557, "scanner": "repobility-supply-chain", "fingerprint": "cb9d5a9b265bd112bf770f70892280a6d5affc4324b60f572b8c0527a09912e8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb9d5a9b265bd112bf770f70892280a6d5affc4324b60f572b8c0527a09912e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/mixture_of_agents/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `requests` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62556, "scanner": "repobility-supply-chain", "fingerprint": "44bbd33686bee83d4789da233470ebee593a569ff66ebdf9a4de2fd5a2a43c2c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44bbd33686bee83d4789da233470ebee593a569ff66ebdf9a4de2fd5a2a43c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_blog_to_podcast_agent/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `uvicorn` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62555, "scanner": "repobility-supply-chain", "fingerprint": "12a310fa93a38e6bfa53a572ba806886b62eb386f5c9e85a004ec1e07d6db595", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|12a310fa93a38e6bfa53a572ba806886b62eb386f5c9e85a004ec1e07d6db595"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_reasoning_agent/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `fastapi` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62554, "scanner": "repobility-supply-chain", "fingerprint": "f903164d33cc4b3d10379f3253559ca24a4c049e3c94b943c99e154270a2b088", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f903164d33cc4b3d10379f3253559ca24a4c049e3c94b943c99e154270a2b088"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_reasoning_agent/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `ollama` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62553, "scanner": "repobility-supply-chain", "fingerprint": "c55870a4958507a2382c47f533cb37565d065e83f955bbafe1678875a6648d80", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c55870a4958507a2382c47f533cb37565d065e83f955bbafe1678875a6648d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_reasoning_agent/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `agno` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62552, "scanner": "repobility-supply-chain", "fingerprint": "f36156700ccc95d3cbd0cd009dbeaf869bf182d07c2cae069a46d2e1d7e3b7a8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f36156700ccc95d3cbd0cd009dbeaf869bf182d07c2cae069a46d2e1d7e3b7a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_reasoning_agent/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `yfinance` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62551, "scanner": "repobility-supply-chain", "fingerprint": "a627cafeeb8c6fce1e0c4e0c004da6feb30413ef5e9ed3693923a70900f1538a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a627cafeeb8c6fce1e0c4e0c004da6feb30413ef5e9ed3693923a70900f1538a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/xai_finance_agent/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `duckduckgo-search` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62550, "scanner": "repobility-supply-chain", "fingerprint": "b8830a1bb176077cbac3946e52dcf9b244ce428ba5f44760509d5da5edc25980", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8830a1bb176077cbac3946e52dcf9b244ce428ba5f44760509d5da5edc25980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/xai_finance_agent/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `matplotlib` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62549, "scanner": "repobility-supply-chain", "fingerprint": "be345f1e4ebddea49ac5d05c424e038db710d1903c6e96fd96e47bcbd0f40973", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|be345f1e4ebddea49ac5d05c424e038db710d1903c6e96fd96e47bcbd0f40973"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_data_visualisation_agent/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `pandas` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62548, "scanner": "repobility-supply-chain", "fingerprint": "620708c73f67e145f119258586a54740e580945ab184efbeb01e6d6ce839a182", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|620708c73f67e145f119258586a54740e580945ab184efbeb01e6d6ce839a182"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_data_visualisation_agent/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streamlit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62547, "scanner": "repobility-supply-chain", "fingerprint": "c87c24f3d2076f4124e881e51a7c3b71253e73b63f0c4eca68c2e74e2a64153f", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c87c24f3d2076f4124e881e51a7c3b71253e73b63f0c4eca68c2e74e2a64153f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_data_visualisation_agent/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `duckduckgo-search` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62546, "scanner": "repobility-supply-chain", "fingerprint": "b830fdcfd860e87895830994b21f305763c4f215473271ad9e440dc133a3805b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b830fdcfd860e87895830994b21f305763c4f215473271ad9e440dc133a3805b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_breakup_recovery_agent/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `icalendar` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62545, "scanner": "repobility-supply-chain", "fingerprint": "e50ebb17c92d448e5f92934e38462b1f9d919b6897fbc68126867c0179719fe3", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e50ebb17c92d448e5f92934e38462b1f9d919b6897fbc68126867c0179719fe3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_travel_agent/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `google-search-results` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62544, "scanner": "repobility-supply-chain", "fingerprint": "7427ea9241064248fe25e1224ab1db51f2ee0259f86bbf217b34a882fcc8710d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7427ea9241064248fe25e1224ab1db51f2ee0259f86bbf217b34a882fcc8710d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_travel_agent/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62543, "scanner": "repobility-supply-chain", "fingerprint": "b2b74a63fbda887cb120bf9ef269eeca647fbdb9ff7b30cb1d76b8600798f21a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b2b74a63fbda887cb120bf9ef269eeca647fbdb9ff7b30cb1d76b8600798f21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_travel_agent/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streamlit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62542, "scanner": "repobility-supply-chain", "fingerprint": "031d180dc56d628697fa50dac8ae9e3eef4d7bafa13ec1452e245f72792aed90", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|031d180dc56d628697fa50dac8ae9e3eef4d7bafa13ec1452e245f72792aed90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_travel_agent/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-anthropic` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62541, "scanner": "repobility-supply-chain", "fingerprint": "35b209e90f83e7ea7f3bdd37db656d0977d9eba8dfea31d96ad3a7f84eaebeaf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35b209e90f83e7ea7f3bdd37db656d0977d9eba8dfea31d96ad3a7f84eaebeaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_meme_generator_agent_browseruse/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `langchain-openai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62540, "scanner": "repobility-supply-chain", "fingerprint": "e408b098ec9ee9c3bab9ce18c348391b3a9a598bc1b42204409f1620f0bce75e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e408b098ec9ee9c3bab9ce18c348391b3a9a598bc1b42204409f1620f0bce75e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_meme_generator_agent_browseruse/requirements.txt"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streamlit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62539, "scanner": "repobility-supply-chain", "fingerprint": "243ef69ca73298c68de2e8883db112c133c51264acb9f629958a2b83e6c54397", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|243ef69ca73298c68de2e8883db112c133c51264acb9f629958a2b83e6c54397"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_meme_generator_agent_browseruse/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `playwright` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62538, "scanner": "repobility-supply-chain", "fingerprint": "6db46bf4111d6575ee288293833ffcbfd5aa6f2bd51ec090237bc92de9a61ceb", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6db46bf4111d6575ee288293833ffcbfd5aa6f2bd51ec090237bc92de9a61ceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/web_scraping_ai_agent/requirements.txt"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `scrapegraphai` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62537, "scanner": "repobility-supply-chain", "fingerprint": "6bb2fe02554a3862d43b462d81c302bf163991c5b78c762ed42dd0e574e8f778", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6bb2fe02554a3862d43b462d81c302bf163991c5b78c762ed42dd0e574e8f778"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/web_scraping_ai_agent/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `streamlit` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 62536, "scanner": "repobility-supply-chain", "fingerprint": "3fddafc22cb184fb6e5ef3343b336588a5698ec3f2e8c1f8707d315716d3038a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3fddafc22cb184fb6e5ef3343b336588a5698ec3f2e8c1f8707d315716d3038a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/web_scraping_ai_agent/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `create_podcast` (dict): `def create_podcast(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 62498, "scanner": "repobility-ast-engine", "fingerprint": "660915f664088f3e3504527541e9f6628393c7cb85597d56ad467995264b7524", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|660915f664088f3e3504527541e9f6628393c7cb85597d56ad467995264b7524"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/utils/text_to_audio_elevenslab.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `text_to_speech_elevenlabs` (dict): `def text_to_speech_elevenlabs(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 62497, "scanner": "repobility-ast-engine", "fingerprint": "6b49fb9da64a59cee424fe0d3dbe4b4a95d83d050bbf94c0376448123253f2eb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b49fb9da64a59cee424fe0d3dbe4b4a95d83d050bbf94c0376448123253f2eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/utils/text_to_audio_elevenslab.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `system_prompt` (list): `def system_prompt(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 62490, "scanner": "repobility-ast-engine", "fingerprint": "217ce22811818d0e586711c8370c589502f178d487be61b102e739a7917b68df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|217ce22811818d0e586711c8370c589502f178d487be61b102e739a7917b68df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/windows_use_autonomous_agent/windows_use/agent/prompt/service.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 62489, "scanner": "repobility-ast-engine", "fingerprint": "1d6b074992bd85cee73efebb70f44a81621be85c54015534d0f1eaaa2b4f5f32", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d6b074992bd85cee73efebb70f44a81621be85c54015534d0f1eaaa2b4f5f32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/windows_use_autonomous_agent/windows_use/agent/service.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62462, "scanner": "repobility-ast-engine", "fingerprint": "e2d6258c095a7edf69311da4d29f71f8bd427a6b000937bdccc0c0aa6895823e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e2d6258c095a7edf69311da4d29f71f8bd427a6b000937bdccc0c0aa6895823e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 522}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62461, "scanner": "repobility-ast-engine", "fingerprint": "2ed96b4d8165b2db9b8f3eb02f473671ef85601bc21455faebed9957b7f419ae", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ed96b4d8165b2db9b8f3eb02f473671ef85601bc21455faebed9957b7f419ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 462}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62460, "scanner": "repobility-ast-engine", "fingerprint": "a99aa128fcf2f16d3a4d74e5ebdf6e1e3e1e018dcff759a8c0075612805c274d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a99aa128fcf2f16d3a4d74e5ebdf6e1e3e1e018dcff759a8c0075612805c274d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 386}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62459, "scanner": "repobility-ast-engine", "fingerprint": "f17a141bbf07a32dd40acd619a2a2c887e3ed0cc117e61ed88597c67b15d912a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f17a141bbf07a32dd40acd619a2a2c887e3ed0cc117e61ed88597c67b15d912a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62458, "scanner": "repobility-ast-engine", "fingerprint": "08ec665a4a6b413c6f833ae9da923b719440d0ebee5c751f2c4d19d4a607a284", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08ec665a4a6b413c6f833ae9da923b719440d0ebee5c751f2c4d19d4a607a284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62457, "scanner": "repobility-ast-engine", "fingerprint": "0d8e5f99d96791c6bad31fc1ec53801b89c60efb6e4c8deb75a940c387470750", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d8e5f99d96791c6bad31fc1ec53801b89c60efb6e4c8deb75a940c387470750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62456, "scanner": "repobility-ast-engine", "fingerprint": "3b8f8e81f6e92cbd6030f69e5897f876cc3308f7aa7449b6f2f88d193d2c7d2a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b8f8e81f6e92cbd6030f69e5897f876cc3308f7aa7449b6f2f88d193d2c7d2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62455, "scanner": "repobility-ast-engine", "fingerprint": "4a5db42ef5602dac1871c33775ceff3c5862d0bb5da01f4627917b7a85f080e3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a5db42ef5602dac1871c33775ceff3c5862d0bb5da01f4627917b7a85f080e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62453, "scanner": "repobility-ast-engine", "fingerprint": "688f386e00f9df4b32f1c7a56254659d598382c6a984fdac3fb3ed5e7c6abfc5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|688f386e00f9df4b32f1c7a56254659d598382c6a984fdac3fb3ed5e7c6abfc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/corrective_rag/corrective_rag.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62452, "scanner": "repobility-ast-engine", "fingerprint": "e0e07eebcede99740219bd1b75fc6841549cba479fbe509c9604bc48a4a611b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0e07eebcede99740219bd1b75fc6841549cba479fbe509c9604bc48a4a611b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/corrective_rag/corrective_rag.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62451, "scanner": "repobility-ast-engine", "fingerprint": "2ab740017d138c79e9d41175b8e8040d1366eba944bea16ee98b387e25136c70", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2ab740017d138c79e9d41175b8e8040d1366eba944bea16ee98b387e25136c70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/corrective_rag/corrective_rag.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62450, "scanner": "repobility-ast-engine", "fingerprint": "18ca4928cd88ae2d47c1605bf5973618849c8c0df70a4325d48919e51b0fa07b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|18ca4928cd88ae2d47c1605bf5973618849c8c0df70a4325d48919e51b0fa07b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/corrective_rag/corrective_rag.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62449, "scanner": "repobility-ast-engine", "fingerprint": "43b80ebb389176ad69e955a788831490a42d5cf33d58b8cf5723c9568677e2f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43b80ebb389176ad69e955a788831490a42d5cf33d58b8cf5723c9568677e2f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/corrective_rag/corrective_rag.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62448, "scanner": "repobility-ast-engine", "fingerprint": "74fac46b0470db8239eb6534ce1e514629a6d097cc15c38ec0013a47e6e9ce91", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74fac46b0470db8239eb6534ce1e514629a6d097cc15c38ec0013a47e6e9ce91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_data_analysis_agent/ai_data_analyst.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62447, "scanner": "repobility-ast-engine", "fingerprint": "4302a0b7a464a2483dca69e9f85bd1b045a5a6de5142fdfcaf8514380d003fa0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4302a0b7a464a2483dca69e9f85bd1b045a5a6de5142fdfcaf8514380d003fa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_data_analysis_agent/ai_data_analyst.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62446, "scanner": "repobility-ast-engine", "fingerprint": "be2751417921d2fef8ffeb81fcf0b049a3f9d5ad2d914cf1f3e3a54af3a1f4d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be2751417921d2fef8ffeb81fcf0b049a3f9d5ad2d914cf1f3e3a54af3a1f4d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/openai_research_agent/research_agent.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62445, "scanner": "repobility-ast-engine", "fingerprint": "2b569da5a6cc68a5c430640fc58f8fd8202227815fea93d924e86d91498896a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b569da5a6cc68a5c430640fc58f8fd8202227815fea93d924e86d91498896a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/openai_research_agent/research_agent.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62444, "scanner": "repobility-ast-engine", "fingerprint": "e0806932e204df8139bae450d98a3cd6acf98446d39465023f09ae8fa72b671e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0806932e204df8139bae450d98a3cd6acf98446d39465023f09ae8fa72b671e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_blog_to_podcast_agent/blog_to_podcast_agent.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62443, "scanner": "repobility-ast-engine", "fingerprint": "492fbabfce44fdf1133c459c62bc690bcaf992fa1341bbc5d2b03db8bd1ab88a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|492fbabfce44fdf1133c459c62bc690bcaf992fa1341bbc5d2b03db8bd1ab88a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_medical_imaging_agent/ai_medical_imaging.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62442, "scanner": "repobility-ast-engine", "fingerprint": "e61dabf42a8412e654f97c11794d078d7214fc9d4cbad56e0ad031d0cec1ffdc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e61dabf42a8412e654f97c11794d078d7214fc9d4cbad56e0ad031d0cec1ffdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_breakup_recovery_agent/ai_breakup_recovery_agent.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62441, "scanner": "repobility-ast-engine", "fingerprint": "c22a90a9e62b473e9dd8105afd019a5710ecdee53a65fdfebf9c4a4f6036c416", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c22a90a9e62b473e9dd8105afd019a5710ecdee53a65fdfebf9c4a4f6036c416"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/multimodal_ai_agent/multimodal_reasoning_agent.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62440, "scanner": "repobility-ast-engine", "fingerprint": "521578823b3b574661579e08ff7b00981499447d6cc668f98ecc2330a73189bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|521578823b3b574661579e08ff7b00981499447d6cc668f98ecc2330a73189bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/multimodal_ai_agent/multimodal_reasoning_agent.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62439, "scanner": "repobility-ast-engine", "fingerprint": "cfacebb526f406aadf0858a7e66156265ccad142edb5bf113b8a28a3b305697f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfacebb526f406aadf0858a7e66156265ccad142edb5bf113b8a28a3b305697f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/multimodal_ai_agent/mutimodal_agent.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62438, "scanner": "repobility-ast-engine", "fingerprint": "5653dc8936b8e402ab5f8767f01a664de74988be79fc3f2afce45215b02d3120", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5653dc8936b8e402ab5f8767f01a664de74988be79fc3f2afce45215b02d3120"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_startup_trend_analysis_agent/startup_trends_agent.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 62437, "scanner": "repobility-ast-engine", "fingerprint": "fdc56edbfeef150a111d0cc0c3905b8cfc92fd81cf4dff1f19c4f862893c62b1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fdc56edbfeef150a111d0cc0c3905b8cfc92fd81cf4dff1f19c4f862893c62b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_meme_generator_agent_browseruse/ai_meme_generator_agent.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62431, "scanner": "repobility-journey-contract", "fingerprint": "e94b90436e887dd34e1edcce41583ccfd3c46a0b70e45822bf1466dd9e75b4ac", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/podcasts/{param}", "correlation_key": "fp|e94b90436e887dd34e1edcce41583ccfd3c46a0b70e45822bf1466dd9e75b4ac", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 79}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62430, "scanner": "repobility-journey-contract", "fingerprint": "73322e405af24b585c089e8518adb6ea18365901b1ca48752dbe30287d7147dd", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/podcasts", "correlation_key": "fp|73322e405af24b585c089e8518adb6ea18365901b1ca48752dbe30287d7147dd", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 78}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62429, "scanner": "repobility-journey-contract", "fingerprint": "381d2d6bc055f3fc97d07a78dddfebcc15d33853cf71f3cff081c2743de5e2e8", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles/categories/list", "correlation_key": "fp|381d2d6bc055f3fc97d07a78dddfebcc15d33853cf71f3cff081c2743de5e2e8", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 75}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62428, "scanner": "repobility-journey-contract", "fingerprint": "5166026ec23481a6bc6c1f841b5af5b14d00b0718ff35542e3205ee41edf9d9d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles/sources/list", "correlation_key": "fp|5166026ec23481a6bc6c1f841b5af5b14d00b0718ff35542e3205ee41edf9d9d", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 74}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62427, "scanner": "repobility-journey-contract", "fingerprint": "93a7755a4f15cfd1e634bb7a58180c8159b3c79b474c0300aa3b074a7c52d6f5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles/{param}", "correlation_key": "fp|93a7755a4f15cfd1e634bb7a58180c8159b3c79b474c0300aa3b074a7c52d6f5", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62426, "scanner": "repobility-journey-contract", "fingerprint": "57756c94694e127ddd77d9dc53217491e97bb581688045945248c4b1969a0bc0", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles", "correlation_key": "fp|57756c94694e127ddd77d9dc53217491e97bb581688045945248c4b1969a0bc0", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 72}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62425, "scanner": "repobility-journey-contract", "fingerprint": "378014a7487b680373c4dab84e6c7bc9477019c8de98202738ff7f4626e7e9b5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles", "correlation_key": "fp|378014a7487b680373c4dab84e6c7bc9477019c8de98202738ff7f4626e7e9b5", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 34}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62424, "scanner": "repobility-journey-contract", "fingerprint": "3971865b4c8fe4bcb9ace9fe045bf04b9e5b26459e0ce83d04771316141380db", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/articles", "correlation_key": "fp|3971865b4c8fe4bcb9ace9fe045bf04b9e5b26459e0ce83d04771316141380db", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/services/api.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62423, "scanner": "repobility-journey-contract", "fingerprint": "dd72301c8394f8b4f543a58ccdef7402415ae3e8415445893c9df72c731a8ec5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/copilotkit", "correlation_key": "fp|dd72301c8394f8b4f543a58ccdef7402415ae3e8415445893c9df72c731a8ec5", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_negotiation_battle_simulator/frontend/src/app/layout.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62422, "scanner": "repobility-journey-contract", "fingerprint": "38489bdc8c02ede30116095c7b9192ae9785edc4fc6f89d579b0685a93b2779d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/copilotkit", "correlation_key": "fp|38489bdc8c02ede30116095c7b9192ae9785edc4fc6f89d579b0685a93b2779d", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_negotiation_battle_simulator/frontend/src/app/api/copilotkit/route.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62421, "scanner": "repobility-journey-contract", "fingerprint": "f7b6a3c78165dc1946733ae4ca936fd7a1fae6ccfc91e4b725c553d9b048d191", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plans/{param}", "correlation_key": "fp|f7b6a3c78165dc1946733ae4ca936fd7a1fae6ccfc91e4b725c553d9b048d191", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plans/page.tsx"}, "region": {"startLine": 127}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62420, "scanner": "repobility-journey-contract", "fingerprint": "765c8765b038d983923a3d041ef4787264ceaaa2f76c68179f70e7fdf9a2a491", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plans", "correlation_key": "fp|765c8765b038d983923a3d041ef4787264ceaaa2f76c68179f70e7fdf9a2a491", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plans/page.tsx"}, "region": {"startLine": 108}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62419, "scanner": "repobility-journey-contract", "fingerprint": "bfaee23bdb0bd500c863596b80bc442710cdb67354d9d840a13c21eb03c5ebac", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plan/submit", "correlation_key": "fp|bfaee23bdb0bd500c863596b80bc442710cdb67354d9d840a13c21eb03c5ebac", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plan/page.tsx"}, "region": {"startLine": 300}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62418, "scanner": "repobility-journey-contract", "fingerprint": "9c3b4458831f0bffb1f0f7b0f25145f735c576b50c86ac6c5420cc9ca7e07309", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plans/{param}/retry", "correlation_key": "fp|9c3b4458831f0bffb1f0f7b0f25145f735c576b50c86ac6c5420cc9ca7e07309", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plan/[id]/page.tsx"}, "region": {"startLine": 362}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 62417, "scanner": "repobility-journey-contract", "fingerprint": "ea41fa6aa13681aeb59bcc79e49e39c43b9b41c19b63c0312ceb1e93171a9e09", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/plans/{param}", "correlation_key": "fp|ea41fa6aa13681aeb59bcc79e49e39c43b9b41c19b63c0312ceb1e93171a9e09", "backend_endpoint_count": 14}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plan/[id]/page.tsx"}, "region": {"startLine": 226}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /workspace/provision/route."}, "properties": {"repobilityId": 62415, "scanner": "repobility-access-control", "fingerprint": "e023fba223324efd77c5d26e44607ebe0b999fcdcf8894b5a56e1f91a011787f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/workspace/provision/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|6|auc009", "duplicate_count": 1, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["9be85bcb709d7fd4074ff1a49b90f4209a503942a8161cd9dc99aa6cb6277d6c", "e023fba223324efd77c5d26e44607ebe0b999fcdcf8894b5a56e1f91a011787f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/workspace/provision/route.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /workspace/read-file/route."}, "properties": {"repobilityId": 62414, "scanner": "repobility-access-control", "fingerprint": "ef42743ae22f42b549dcd5146687b5c2f742d8c13e3e27aa8acce384a9566177", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation. Collapsed 4 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"path": "/workspace/read-file/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|4|auc009", "duplicate_count": 4, "identity_targets": ["unknown"], "duplicate_rule_ids": ["AUC009"], "duplicate_scanners": ["repobility-access-control"], "duplicate_fingerprints": ["4821ce8154703b0f12524c40b03d5c24e70d1227d57573214978d443145eacb7", "4a39ea473a7c16df492a9bdc7568465fb119092995d38e8f188d404cee28a380", "9ca5bb4e59f32a8ee99e322b6291de711cc92e205d7a76d05c936b7ad1d3845b", "a84b7acd05d2e4179053a19fe97147746a885ad36d93bacc80f579b0664dcf26", "ef42743ae22f42b549dcd5146687b5c2f742d8c13e3e27aa8acce384a9566177"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/workspace/read-file/route.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /workspace/download/route."}, "properties": {"repobilityId": 62413, "scanner": "repobility-access-control", "fingerprint": "1806ae550ad72413b93d20ce135ae4eb24ef274984665f20fcb3f7dc3036b0b5", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/workspace/download/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|23|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/workspace/download/route.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /call-tool/route."}, "properties": {"repobilityId": 62412, "scanner": "repobility-access-control", "fingerprint": "f035ce9d8774b876d27524a09cba8d74a4d2921f3b2d6e7bc10463753bde643d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/call-tool/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|24|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/call-tool/route.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /mcp-introspect/route."}, "properties": {"repobilityId": 62411, "scanner": "repobility-access-control", "fingerprint": "7a0dfe8c31c07391794cf0c44794d9cff916043da66e4f58d665432853951bbd", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/mcp-introspect/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|58|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/mcp-introspect/route.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 62407, "scanner": "repobility-access-control", "fingerprint": "b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 14, "correlation_key": "fp|b2b220ffd00544f11577c95c6ebba1d9777fd8f8945f26d82bcf37e8c3177020", "auth_visible_percent": 0.0}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 62406, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `ollama` image uses the latest tag"}, "properties": {"repobilityId": 62400, "scanner": "repobility-docker", "fingerprint": "b9f6fe4721d5364c4c08e2d77256154affde0b7c907206039dda9a4d3a46a66c", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ollama/ollama:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b9f6fe4721d5364c4c08e2d77256154affde0b7c907206039dda9a4d3a46a66c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `neo4j` image uses the latest tag"}, "properties": {"repobilityId": 62396, "scanner": "repobility-docker", "fingerprint": "7f658fc6300b611651c67dd8106e6652b27ca38a411eefda84551075009e5743", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "neo4j:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7f658fc6300b611651c67dd8106e6652b27ca38a411eefda84551075009e5743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62395, "scanner": "repobility-docker", "fingerprint": "2d4b79e0e00a1bcdd42255936b66c498d081894c525f5e7a13d7ed78999d479d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.11-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2d4b79e0e00a1bcdd42255936b66c498d081894c525f5e7a13d7ed78999d479d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62394, "scanner": "repobility-docker", "fingerprint": "e1283a7f5ff5677cca7730678efd25d8622222b27350be791ce782a6dd17d93d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e1283a7f5ff5677cca7730678efd25d8622222b27350be791ce782a6dd17d93d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62392, "scanner": "repobility-docker", "fingerprint": "9115367584d3b759188c2b3f8c2cd300b9e44dbe2aa6ed359d11800509827d30", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9115367584d3b759188c2b3f8c2cd300b9e44dbe2aa6ed359d11800509827d30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62389, "scanner": "repobility-docker", "fingerprint": "84995bbe0b3af56d47aa52b3842718e0fcf7766916ae4a03b949f212dedf9090", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|84995bbe0b3af56d47aa52b3842718e0fcf7766916ae4a03b949f212dedf9090"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/docker/Dockerfile.agent"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62388, "scanner": "repobility-docker", "fingerprint": "acc0fad448b382e4ae38afe4366a51575be6ba9dd66cd98a96ab8b4171143690", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12.10-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|acc0fad448b382e4ae38afe4366a51575be6ba9dd66cd98a96ab8b4171143690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62383, "scanner": "repobility-docker", "fingerprint": "5e46b760e931de5c550fdf065aa7d31379a4c3d72baa85bd5d474f158a6c5b1d", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5e46b760e931de5c550fdf065aa7d31379a4c3d72baa85bd5d474f158a6c5b1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/docker/Dockerfile.agent"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62382, "scanner": "repobility-docker", "fingerprint": "28e281f82c8d8b89178c645f1d1118379b16658ad364be3cc3fd4eca4e98fb04", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|28e281f82c8d8b89178c645f1d1118379b16658ad364be3cc3fd4eca4e98fb04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62379, "scanner": "repobility-docker", "fingerprint": "dfd851176a1db7df02396448017926087f4214ad494a2e296d5725a784628f2a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:20-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dfd851176a1db7df02396448017926087f4214ad494a2e296d5725a784628f2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-deep-research-agent/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 62377, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 62376, "scanner": "repobility-docker", "fingerprint": "8362ac95dc364acebf2fda04552158f3752ff8a3ca97e0863de4f6d4b3a7a6c3", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim-bookworm", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8362ac95dc364acebf2fda04552158f3752ff8a3ca97e0863de4f6d4b3a7a6c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 62373, "scanner": "repobility-agent-runtime", "fingerprint": "fd14063e885bce20fc3a2c4f9123a0b0b619d41abbdc6b439f4ca9335d6f8b5f", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|fd14063e885bce20fc3a2c4f9123a0b0b619d41abbdc6b439f4ca9335d6f8b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-deep-research-agent/agent/main.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 62372, "scanner": "repobility-agent-runtime", "fingerprint": "f7b49a83ec5d7f8665af4d04dfe04edeeb665300d3ba8ae6a32151363ccd27ed", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f7b49a83ec5d7f8665af4d04dfe04edeeb665300d3ba8ae6a32151363ccd27ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/main.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 62371, "scanner": "repobility-agent-runtime", "fingerprint": "677820162c1dd8bd96129294ddd4d84f0686961734085b993156fe56588ce70b", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|677820162c1dd8bd96129294ddd4d84f0686961734085b993156fe56588ce70b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_negotiation_battle_simulator/backend/agent.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 62330, "scanner": "repobility-threat-engine", "fingerprint": "04280cac4c6ead3ba5a2a8acf1f2ec1a5b1ccc65dcc61b529e1327c1eb9364de", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|04280cac4c6ead3ba5a2a8acf1f2ec1a5b1ccc65dcc61b529e1327c1eb9364de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/threejs-server/server-utils.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 62325, "scanner": "repobility-threat-engine", "fingerprint": "3b26728d4a3fde0e308a9c4dee2c59b7776aefed5ac659fe274204c0f7979d85", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "API_KEY='", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3b26728d4a3fde0e308a9c4dee2c59b7776aefed5ac659fe274204c0f7979d85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-dashboard-canvas-agent/agent/server.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 62314, "scanner": "repobility-threat-engine", "fingerprint": "93a10495a860a2dec1e1601e643357e2772a08eb4958fe66c8151f450ed9a9ed", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|22|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/workspace/exec/route.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 62313, "scanner": "repobility-threat-engine", "fingerprint": "1eb873e4e05993bd7e3e36e2c3f656e17caa93fcc897dcd61d35bac084708336", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new Function(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|152|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/threejs-server/src/threejs-app.tsx"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 62312, "scanner": "repobility-threat-engine", "fingerprint": "4a2fe22066798b1a15aed83266ca4136bc5eee1ab7d25d50e8a31a05746645a2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|30|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/google_adk_crash_course/4_tool_using_agent/4_2_function_tools/calculator_agent/tools.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC017", "level": "warning", "message": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely long inputs to burn through your API credits (a single 128K-token request to GPT-4 costs ~$4, and automated attacks can drain budgets in minutes). (2) Context stuffing \u2014 oversized inputs can push your system prompt out of the context window, effectively disab"}, "properties": {"repobilityId": 62301, "scanner": "repobility-threat-engine", "fingerprint": "9061ec06f0019672c81c857b74ad472069196a09f0c83ee795cb698195365a32", "category": "llm_injection", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "evidence": {"reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "rule_id": "SEC017", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "fp|9061ec06f0019672c81c857b74ad472069196a09f0c83ee795cb698195365a32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/llm_apps_with_memory_tutorials/ai_travel_agent_memory/travel_agent_memory.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC017", "level": "warning", "message": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely long inputs to burn through your API credits (a single 128K-token request to GPT-4 costs ~$4, and automated attacks can drain budgets in minutes). (2) Context stuffing \u2014 oversized inputs can push your system prompt out of the context window, effectively disab"}, "properties": {"repobilityId": 62300, "scanner": "repobility-threat-engine", "fingerprint": "208a69b6ee9ce4d9e5300f36fa87b53d25f9b18321643a88cabda0a32e11f945", "category": "llm_injection", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "evidence": {"reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "rule_id": "SEC017", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "fp|208a69b6ee9ce4d9e5300f36fa87b53d25f9b18321643a88cabda0a32e11f945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/llm_apps_with_memory_tutorials/ai_arxiv_agent_memory/ai_arxiv_agent_memory.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC017", "level": "warning", "message": {"text": "[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse \u2014 an attacker can send extremely long inputs to burn through your API credits (a single 128K-token request to GPT-4 costs ~$4, and automated attacks can drain budgets in minutes). (2) Context stuffing \u2014 oversized inputs can push your system prompt out of the context window, effectively disab"}, "properties": {"repobilityId": 62299, "scanner": "repobility-threat-engine", "fingerprint": "e09b3d4c0c536d1736270ace2ed21e4b9ddc4f989a26ac7076216557923bcbb6", "category": "llm_injection", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "evidence": {"reason": "This file sends user input to an LLM with no visible length check or rate limit. Risks: (1) cost abuse \u2014 automated long inputs drain API budget ($4/request at 128K tokens on GPT-4), (2) context stuffing \u2014 oversized input pushes system prompt out of context window, disabling safety rules. Add input length validation before the API call.", "rule_id": "SEC017", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "fp|e09b3d4c0c536d1736270ace2ed21e4b9ddc4f989a26ac7076216557923bcbb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/ai_customer_support_agent/customer_support_agent.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC042", "level": "warning", "message": {"text": "[SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes an unsafe pattern. Currently safe when only trusted internal values are interpolated (e.g. self._table in Odoo), but a future contributor can extend the f-string to user input without noticing. CWE-89. Identifiers (table/column names) need a separate escaping path from values."}, "properties": {"repobilityId": 62285, "scanner": "repobility-threat-engine", "fingerprint": "4a0104c93f0b67e22ae62258b857c5a9a33f179943d0ced630b6810295e70c4b", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cursor.execute(\n f\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC042", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|144|sec042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/utils/get_articles.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 62275, "scanner": "repobility-threat-engine", "fingerprint": "88f2d8808ea94a1c281972622e1fc7908fcc2d9028fe077df26a652711cef0bf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n payload = parse_json_object(run_adk_agent_text(root_agent, prompt))\n except Exceptio", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|88f2d8808ea94a1c281972622e1fc7908fcc2d9028fe077df26a652711cef0bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/agent.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 62274, "scanner": "repobility-threat-engine", "fingerprint": "593fa2a7cd9fbca0a46ad731a92f50a2e467a433e8744af714f204537ab1d81e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n search_url = f\"https://api.jikan.moe/v4/anime?q={query}&sfw=true&order_by=popularity&so", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|593fa2a7cd9fbca0a46ad731a92f50a2e467a433e8744af714f204537ab1d81e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/jikan_search.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 62273, "scanner": "repobility-threat-engine", "fingerprint": "670448053f62303183e1d2fc485c54592aaf8ca58d6493e8ba9b92a74f463298", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n api_key = \"OPENAI_API_KEY\")\n if not api_key:\n Non", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|670448053f62303183e1d2fc485c54592aaf8ca58d6493e8ba9b92a74f463298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/embedding_search.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 62271, "scanner": "repobility-threat-engine", "fingerprint": "3119d6cdd6b953446da48196f91b34e21d6d9af4d4758531548a691eedec680a", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.Popen(\n command,\n shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|97|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/scheduler.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 62270, "scanner": "repobility-threat-engine", "fingerprint": "bc5476bcb9ae59caeb472158455b74fe01cf83cd2ccf5152e260e0749b8f1639", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_session", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|103|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/live_demo/server.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 62269, "scanner": "repobility-threat-engine", "fingerprint": "ee54004842b1e1fd2f5125d1ddd75167d249d9e6b7da62ce6bf79e01eed85001", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_session", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|35|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/async_podcast_agent_router.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 62251, "scanner": "repobility-threat-engine", "fingerprint": "2b200cf59955a8f6ee30cc0cebdfb222521fcbb6769bc428954026e22d79cf4f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception as _:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b200cf59955a8f6ee30cc0cebdfb222521fcbb6769bc428954026e22d79cf4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/db/articles.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 62250, "scanner": "repobility-threat-engine", "fingerprint": "2659b2889bcc26570c5740679eb9bab7bba6596490871a0385fe78d87ee1a78c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception as _:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2659b2889bcc26570c5740679eb9bab7bba6596490871a0385fe78d87ee1a78c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/scrape_agent.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 62249, "scanner": "repobility-threat-engine", "fingerprint": "48f7fff8a93a267bdd43f8ef9f7882034734f37253f526b0e6bda9ec4701463d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|48f7fff8a93a267bdd43f8ef9f7882034734f37253f526b0e6bda9ec4701463d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/multimodal_coding_agent_team/ai_coding_agent_o3.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 62232, "scanner": "repobility-threat-engine", "fingerprint": "9830756001b303e2ef5a21d9a657412e61220b6da09b3672beac2f902ba9266f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"user@example.com\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9830756001b303e2ef5a21d9a657412e61220b6da09b3672beac2f902ba9266f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/services/db_service.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 62218, "scanner": "repobility-threat-engine", "fingerprint": "6e76d248e34287a364cd1df7d7399bbb53745abdc3c39799a69d196b7520def4", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"Request: {req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6e76d248e34287a364cd1df7d7399bbb53745abdc3c39799a69d196b7520def4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/tools/kayak_flight.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 62217, "scanner": "repobility-threat-engine", "fingerprint": "c3b1329839a405d0082024386c9af887acfe75f918ba4f486d33cb07a0d38ead", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"Triggering travel plan agent for trip ID: {req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3b1329839a405d0082024386c9af887acfe75f918ba4f486d33cb07a0d38ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/router/plan.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 62216, "scanner": "repobility-threat-engine", "fingerprint": "4839ee0ead7ec869406a090009e80dbebdff90e8e1a0950a22ce82c2bbfef500", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(\n f\"Converting input text to model: {target_model.__name__} : {input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4839ee0ead7ec869406a090009e80dbebdff90e8e1a0950a22ce82c2bbfef500"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/agents/structured_output.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 62436, "scanner": "repobility-web-presence", "fingerprint": "b11a2e700d5854c6cf416258f3c0b51b5371cd99424893076c9e1d5de51eabc3", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|b11a2e700d5854c6cf416258f3c0b51b5371cd99424893076c9e1d5de51eabc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/public/robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 62416, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 62405, "scanner": "repobility-docker", "fingerprint": "aa58cef35df63f576eded4eefc5d1dd33fb89904b6928e3184cf2ce45bbed9d7", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "streamlit", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|aa58cef35df63f576eded4eefc5d1dd33fb89904b6928e3184cf2ce45bbed9d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 62403, "scanner": "repobility-docker", "fingerprint": "4551f526f5bf7e170e7320c1a426c2695c0466821533f46399b7be7195d38aa4", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "streamlit", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4551f526f5bf7e170e7320c1a426c2695c0466821533f46399b7be7195d38aa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 62402, "scanner": "repobility-docker", "fingerprint": "79a33908d861864bcef7df4c83d46723aae91d502452aa33c82353253cd5c7e4", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "ollama", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|79a33908d861864bcef7df4c83d46723aae91d502452aa33c82353253cd5c7e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 62401, "scanner": "repobility-docker", "fingerprint": "47a53e6912af04f6fb5d627fd525f49eba118d59f2d5c6e5dc26374726a3be83", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "ollama", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|47a53e6912af04f6fb5d627fd525f49eba118d59f2d5c6e5dc26374726a3be83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 62398, "scanner": "repobility-docker", "fingerprint": "d6876f3e17c01c66ff6ef559d627f5166bf7b043e18899f4e124b81f817dadfd", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "neo4j", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d6876f3e17c01c66ff6ef559d627f5166bf7b043e18899f4e124b81f817dadfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 62397, "scanner": "repobility-docker", "fingerprint": "d87d9094ca57b795ecf00f9ba7aa4f4f70e2c80fd8b4b9e4406489d74a1fad81", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "neo4j", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|d87d9094ca57b795ecf00f9ba7aa4f4f70e2c80fd8b4b9e4406489d74a1fad81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 62387, "scanner": "repobility-docker", "fingerprint": "999024b9342df49b095dba954efb0639573691cb7001a7add64a3c283692ac31", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|999024b9342df49b095dba954efb0639573691cb7001a7add64a3c283692ac31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/Dockerfile"}, "region": {"startLine": 48}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 62381, "scanner": "repobility-docker", "fingerprint": "c0e95e2356733b6919d3e097d4156c717ef73a20f978c3d62062a27fd2dbe68c", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c0e95e2356733b6919d3e097d4156c717ef73a20f978c3d62062a27fd2dbe68c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/Dockerfile"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 62374, "scanner": "repobility-docker", "fingerprint": "b6e4055fb9d8503a8186897e959061acbac7f0c69241179e9134566faafa27e9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b6e4055fb9d8503a8186897e959061acbac7f0c69241179e9134566faafa27e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d34f16075f39a69e2a0c06941ccddad96f00b5276d8c4bed254327a1e5e606a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/Sidebar.js", "duplicate_line": 349, "correlation_key": "fp|d34f16075f39a69e2a0c06941ccddad96f00b5276d8c4bed254327a1e5e606a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/pages/Home.js"}, "region": {"startLine": 344}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a091c84fa0c38e651650c466fefcf07ce30299e8a43f0bb264b11ab4ff9cefcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/social/Pagination.js", "duplicate_line": 26, "correlation_key": "fp|a091c84fa0c38e651650c466fefcf07ce30299e8a43f0bb264b11ab4ff9cefcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/pages/Articles.js"}, "region": {"startLine": 472}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62de557294189a85da63b83f62c83c3c2f0393aac72cd7ccb94a2bcd5a472c3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/social/Filters.js", "duplicate_line": 150, "correlation_key": "fp|62de557294189a85da63b83f62c83c3c2f0393aac72cd7ccb94a2bcd5a472c3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/pages/Articles.js"}, "region": {"startLine": 239}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f911b896240cd7650125976b3c7495d21a3d9f001d9edc9cd0098a1c88cc2030", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/SourceSelector.js", "duplicate_line": 90, "correlation_key": "fp|f911b896240cd7650125976b3c7495d21a3d9f001d9edc9cd0098a1c88cc2030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/pages/Articles.js"}, "region": {"startLine": 130}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "74905c90701fe33f4de8c205df54df446899efe3dc9d76020e92232c74cfed18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/social/PostDetailPanel.js", "duplicate_line": 82, "correlation_key": "fp|74905c90701fe33f4de8c205df54df446899efe3dc9d76020e92232c74cfed18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/social/PostItem.js"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62365, "scanner": "repobility-ai-code-hygiene", "fingerprint": "110bfc57771bba572129374d70f02513b6860943315f24edf1cbe5de4a54b98d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/PodcastConfigForm.js", "duplicate_line": 75, "correlation_key": "fp|110bfc57771bba572129374d70f02513b6860943315f24edf1cbe5de4a54b98d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/TaskForm.js"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62364, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdcad5c9f7798e457a4a23da0e0a01c1876a541ab9ba52fcd4a8682316ede3a4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ActivePodcastPreview.js", "duplicate_line": 30, "correlation_key": "fp|cdcad5c9f7798e457a4a23da0e0a01c1876a541ab9ba52fcd4a8682316ede3a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/SourceSelection.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa178e53bc10cb55f43c8325f0d1d6276a81b210f7948e7434aa538f11fb7df6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ScriptConfirmation.js", "duplicate_line": 20, "correlation_key": "fp|fa178e53bc10cb55f43c8325f0d1d6276a81b210f7948e7434aa538f11fb7df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/SourceSelection.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41cc07241c9c495104a7b1f4da7b78d26a7484ad9d9f96913c8f135bc9f2cab5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/AudioConfirmation.js", "duplicate_line": 156, "correlation_key": "fp|41cc07241c9c495104a7b1f4da7b78d26a7484ad9d9f96913c8f135bc9f2cab5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ScriptConfirmation.js"}, "region": {"startLine": 242}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16aad1285788442a9be2bc4fbbdcc76556b016fd53c2b1b006aa0cbfa5cb6702", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/BannerConfirmation.js", "duplicate_line": 194, "correlation_key": "fp|16aad1285788442a9be2bc4fbbdcc76556b016fd53c2b1b006aa0cbfa5cb6702"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ScriptConfirmation.js"}, "region": {"startLine": 233}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d75cb043a72fef4056e5410d15758208e32aebafdb10c83def4686604d10bd3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ActivePodcastPreview.js", "duplicate_line": 30, "correlation_key": "fp|3d75cb043a72fef4056e5410d15758208e32aebafdb10c83def4686604d10bd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ScriptConfirmation.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0397ae22d4d57dbef106789582243c9bf20877d273750f4433036a7e50dfb8a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/PodcastConfigForm.js", "duplicate_line": 298, "correlation_key": "fp|e0397ae22d4d57dbef106789582243c9bf20877d273750f4433036a7e50dfb8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ProgressIndicator.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61458cb0038c2550b36ccd2cd49182aeedfe9009b48a9b845d2c0fb5933adb01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/ActivePodcastPreview.js", "duplicate_line": 597, "correlation_key": "fp|61458cb0038c2550b36ccd2cd49182aeedfe9009b48a9b845d2c0fb5933adb01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/FinalPresentation.js"}, "region": {"startLine": 411}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62357, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b84022f6e427828833a5a19b3cee5efc6cd24120f773b5b61325206b1f650659", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/AudioConfirmation.js", "duplicate_line": 156, "correlation_key": "fp|b84022f6e427828833a5a19b3cee5efc6cd24120f773b5b61325206b1f650659"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/BannerConfirmation.js"}, "region": {"startLine": 203}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62356, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb3171c58f3ac2178d28ceeb95995ab2600f36485b5207a65d2f9aeee1e1f4fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/audio_generate_agent.py", "duplicate_line": 29, "correlation_key": "fp|fb3171c58f3ac2178d28ceeb95995ab2600f36485b5207a65d2f9aeee1e1f4fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/utils/text_to_audio_openai.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62355, "scanner": "repobility-ai-code-hygiene", "fingerprint": "341b9a6a6e97771c649c5c949b7bffbd9816ec05eb291341144bcdbdb7b7dcf2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/services/db_init.py", "duplicate_line": 290, "correlation_key": "fp|341b9a6a6e97771c649c5c949b7bffbd9816ec05eb291341144bcdbdb7b7dcf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/social/db.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62354, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1282c58aa2713692d0b644155ecc6c508dd5cec712b03504a354af93a6ea60db", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/search_agent.py", "duplicate_line": 15, "correlation_key": "fp|1282c58aa2713692d0b644155ecc6c508dd5cec712b03504a354af93a6ea60db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/pipeline/search_agent.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62353, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd18fa75ca29b32f82c0f101446c2331c8cd396d741a8e404a3129348802c603", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/script_agent.py", "duplicate_line": 8, "correlation_key": "fp|bd18fa75ca29b32f82c0f101446c2331c8cd396d741a8e404a3129348802c603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/pipeline/script_agent.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62352, "scanner": "repobility-ai-code-hygiene", "fingerprint": "64005edfffd9306b3ca29a3678d21f15030ee3c46f1d3e8adc2a08d9e5307c09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/scrape_agent.py", "duplicate_line": 7, "correlation_key": "fp|64005edfffd9306b3ca29a3678d21f15030ee3c46f1d3e8adc2a08d9e5307c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/pipeline/scrape_agent.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62351, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab14aaa0ab7c414b05b1d7ea64a2daa8143f1a4b038469da5fb60308e65eb375", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/image_generate_agent.py", "duplicate_line": 11, "correlation_key": "fp|ab14aaa0ab7c414b05b1d7ea64a2daa8143f1a4b038469da5fb60308e65eb375"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/pipeline/image_generate_agent.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62350, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f317fe15a871c9ef42c070bd7b1ca5b6445fb7fe492cc28a2c74a5d3913c48c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/db/tasks.py", "duplicate_line": 68, "correlation_key": "fp|4f317fe15a871c9ef42c070bd7b1ca5b6445fb7fe492cc28a2c74a5d3913c48c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/services/task_service.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62349, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80ebfc93d74b42b70b154311e0e05c3e8e1950fff5b3b5fc6a57d72933adb55f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/db/podcast_configs.py", "duplicate_line": 126, "correlation_key": "fp|80ebfc93d74b42b70b154311e0e05c3e8e1950fff5b3b5fc6a57d72933adb55f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/services/podcast_config_service.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62348, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4974f1e3c630633a739b4327912c38820d71f1d0446abfd22940b3eff63353eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/ai_analysis_processor.py", "duplicate_line": 113, "correlation_key": "fp|4974f1e3c630633a739b4327912c38820d71f1d0446abfd22940b3eff63353eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/embedding_processor.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62347, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2561d5d76c014906a2bc8c8b9cac6779e4b86e3a9c4506743eb1662dd225aa28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/multimodal_uiux_feedback_agent_team/tools.py", "duplicate_line": 3, "correlation_key": "fp|2561d5d76c014906a2bc8c8b9cac6779e4b86e3a9c4506743eb1662dd225aa28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_home_renovation_agent/tools.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62346, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a4e042dfb550f4dcd7924850c9d538c5b2ac92744746a7d85ee4a6e19200e9e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/ai_aqi_analysis_agent/ai_aqi_analysis_agent_gradio.py", "duplicate_line": 10, "correlation_key": "fp|2a4e042dfb550f4dcd7924850c9d538c5b2ac92744746a7d85ee4a6e19200e9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_aqi_analysis_agent/ai_aqi_analysis_agent_streamlit.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62345, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f937192cc48c121e51c4489e66df89ff3585ce494be184d176f747e3112f6c14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_sales_intelligence_agent_team/tools.py", "duplicate_line": 47, "correlation_key": "fp|f937192cc48c121e51c4489e66df89ff3585ce494be184d176f747e3112f6c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_vc_due_diligence_agent_team/tools.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62344, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3209b209ff9770811e50e2948457cb954d2d874c367c03c362323f74cf1c9aca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plan/submit/route.ts", "duplicate_line": 10, "correlation_key": "fp|3209b209ff9770811e50e2948457cb954d2d874c367c03c362323f74cf1c9aca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/plans/page.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62343, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88485916b904ae1896f3b039dd03340e0db494acdbcd304b2db7b2c7c173a982", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/retry/route.ts", "duplicate_line": 9, "correlation_key": "fp|88485916b904ae1896f3b039dd03340e0db494acdbcd304b2db7b2c7c173a982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/route.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62342, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f517e32309da87a74a3406a3eb3aa768a8e6bfb260270ebbcd3f54fc7004ec04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_real_estate_agent_team/ai_real_estate_agent_team.py", "duplicate_line": 16, "correlation_key": "fp|f517e32309da87a74a3406a3eb3aa768a8e6bfb260270ebbcd3f54fc7004ec04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_real_estate_agent_team/local_ai_real_estate_agent_team.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62341, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cfe1ff594c6e05fdfba25feb56d7dad9b1142e64a64dae5506d5ef5f05898f75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_legal_agent_team/legal_agent_team.py", "duplicate_line": 194, "correlation_key": "fp|cfe1ff594c6e05fdfba25feb56d7dad9b1142e64a64dae5506d5ef5f05898f75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_legal_agent_team/local_ai_legal_agent_team/local_legal_agent.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC022", "level": "note", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 62339, "scanner": "repobility-threat-engine", "fingerprint": "a0295760b3c02ceb07ca5089b9dc8dd930d9be42282fa02358a9ef85d2f7490b", "category": "credential_exposure", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value contains development/placeholder marker", "evidence": {"match": "postgresql://user:pass@", "reason": "Value contains development/placeholder marker", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "secret|token|15|postgresql://user:pass"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/local_hybrid_search_rag/local_main.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "SEC124", "level": "note", "message": {"text": "[SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason."}, "properties": {"repobilityId": 62290, "scanner": "repobility-threat-engine", "fingerprint": "1f6086051269a1639bda45ff1e8bd60b461e2a73d165accc67d684efa4a5cc69", "category": "race_condition", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.path.exists(file_path):\n with open(file_path, \"w", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC124", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1f6086051269a1639bda45ff1e8bd60b461e2a73d165accc67d684efa4a5cc69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_speech_trainer_agent/frontend/Home.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC004", "level": "note", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 62282, "scanner": "repobility-threat-engine", "fingerprint": "10859528b00061fa47408b75083ee4c857ced08283b012bcfa02ea462d27ef0d", "category": "injection", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "evidence": {"match": ".execute(\n f\"SELECT", "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "code|injection|token|144|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/utils/get_articles.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "SEC004", "level": "note", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 62281, "scanner": "repobility-threat-engine", "fingerprint": "e9741d6faffdf3ca66d60e2628e1158ebbe9494bd8f848fc41d386db41518317", "category": "injection", "severity": "low", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "evidence": {"match": "sql = f\"INSERT", "reason": "Placeholder variable defined nearby \u2014 likely parameterized query", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "code|injection|token|99|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/social/db.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_model_for_provider` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=5, else=2, if=2, nested_bonus=3."}, "properties": {"repobilityId": 62209, "scanner": "repobility-threat-engine", "fingerprint": "f1ba962732fa56cdfa68690f11642b6511498a7d9e63db799f3a82d01d52e544", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_model_for_provider", "breakdown": {"if": 2, "elif": 5, "else": 2, "nested_bonus": 3}, "complexity": 12, "correlation_key": "fp|f1ba962732fa56cdfa68690f11642b6511498a7d9e63db799f3a82d01d52e544"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/autonomous_game_playing_agent_apps/ai_tic_tac_toe_agent/agents.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `execute_move` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=3, except=1, if=2, nested_bonus=1, ternary=2."}, "properties": {"repobilityId": 62208, "scanner": "repobility-threat-engine", "fingerprint": "cd988b4badc55304782150da1a9e771ca7c3d3b86a8b18f48a606caa2fa54594", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "execute_move", "breakdown": {"if": 2, "elif": 3, "except": 1, "ternary": 2, "nested_bonus": 1}, "complexity": 9, "correlation_key": "fp|cd988b4badc55304782150da1a9e771ca7c3d3b86a8b18f48a606caa2fa54594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/autonomous_game_playing_agent_apps/ai_chess_agent/ai_chess_agent.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 62340, "scanner": "repobility-threat-engine", "fingerprint": "4a8246649717014f31b4b26b4a89f92c57e198618d4db0797773a8e1572ea7bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a8246649717014f31b4b26b4a89f92c57e198618d4db0797773a8e1572ea7bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "starter_ai_agents/ai_music_generator_agent/music_generator_agent.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 62337, "scanner": "repobility-threat-engine", "fingerprint": "95f15d0bdb0153b12693605dd7afe894f2c1cc40d422964c3a3ee5df6399a00d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95f15d0bdb0153b12693605dd7afe894f2c1cc40d422964c3a3ee5df6399a00d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/agentic_rag_math_agent/app/streamlit.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 62336, "scanner": "repobility-threat-engine", "fingerprint": "6c3d0779e1a88bc79f46363d7dbe46884096ddffb3b356da7066d26f2f228f6a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c3d0779e1a88bc79f46363d7dbe46884096ddffb3b356da7066d26f2f228f6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/apps/lucide-icons.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 62335, "scanner": "repobility-threat-engine", "fingerprint": "0aa3382e29ccd095d0981e7776077be0d0eaca207e24d0d58bbbf5d15db30096", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0aa3382e29ccd095d0981e7776077be0d0eaca207e24d0d58bbbf5d15db30096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-shadcn-component-generator/apps/ui/src/components/chat/chat-kit.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 62334, "scanner": "repobility-threat-engine", "fingerprint": "00a38f32f64f138876ec2832ea2e0f3475a15f522ad93f8757683252d0007b58", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00a38f32f64f138876ec2832ea2e0f3475a15f522ad93f8757683252d0007b58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-shadcn-component-generator/apps/runtime/server.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 62331, "scanner": "repobility-threat-engine", "fingerprint": "08c453124061e329a8a82798538da10d054f77e2ce2e6c831a8d4b6293b232b6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08c453124061e329a8a82798538da10d054f77e2ce2e6c831a8d4b6293b232b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/threejs-server/src/mcp-app-wrapper.tsx"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62329, "scanner": "repobility-threat-engine", "fingerprint": "c066fdac20648ab02e6c78e05ac6d7be6049c4550b793a58bcd25dd5d0594df0", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c066fdac20648ab02e6c78e05ac6d7be6049c4550b793a58bcd25dd5d0594df0"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62324, "scanner": "repobility-threat-engine", "fingerprint": "976bb413e58f70f53fa6a891d8be3bb3844b6ff3fd9e04272cb46082ff0a16ea", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|976bb413e58f70f53fa6a891d8be3bb3844b6ff3fd9e04272cb46082ff0a16ea", "aggregated_count": 1}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62323, "scanner": "repobility-threat-engine", "fingerprint": "2ed83aee07f0af72414bd18a7360a95d8bc67abd54b61d2fe0d931008df3ee23", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ed83aee07f0af72414bd18a7360a95d8bc67abd54b61d2fe0d931008df3ee23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/components/RunningStep.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62322, "scanner": "repobility-threat-engine", "fingerprint": "a2498aaf11d65e4c795a001245c3b16fafba56b14684f19347d3d43272e5e71a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2498aaf11d65e4c795a001245c3b16fafba56b14684f19347d3d43272e5e71a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/components/ResultsStep.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 62321, "scanner": "repobility-threat-engine", "fingerprint": "63d1b66a5b773aad0836df8d008323fdb023bb7bfc05c6255bf69376738f9228", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|63d1b66a5b773aad0836df8d008323fdb023bb7bfc05c6255bf69376738f9228"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/app/page.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 62320, "scanner": "repobility-threat-engine", "fingerprint": "58f60ed8e035bc400536fd00b101dd3f424c3aef2d8949ee966029c2064cb224", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58f60ed8e035bc400536fd00b101dd3f424c3aef2d8949ee966029c2064cb224"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-shadcn-component-generator/apps/ui/src/components/ui/chart.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 62319, "scanner": "repobility-threat-engine", "fingerprint": "8dfa6a39b28e3f99c3c46353ae1d98411dbe7e8d007b28fe9cded35b4bcb4c7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dfa6a39b28e3f99c3c46353ae1d98411dbe7e8d007b28fe9cded35b4bcb4c7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-dashboard-canvas-agent/src/components/ui/chart.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 62318, "scanner": "repobility-threat-engine", "fingerprint": "0310a31f7496c887f44fecc4f23f1da1f729094e73d643b37cd77ecf0321e4e2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0310a31f7496c887f44fecc4f23f1da1f729094e73d643b37cd77ecf0321e4e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/app/layout.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 62317, "scanner": "repobility-threat-engine", "fingerprint": "54784801aa58965d0afe0956ba1ba4841d9a38e3074ae4713f9d14db358194e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54784801aa58965d0afe0956ba1ba4841d9a38e3074ae4713f9d14db358194e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/openai_sdk_crash_course/5_context_management/agent.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 62316, "scanner": "repobility-threat-engine", "fingerprint": "6ec0ebb69530240694cb214bfdf847872ad1808a2a6dd2c1376feb0add15ff26", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ec0ebb69530240694cb214bfdf847872ad1808a2a6dd2c1376feb0add15ff26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/google_adk_crash_course/4_tool_using_agent/4_4_mcp_tools/firecrawl_agent/agent.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62311, "scanner": "repobility-threat-engine", "fingerprint": "dd5b64e6744e5f494f3eafb49441a01ab167cdd11743c3d4ade0f028db583ab9", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dd5b64e6744e5f494f3eafb49441a01ab167cdd11743c3d4ade0f028db583ab9"}}}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 62310, "scanner": "repobility-threat-engine", "fingerprint": "4ff69300e812f7fb0c3bb71d43c3dbc49cdf542f20e3c8adf2bcca420586172a", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|61|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/src/components/example-canvas/todo-list.tsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 62309, "scanner": "repobility-threat-engine", "fingerprint": "40e75eb8dac075ab3ab12cda4e18be2982684daf4c1148eb73ab932ec899b991", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|12|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-shadcn-component-generator/apps/ui/src/components/chat/input.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 62308, "scanner": "repobility-threat-engine", "fingerprint": "79ae8fb9fe244051c9a04a4322e80f44af1a2c0f4319ad7f91a8732f7ea606c7", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|25|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/chat_with_X_tutorials/streaming_ai_chatbot/steps/chat-api.step.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 62307, "scanner": "repobility-threat-engine", "fingerprint": "e9bef44272652a5ecb502f14f98158bf299b66a7cb41ba7aeb53e7c0265b59b2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e9bef44272652a5ecb502f14f98158bf299b66a7cb41ba7aeb53e7c0265b59b2", "aggregated_count": 3}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 62306, "scanner": "repobility-threat-engine", "fingerprint": "7587cd3bdedd06f00227912d230a7ce10b02be9355589ecea1dff21c8f95f107", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7587cd3bdedd06f00227912d230a7ce10b02be9355589ecea1dff21c8f95f107"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/openai_sdk_crash_course/2_structured_output_agent/support_ticket_agent.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 62305, "scanner": "repobility-threat-engine", "fingerprint": "a548932cc3e9334c9989f816353f5a1459e870c1e9ff003fdcee8f06991e3401", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a548932cc3e9334c9989f816353f5a1459e870c1e9ff003fdcee8f06991e3401"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/openai_sdk_crash_course/2_structured_output_agent/product_review_agent.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 62304, "scanner": "repobility-threat-engine", "fingerprint": "7348cda7bd47513d225a2006c08d4cb9a2b73225c8401aeb82ecdbe3687a9538", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7348cda7bd47513d225a2006c08d4cb9a2b73225c8401aeb82ecdbe3687a9538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/windows_use_autonomous_agent/main.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 62303, "scanner": "repobility-threat-engine", "fingerprint": "083268e3e24a578f5a7d204b18ef113cf5db17aab64648026606e7ad1cad89d9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|083268e3e24a578f5a7d204b18ef113cf5db17aab64648026606e7ad1cad89d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/youtube_ingest.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC017", "level": "none", "message": {"text": "[SEC017] Unbounded Input to LLM/External API (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 62302, "scanner": "repobility-threat-engine", "fingerprint": "e04aed541861866d6e0f8a6aaed705d96cbb12a52b6b05b40e6c82d27fbc2f5a", "category": "llm_injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC017", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e04aed541861866d6e0f8a6aaed705d96cbb12a52b6b05b40e6c82d27fbc2f5a"}}}, {"ruleId": "SEC016", "level": "none", "message": {"text": "[SEC016] LLM Prompt Injection \u2014 User Input in AI Prompt (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 62298, "scanner": "repobility-threat-engine", "fingerprint": "6bc0158f2bade6a58c0fb99848baec40712c0f4d2c1d646994f353e15e106eae", "category": "llm_injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC016", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6bc0158f2bade6a58c0fb99848baec40712c0f4d2c1d646994f353e15e106eae"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 62294, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 62293, "scanner": "repobility-threat-engine", "fingerprint": "f76870611eced731690b806276f4a20ab3964345ba40e62df0958904175aa5c7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f76870611eced731690b806276f4a20ab3964345ba40e62df0958904175aa5c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-shadcn-component-generator/apps/runtime/server.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 62292, "scanner": "repobility-threat-engine", "fingerprint": "57a4f633ddc29ce2b0d17a7458be06ab0d354bb6dce435d8a6c589b7a17173c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|57a4f633ddc29ce2b0d17a7458be06ab0d354bb6dce435d8a6c589b7a17173c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/research.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 62291, "scanner": "repobility-threat-engine", "fingerprint": "fb6cfaec50521c5f02037883a8f16e9132d48cbec1ef7a349abc15803a4b0f29", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb6cfaec50521c5f02037883a8f16e9132d48cbec1ef7a349abc15803a4b0f29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/devpulse_ai/adapters/arxiv.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 62280, "scanner": "repobility-threat-engine", "fingerprint": "15e7655c47187934f0443760ae9d6a892bdca64d4913e739691ad96fbdc903ec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|15e7655c47187934f0443760ae9d6a892bdca64d4913e739691ad96fbdc903ec", "aggregated_count": 4}}}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62276, "scanner": "repobility-threat-engine", "fingerprint": "8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8e478e56b730255b619eaaf214c2ac68864bd09b58591d59c20fe11bd4508abd"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 62268, "scanner": "repobility-threat-engine", "fingerprint": "f868dfe85cc0266bacbbc4893f47b2a11b3682d0df67addddcf834e5ff136c90", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f868dfe85cc0266bacbbc4893f47b2a11b3682d0df67addddcf834e5ff136c90", "aggregated_count": 13}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 62267, "scanner": "repobility-threat-engine", "fingerprint": "6ea929c02fbfb5a7af0593ebc81c852175b5513fc43d7eb6fda4daa8e215e1a7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ea929c02fbfb5a7af0593ebc81c852175b5513fc43d7eb6fda4daa8e215e1a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/devpulse_ai/main.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 62266, "scanner": "repobility-threat-engine", "fingerprint": "4bc82fbe730b8a1cce1893392d5f892ce4f219ec6d23465f1a15967d92ee5b0d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4bc82fbe730b8a1cce1893392d5f892ce4f219ec6d23465f1a15967d92ee5b0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/embedding_processor.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 62265, "scanner": "repobility-threat-engine", "fingerprint": "1dba6cd69298b74784d4e9b22e0324255c42302de892a61d2ade04cb533f5df8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1dba6cd69298b74784d4e9b22e0324255c42302de892a61d2ade04cb533f5df8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/ai_analysis_processor.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 62264, "scanner": "repobility-threat-engine", "fingerprint": "f340f0550f19048512292af4ea26aa33b4e23d5a00b7fb04cd9e96f043e36a06", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f340f0550f19048512292af4ea26aa33b4e23d5a00b7fb04cd9e96f043e36a06"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 62263, "scanner": "repobility-threat-engine", "fingerprint": "35262823b4df6d8aed4f22b66ac541813b3af1744c7b87af2d155e03b2bf63fd", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Error: No OpenAI API key provided. Please provide via --api_key or set OPENAI_API_KEY in .env", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|22|print error: no openai api key provided. please provide via --api_key or set openai_api_key in .env"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/embedding_processor.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 62262, "scanner": "repobility-threat-engine", "fingerprint": "f91aaa5fffd0e8cbc7b1e65a275de1a8790f29541bfebbea6e79027a62609b47", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Error: No OpenAI API key provided. Please provide via --api_key or set OPENAI_API_KEY in .env", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|18|print error: no openai api key provided. please provide via --api_key or set openai_api_key in .env"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/processors/ai_analysis_processor.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 62260, "scanner": "repobility-threat-engine", "fingerprint": "a7a0f08ac8f27c445d81ba90544bf9f0d3238508755148062d59497b3df7ee43", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a7a0f08ac8f27c445d81ba90544bf9f0d3238508755148062d59497b3df7ee43", "aggregated_count": 10}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 62259, "scanner": "repobility-threat-engine", "fingerprint": "54c47d2c12a1164bc3a7050a75391bfce21692268505231852d7058827f9b047", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54c47d2c12a1164bc3a7050a75391bfce21692268505231852d7058827f9b047"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/pipeline/image_generate_agent.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 62258, "scanner": "repobility-threat-engine", "fingerprint": "2d230594d66efc76159cd40daec07a0d60309c153754b47a24476a4155d8bd54", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d230594d66efc76159cd40daec07a0d60309c153754b47a24476a4155d8bd54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/tools/jikan_search.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 62257, "scanner": "repobility-threat-engine", "fingerprint": "90e09c190fe00a74053b5eb1261242de496f96055de1529763579c3744690e69", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90e09c190fe00a74053b5eb1261242de496f96055de1529763579c3744690e69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/agents/image_generate_agent.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 62256, "scanner": "repobility-threat-engine", "fingerprint": "971df404a934e1e2ff388a290f68ca5a278978b934d4761ba86ccf900b553029", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|971df404a934e1e2ff388a290f68ca5a278978b934d4761ba86ccf900b553029"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 62252, "scanner": "repobility-threat-engine", "fingerprint": "f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f73c07a3ac3dd195f50ed5e0e96e18ea3d5ae81e395cd5702ccc6657d0e46c1f"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 62248, "scanner": "repobility-threat-engine", "fingerprint": "7fa035b085c0bd9a31a5276c49da091420eed1825fee6f01486426827fccfced", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7fa035b085c0bd9a31a5276c49da091420eed1825fee6f01486426827fccfced", "aggregated_count": 5}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 62244, "scanner": "repobility-threat-engine", "fingerprint": "f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 62240, "scanner": "repobility-threat-engine", "fingerprint": "d56ea01cdd60998e2fc2f2342336c8657a0069bb45a14e4da65cab03cd958efb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d56ea01cdd60998e2fc2f2342336c8657a0069bb45a14e4da65cab03cd958efb", "aggregated_count": 19}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 62239, "scanner": "repobility-threat-engine", "fingerprint": "41bf887bfb5f731077e88d0db1b99757b34feaa13ce6705c3c0e508eaf37eba0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41bf887bfb5f731077e88d0db1b99757b34feaa13ce6705c3c0e508eaf37eba0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/SourceSelector.js"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 62238, "scanner": "repobility-threat-engine", "fingerprint": "135119a6dbffae25c1891bcba17b8180a37dee118f90e0652eb3492741a2ab18", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|135119a6dbffae25c1891bcba17b8180a37dee118f90e0652eb3492741a2ab18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/web/src/components/AudioConfirmation.js"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 62237, "scanner": "repobility-threat-engine", "fingerprint": "e6ecbd2e41ab4e1b528962c3170939566e0024d9d5b52d0e5b6755219c471222", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6ecbd2e41ab4e1b528962c3170939566e0024d9d5b52d0e5b6755219c471222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/components/ui/slider.tsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 62236, "scanner": "repobility-threat-engine", "fingerprint": "4eb5407183bb79cee652f59fdd2cea98c3f076ead6212912cd68768bcc57e2d2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4eb5407183bb79cee652f59fdd2cea98c3f076ead6212912cd68768bcc57e2d2", "aggregated_count": 28}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 62235, "scanner": "repobility-threat-engine", "fingerprint": "751bfc1c8cdcdb070da49f667aa1c6d3652ef83e64793332723b3a50f23c71af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|751bfc1c8cdcdb070da49f667aa1c6d3652ef83e64793332723b3a50f23c71af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/route.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 62234, "scanner": "repobility-threat-engine", "fingerprint": "ad526a3621aef28495f6b8cd7d0210c76a282a6b8c82e5f02394ec075bc0075e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad526a3621aef28495f6b8cd7d0210c76a282a6b8c82e5f02394ec075bc0075e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/retry/route.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 62233, "scanner": "repobility-threat-engine", "fingerprint": "3fb05f5fd760c766382ae091269c9882144cdfb7961f5315c8033af854dfba01", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3fb05f5fd760c766382ae091269c9882144cdfb7961f5315c8033af854dfba01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plan/submit/route.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 62231, "scanner": "repobility-threat-engine", "fingerprint": "b6ba1b15db75fe5d7173ecc33c472e17332513da54670981c1855657e6ddfc28", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6ba1b15db75fe5d7173ecc33c472e17332513da54670981c1855657e6ddfc28"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62227, "scanner": "repobility-threat-engine", "fingerprint": "ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ab8da9b5986ecd12b37a79c2996b8e50407d9cea73fb774fd0a38602f68fdc76", "aggregated_count": 1}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 62226, "scanner": "repobility-threat-engine", "fingerprint": "873fca8f215002ade132926cb6754e78219ba9ac47028c3ba4aa6b570c318721", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|873fca8f215002ade132926cb6754e78219ba9ac47028c3ba4aa6b570c318721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/models/podcast_config_schemas.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 62225, "scanner": "repobility-threat-engine", "fingerprint": "167d5df7d074d833cd637be26dc3c72b3f4359e8a79ba37a4f3055fb00debb5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|167d5df7d074d833cd637be26dc3c72b3f4359e8a79ba37a4f3055fb00debb5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/models/trip_db.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 62224, "scanner": "repobility-threat-engine", "fingerprint": "5597336aa027703ee4fa0054c97d2ae8b5797fed439d6770d503434e2d2de71b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5597336aa027703ee4fa0054c97d2ae8b5797fed439d6770d503434e2d2de71b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/models/plan_task.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 62223, "scanner": "repobility-threat-engine", "fingerprint": "7279be3bf1fcb1aa10ba0c2ac1be9be53dc68b6d651aeb9501d6be025f645add", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7279be3bf1fcb1aa10ba0c2ac1be9be53dc68b6d651aeb9501d6be025f645add", "aggregated_count": 13}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 62222, "scanner": "repobility-threat-engine", "fingerprint": "82b3cce642bd470d7cebb80edb37940a38093e3462a87ec6cdc3bb09007c4aa9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|82b3cce642bd470d7cebb80edb37940a38093e3462a87ec6cdc3bb09007c4aa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/multimodal_coding_agent_team/ai_coding_agent_o3.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 62221, "scanner": "repobility-threat-engine", "fingerprint": "62c0a4d5919a670ce9984660c05205a9988cfd33bbe732ab94ce7c645c3f387f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62c0a4d5919a670ce9984660c05205a9988cfd33bbe732ab94ce7c645c3f387f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/models/trip_db.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 62220, "scanner": "repobility-threat-engine", "fingerprint": "ed99d4a87d93fbb6ba4d1fc21de283dfb49d9099600adf424e72a15e8698ff49", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed99d4a87d93fbb6ba4d1fc21de283dfb49d9099600adf424e72a15e8698ff49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/models/plan_task.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC034", "level": "none", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62219, "scanner": "repobility-threat-engine", "fingerprint": "0c38f3359897d8fbb05222ca133c0d09a5b4d741ea471e5ee93549f3c0437c61", "category": "log_injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0c38f3359897d8fbb05222ca133c0d09a5b4d741ea471e5ee93549f3c0437c61"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 62215, "scanner": "repobility-threat-engine", "fingerprint": "4b9a4fefd8163e8e417a9cb6780f3315c1f451b1a7ce33528729dad342398819", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4b9a4fefd8163e8e417a9cb6780f3315c1f451b1a7ce33528729dad342398819"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 114 more): Same pattern found in 114 additional files. Review if needed."}, "properties": {"repobilityId": 62211, "scanner": "repobility-threat-engine", "fingerprint": "a896d47df27444c8c93b59c8e35c9ff8745c7b3ee4bcc66cefc380298e987881", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 114 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "execute_move", "breakdown": {"if": 2, "elif": 3, "except": 1, "ternary": 2, "nested_bonus": 1}, "aggregated": true, "complexity": 9, "correlation_key": "fp|a896d47df27444c8c93b59c8e35c9ff8745c7b3ee4bcc66cefc380298e987881", "aggregated_count": 114}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `anthropics/claude-code-action` pinned to mutable ref `@beta`: `uses: anthropics/claude-code-action@beta` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62578, "scanner": "repobility-supply-chain", "fingerprint": "9adc3c9c7a9c191f363fcd0276aa4d61b600944a80ced98e86b35a7c9f2dffaa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9adc3c9c7a9c191f363fcd0276aa4d61b600944a80ced98e86b35a7c9f2dffaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 62577, "scanner": "repobility-supply-chain", "fingerprint": "82dc48d2e706178bfa7c5ffd4e68520748a3d52cd3b2503349bd2c965ea5531d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|82dc48d2e706178bfa7c5ffd4e68520748a3d52cd3b2503349bd2c965ea5531d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62576, "scanner": "repobility-supply-chain", "fingerprint": "277c66d05e20e7c5d8ec5d864fa20bd8a033af0657f68f008d1acae8ad28ec68", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|277c66d05e20e7c5d8ec5d864fa20bd8a033af0657f68f008d1acae8ad28ec68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/Dockerfile"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest: `FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62575, "scanner": "repobility-supply-chain", "fingerprint": "1fa84a241d45bc675b843a276277d67d95548ea240e278ab9aba246458691244", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1fa84a241d45bc675b843a276277d67d95548ea240e278ab9aba246458691244"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62574, "scanner": "repobility-supply-chain", "fingerprint": "572ff33742c87ab3f976a828dfcc3e04ad22c2ee6086074cc4e7bce7897c5108", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|572ff33742c87ab3f976a828dfcc3e04ad22c2ee6086074cc4e7bce7897c5108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/docker/Dockerfile.agent"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62573, "scanner": "repobility-supply-chain", "fingerprint": "bff6990eefb5d80bf8830a4d4c62a6c9a01229ef23a8d8f4b6a5d6c0b8f16786", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bff6990eefb5d80bf8830a4d4c62a6c9a01229ef23a8d8f4b6a5d6c0b8f16786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/docker/Dockerfile.app"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62572, "scanner": "repobility-supply-chain", "fingerprint": "f9881498329ecaefcf2b37319e386a334517c870bbbc97a5646d04cffa265433", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f9881498329ecaefcf2b37319e386a334517c870bbbc97a5646d04cffa265433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/docker/Dockerfile.agent"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62571, "scanner": "repobility-supply-chain", "fingerprint": "7a70cc15989ca7c12aec225b00836aa157c9aa43a862f50da895459ff99bcc53", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a70cc15989ca7c12aec225b00836aa157c9aa43a862f50da895459ff99bcc53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/docker/Dockerfile.app"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-slim` not pinned by digest: `FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62570, "scanner": "repobility-supply-chain", "fingerprint": "b9b061226b87134466a95309bdc75163116db7e3cff062934e81e63913fefc4f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b9b061226b87134466a95309bdc75163116db7e3cff062934e81e63913fefc4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62569, "scanner": "repobility-supply-chain", "fingerprint": "2a10169957fa7eedb7016d2c781496480ddcfad4e58b30651d93ddad94e1e7ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a10169957fa7eedb7016d2c781496480ddcfad4e58b30651d93ddad94e1e7ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/Dockerfile"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62568, "scanner": "repobility-supply-chain", "fingerprint": "04a2972069da20ff6de3403f9874f6b2b61166e74ca532f3971a96bf330b85bf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04a2972069da20ff6de3403f9874f6b2b61166e74ca532f3971a96bf330b85bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-slim` not pinned by digest: `FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62567, "scanner": "repobility-supply-chain", "fingerprint": "1c032f2b7a7007009b5027cf11cce7836a774cb9dc94ec9b7cdacca6de1599dd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1c032f2b7a7007009b5027cf11cce7836a774cb9dc94ec9b7cdacca6de1599dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12.10-slim` not pinned by digest: `FROM python:3.12.10-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62566, "scanner": "repobility-supply-chain", "fingerprint": "ae3d800786b7320af59080933f653072e4a79ab726b532a14e46c5e85b0ff6c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ae3d800786b7320af59080933f653072e4a79ab726b532a14e46c5e85b0ff6c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-slim` not pinned by digest: `FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62565, "scanner": "repobility-supply-chain", "fingerprint": "cbcbd363fd50b60cf6276b34fd3ae10d1c89dca69e036ee0d5da1acf78f675c1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cbcbd363fd50b60cf6276b34fd3ae10d1c89dca69e036ee0d5da1acf78f675c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62564, "scanner": "repobility-supply-chain", "fingerprint": "3d3cf78b74643ae96de0f491375643991e2b6dc685c729a3f9863b571217ca63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d3cf78b74643ae96de0f491375643991e2b6dc685c729a3f9863b571217ca63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-slim` not pinned by digest: `FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62563, "scanner": "repobility-supply-chain", "fingerprint": "04563db47eeccadb30f0c44df026cbae8100919f4b97e4807958b8211a46bf26", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|04563db47eeccadb30f0c44df026cbae8100919f4b97e4807958b8211a46bf26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/Dockerfile"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `node:20-slim` not pinned by digest: `FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62562, "scanner": "repobility-supply-chain", "fingerprint": "d59fb57865b2e8d98584f619741798280a4989df1c550ddb3dfd437bd8bd78f4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d59fb57865b2e8d98584f619741798280a4989df1c550ddb3dfd437bd8bd78f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-deep-research-agent/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `python:3.11-slim` not pinned by digest: `FROM python:3.11-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 62561, "scanner": "repobility-supply-chain", "fingerprint": "4e58d8e3f0617eb0889b536e6c0bfbaa16714bcfc6067fbd60d4e5a7dc14a698", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4e58d8e3f0617eb0889b536e6c0bfbaa16714bcfc6067fbd60d4e5a7dc14a698"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express DELETE /mcp has no auth: Express route DELETE /mcp declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 62535, "scanner": "repobility-route-auth", "fingerprint": "c06d05295623bddb1396ef1d7065b39deafe729527d3c88cb80de12aa193b1c8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|c06d05295623bddb1396ef1d7065b39deafe729527d3c88cb80de12aa193b1c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/server.ts"}, "region": {"startLine": 1090}}}]}, {"ruleId": "MINED113", "level": "error", "message": {"text": "[MINED113] Express POST /mcp has no auth: Express route POST /mcp declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"repobilityId": 62534, "scanner": "repobility-route-auth", "fingerprint": "8ab08261ac82352653638a8194805089ff3d8abe52833a0274564d5a37329e25", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "express-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 7836}, "scanner": "repobility-route-auth", "correlation_key": "fp|8ab08261ac82352653638a8194805089ff3d8abe52833a0274564d5a37329e25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/server.ts"}, "region": {"startLine": 1078}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /status has no auth: Handler `check_status` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62533, "scanner": "repobility-route-auth", "fingerprint": "f4fc36227ff1f5195bef2acf82f13e64d7972d07dddf7361206ce10ce46683de", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|f4fc36227ff1f5195bef2acf82f13e64d7972d07dddf7361206ce10ce46683de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/async_podcast_agent_router.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /chat has no auth: Handler `chat` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62532, "scanner": "repobility-route-auth", "fingerprint": "92124e38ac1382b9c129171804cb37428eb9455c30ea80aa7d88a63ccad2e247", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|92124e38ac1382b9c129171804cb37428eb9455c30ea80aa7d88a63ccad2e247"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/async_podcast_agent_router.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /session has no auth: Handler `create_session` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62531, "scanner": "repobility-route-auth", "fingerprint": "46dd48e3e9829b4a622ce579a24e5394748d32e7223e48426ef5c2f53fe7781b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|46dd48e3e9829b4a622ce579a24e5394748d32e7223e48426ef5c2f53fe7781b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/async_podcast_agent_router.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{config_id}/disable has no auth: Handler `disable_podcast_config` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62530, "scanner": "repobility-route-auth", "fingerprint": "b1675f51bc8278f29f36ba137ac7caca00ab7d4a0752f8fb94c4041756eab70f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b1675f51bc8278f29f36ba137ac7caca00ab7d4a0752f8fb94c4041756eab70f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/podcast_config_router.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{config_id}/enable has no auth: Handler `enable_podcast_config` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62529, "scanner": "repobility-route-auth", "fingerprint": "ea1f361c811c128a1c2d5e6fef3de6d0efcc43b0b946c3196e4a33c1794209b7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ea1f361c811c128a1c2d5e6fef3de6d0efcc43b0b946c3196e4a33c1794209b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/podcast_config_router.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /{config_id} has no auth: Handler `delete_podcast_config` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62528, "scanner": "repobility-route-auth", "fingerprint": "55d2d563e31958e820dd8f89988e9bf07f3ecd8b278c649d4193acb9233202bf", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|55d2d563e31958e820dd8f89988e9bf07f3ecd8b278c649d4193acb9233202bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/podcast_config_router.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PUT /{config_id} has no auth: Handler `update_podcast_config` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62527, "scanner": "repobility-route-auth", "fingerprint": "71f35cacba7977279237ce4033e36335a8a7d67197591aabfd989e4b6472d924", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|71f35cacba7977279237ce4033e36335a8a7d67197591aabfd989e4b6472d924"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/podcast_config_router.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `create_podcast_config` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62526, "scanner": "repobility-route-auth", "fingerprint": "5e893b043e31371ae973edc8d875d5a5f9552654d452902278ca4214b4993529", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|5e893b043e31371ae973edc8d875d5a5f9552654d452902278ca4214b4993529"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/podcast_config_router.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{task_id}/disable has no auth: Handler `disable_task` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62525, "scanner": "repobility-route-auth", "fingerprint": "a905a792ffdf5b30fe99a2412be72df68d9d90f63ed077cd8b1d0aca753c8ed4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a905a792ffdf5b30fe99a2412be72df68d9d90f63ed077cd8b1d0aca753c8ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/task_router.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /{task_id}/enable has no auth: Handler `enable_task` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62524, "scanner": "repobility-route-auth", "fingerprint": "1fea5a97864508fb2f86bbfe15637c2ce82eddb342daa6aa2727e9c546b476a7", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1fea5a97864508fb2f86bbfe15637c2ce82eddb342daa6aa2727e9c546b476a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/task_router.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /{task_id} has no auth: Handler `delete_task` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62523, "scanner": "repobility-route-auth", "fingerprint": "2a8a463835528dd88d1576accb3ba89a32157180f8fa8db96612a76498197fa3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|2a8a463835528dd88d1576accb3ba89a32157180f8fa8db96612a76498197fa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/task_router.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PUT /{task_id} has no auth: Handler `update_task` is registered with router/app.put(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62522, "scanner": "repobility-route-auth", "fingerprint": "ae372a0f22cc32a87bafb6fae099831c7235a02a1063dce1a578b8d2a3862b4f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ae372a0f22cc32a87bafb6fae099831c7235a02a1063dce1a578b8d2a3862b4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/task_router.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST / has no auth: Handler `create_task` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62521, "scanner": "repobility-route-auth", "fingerprint": "e604dc18ab8659997a51cfc8b1b63a90dc1b7846c500cef77ea1633b06635149", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e604dc18ab8659997a51cfc8b1b63a90dc1b7846c500cef77ea1633b06635149"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_news_and_podcast_agents/beifong/routers/task_router.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /analyze has no auth: Handler `analyze` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62520, "scanner": "repobility-route-auth", "fingerprint": "505500eeb7dbd5360039e80fc7d5fcbcf82a946d31e775380d0d84186e8336ba", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|505500eeb7dbd5360039e80fc7d5fcbcf82a946d31e775380d0d84186e8336ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/ai_speech_trainer_agent/backend/main.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /trigger has no auth: Handler `trigger_trip_craft_agent` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62519, "scanner": "repobility-route-auth", "fingerprint": "24d6f75d19ec586e60a2c7bb0a25955cd4f21e48baaf88c8870f36911da211d4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|24d6f75d19ec586e60a2c7bb0a25955cd4f21e48baaf88c8870f36911da211d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/router/plan.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /api/sessions has no auth: Handler `create_session` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62518, "scanner": "repobility-route-auth", "fingerprint": "e6f2e28e49ebf5641c5a272dc3ee415b3af941c1022501f174995ac9d33e3d65", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e6f2e28e49ebf5641c5a272dc3ee415b3af941c1022501f174995ac9d33e3d65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/live_demo/server.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /videos/{video_id} has no auth: Handler `delete_video` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62517, "scanner": "repobility-route-auth", "fingerprint": "e21cb65f41db6821b680b9a1a181fa90f24191b1cda4b91ecfe4fa4a1824a3d0", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e21cb65f41db6821b680b9a1a181fa90f24191b1cda4b91ecfe4fa4a1824a3d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/multimodal_video_moment_finder/backend/server.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /find-moment-text has no auth: Handler `find_moment_text` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62516, "scanner": "repobility-route-auth", "fingerprint": "e6004f25014e1e66543c564d6239c6e81d2918c2a2d680f9e752f0167a360460", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e6004f25014e1e66543c564d6239c6e81d2918c2a2d680f9e752f0167a360460"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/multimodal_video_moment_finder/backend/server.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /find-moment has no auth: Handler `find_moment` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62515, "scanner": "repobility-route-auth", "fingerprint": "e30b514ac629791fcc62583dc8e32906be692495432ee70efe41c15d4583c92d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e30b514ac629791fcc62583dc8e32906be692495432ee70efe41c15d4583c92d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/multimodal_video_moment_finder/backend/server.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /upload-video has no auth: Handler `upload_video` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62514, "scanner": "repobility-route-auth", "fingerprint": "23deb6cff91cc395bdbac52120a2740a22ebe31f9e576870af5719a15aa738b6", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|23deb6cff91cc395bdbac52120a2740a22ebe31f9e576870af5719a15aa738b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/multimodal_video_moment_finder/backend/server.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /ask has no auth: Handler `ask` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62513, "scanner": "repobility-route-auth", "fingerprint": "91356b1acd499e69f2680b9504dd929b8d63c1ded975a09cc8f9882b44ef3f95", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|91356b1acd499e69f2680b9504dd929b8d63c1ded975a09cc8f9882b44ef3f95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/server.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI DELETE /sources/{source_id} has no auth: Handler `delete_source` is registered with router/app.delete(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62512, "scanner": "repobility-route-auth", "fingerprint": "54ab6112c71b070b3159396f0be982ea4d27109a99ea6e02b9bb90fdd86766f2", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|54ab6112c71b070b3159396f0be982ea4d27109a99ea6e02b9bb90fdd86766f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/server.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /sources/file has no auth: Handler `add_file_source` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62511, "scanner": "repobility-route-auth", "fingerprint": "a04f5cd444c56c4b8221146126b5cb42904a805fde511e873ca5fb2906266326", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|a04f5cd444c56c4b8221146126b5cb42904a805fde511e873ca5fb2906266326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/server.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /sources/url has no auth: Handler `add_url_source` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62510, "scanner": "repobility-route-auth", "fingerprint": "6bde6894eb9766e3a87135d2c4640a45e5f73235d13eee15ec8a3e8bc5f56f7a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|6bde6894eb9766e3a87135d2c4640a45e5f73235d13eee15ec8a3e8bc5f56f7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/server.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /sources/text has no auth: Handler `add_text_source` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 62509, "scanner": "repobility-route-auth", "fingerprint": "3ea3187653de2b42ff08b5d95a125628c544527f73fd742205f5334692a5e839", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3ea3187653de2b42ff08b5d95a125628c544527f73fd742205f5334692a5e839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/server.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_valid_request: Test function `test_valid_request` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62505, "scanner": "repobility-ast-engine", "fingerprint": "ceef747d945b5f522b3689393af24e02f3731902c44702263882618f616c8f9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ceef747d945b5f522b3689393af24e02f3731902c44702263882618f616c8f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/openai_sdk_crash_course/6_guardrails_validation/agent.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_input_guardrail: Test function `test_input_guardrail` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62504, "scanner": "repobility-ast-engine", "fingerprint": "03165b8d9cb5a929767006d7cbb8b87da40570d0c62e29a38e633847cc20074a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03165b8d9cb5a929767006d7cbb8b87da40570d0c62e29a38e633847cc20074a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/openai_sdk_crash_course/6_guardrails_validation/agent.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_agent: Test function `test_agent` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62503, "scanner": "repobility-ast-engine", "fingerprint": "b8d5bf7d5259cd86368f7805309717c028e293de63e4e139c8530b33a5b1a898", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b8d5bf7d5259cd86368f7805309717c028e293de63e4e139c8530b33a5b1a898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/google_adk_crash_course/6_callbacks/6_3_tool_execution_callbacks/agent.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_agent: Test function `test_agent` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62502, "scanner": "repobility-ast-engine", "fingerprint": "d5a33595f49c39ce8a999548974a2a194b97e7ea9cab8c38a37578081a002151", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5a33595f49c39ce8a999548974a2a194b97e7ea9cab8c38a37578081a002151"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/google_adk_crash_course/6_callbacks/6_2_llm_interaction_callbacks/agent.py"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_agent: Test function `test_agent` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62501, "scanner": "repobility-ast-engine", "fingerprint": "7a8baa6425f9c2e66fd0e0024a67f60494e9f15b00f06984deb68b1739c74a0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a8baa6425f9c2e66fd0e0024a67f60494e9f15b00f06984deb68b1739c74a0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai_agent_framework_crash_course/google_adk_crash_course/6_callbacks/6_1_agent_lifecycle_callbacks/agent.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 62500, "scanner": "repobility-ast-engine", "fingerprint": "bc9436928154051669488836454c5bff4c4dff516a45c6b47cff5b609e790876", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc9436928154051669488836454c5bff4c4dff516a45c6b47cff5b609e790876"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "mcp_ai_agents/notion_mcp_agent/notion_mcp_agent.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_extract_video_id_rejects_invalid_values: Test function `test_extract_video_id_rejects_invalid_values` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62488, "scanner": "repobility-ast-engine", "fingerprint": "d93eac06bbbbacb0bb784fc33e6aad78492023f379c96ab7bc6d3743b54bac6a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d93eac06bbbbacb0bb784fc33e6aad78492023f379c96ab7bc6d3743b54bac6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/single_agent_apps/earnings_call_analyst_agent/tests/test_core_contracts.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_session_state_logic: Test function `test_session_state_logic` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 62487, "scanner": "repobility-ast-engine", "fingerprint": "51288595d2e7f3c7d0361f9dccf5aae3b00e594d9a281facfce3b0f383fd18de", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51288595d2e7f3c7d0361f9dccf5aae3b00e594d9a281facfce3b0f383fd18de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_llm_apps/chat_with_X_tutorials/chat_with_youtube_videos/test_session_state.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._pca_projection` used but never assigned in __init__: Method `search` of class `MultimodalRagStore` reads `self._pca_projection`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62486, "scanner": "repobility-ast-engine", "fingerprint": "6aa41b67c837275261a32a4b9734afa9dd596d85e35c420dbbde3f947ad1b353", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6aa41b67c837275261a32a4b9734afa9dd596d85e35c420dbbde3f947ad1b353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 388}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._source_vectors` used but never assigned in __init__: Method `search` of class `MultimodalRagStore` reads `self._source_vectors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62485, "scanner": "repobility-ast-engine", "fingerprint": "0eabab8de4490742e9f8200ae31bfd9e739247837edce8b2ad3d3f3ce1ffee06", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0eabab8de4490742e9f8200ae31bfd9e739247837edce8b2ad3d3f3ce1ffee06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 387}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_text` used but never assigned in __init__: Method `search` of class `MultimodalRagStore` reads `self._embed_text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62484, "scanner": "repobility-ast-engine", "fingerprint": "4cd575f3de68d0172362d158be1281dcd3c2a8bffed767ae58b175bdf8458e78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4cd575f3de68d0172362d158be1281dcd3c2a8bffed767ae58b175bdf8458e78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 385}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._emit` used but never assigned in __init__: Method `remove_source` of class `MultimodalRagStore` reads `self._emit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62483, "scanner": "repobility-ast-engine", "fingerprint": "56f442165e77cbdfb07de142050b10f2d39e969fa2b23857761cd9d91edc303b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56f442165e77cbdfb07de142050b10f2d39e969fa2b23857761cd9d91edc303b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 380}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._emit` used but never assigned in __init__: Method `add_file_source` of class `MultimodalRagStore` reads `self._emit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62482, "scanner": "repobility-ast-engine", "fingerprint": "60c6055e7228717736c55290cedc0da2d973170ccd11dad1b3d3aae8268217bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60c6055e7228717736c55290cedc0da2d973170ccd11dad1b3d3aae8268217bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 369}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_text` used but never assigned in __init__: Method `add_file_source` of class `MultimodalRagStore` reads `self._embed_text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62481, "scanner": "repobility-ast-engine", "fingerprint": "0fc2a6cc5bebbb8fe4169a4460793210bc70618087c4768e65945a756dc14494", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fc2a6cc5bebbb8fe4169a4460793210bc70618087c4768e65945a756dc14494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 337}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_file` used but never assigned in __init__: Method `add_file_source` of class `MultimodalRagStore` reads `self._embed_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62480, "scanner": "repobility-ast-engine", "fingerprint": "89394327883a0b563cd89d3c4e9a47fdbe0af6cea1356171c75aa79936f8c3ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89394327883a0b563cd89d3c4e9a47fdbe0af6cea1356171c75aa79936f8c3ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 335}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._modality_from_mime` used but never assigned in __init__: Method `add_file_source` of class `MultimodalRagStore` reads `self._modality_from_mime`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62479, "scanner": "repobility-ast-engine", "fingerprint": "d90db2268584fbfe1c5202d8aa1673c08119d9388c5a53825d2e359171e2aa78", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d90db2268584fbfe1c5202d8aa1673c08119d9388c5a53825d2e359171e2aa78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._emit` used but never assigned in __init__: Method `add_text_source` of class `MultimodalRagStore` reads `self._emit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62478, "scanner": "repobility-ast-engine", "fingerprint": "5d8707dd634126e911929c69ddd83e57924bdeaabd6156f557d2032523ed38f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d8707dd634126e911929c69ddd83e57924bdeaabd6156f557d2032523ed38f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 327}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_text` used but never assigned in __init__: Method `add_text_source` of class `MultimodalRagStore` reads `self._embed_text`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62477, "scanner": "repobility-ast-engine", "fingerprint": "c7378bdaac2473cf1f4a521df23868872b0dfb8c2d7d425e61c86d5157c1d658", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7378bdaac2473cf1f4a521df23868872b0dfb8c2d7d425e61c86d5157c1d658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 314}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._source_vector` used but never assigned in __init__: Method `_source_vectors` of class `MultimodalRagStore` reads `self._source_vector`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62476, "scanner": "repobility-ast-engine", "fingerprint": "5eaba5589506f5054889057137326976539a88173021566e53fbd5e23de98e75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5eaba5589506f5054889057137326976539a88173021566e53fbd5e23de98e75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 284}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._chunks_for_source` used but never assigned in __init__: Method `_source_vector` of class `MultimodalRagStore` reads `self._chunks_for_source`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62475, "scanner": "repobility-ast-engine", "fingerprint": "c8aa1387d4c8a25c7d2f8e58e7fc39ff7a5fae4afcf8df8dcdb507cf3698bec5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c8aa1387d4c8a25c7d2f8e58e7fc39ff7a5fae4afcf8df8dcdb507cf3698bec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_uploaded_file` used but never assigned in __init__: Method `_embed_file` of class `MultimodalRagStore` reads `self._embed_uploaded_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62474, "scanner": "repobility-ast-engine", "fingerprint": "1ca65c93f33ab577ce3f4fb840eee423a424e131c46a8779aea11f78d1e4d6d8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ca65c93f33ab577ce3f4fb840eee423a424e131c46a8779aea11f78d1e4d6d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._embed_uploaded_file` used but never assigned in __init__: Method `_embed_file` of class `MultimodalRagStore` reads `self._embed_uploaded_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62473, "scanner": "repobility-ast-engine", "fingerprint": "aa208395a409e80a98cdc68ca5655e61f29bd6737a27fd972ce8b6800bcfee0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa208395a409e80a98cdc68ca5655e61f29bd6737a27fd972ce8b6800bcfee0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require_client` used but never assigned in __init__: Method `_embed_file` of class `MultimodalRagStore` reads `self._require_client`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62472, "scanner": "repobility-ast-engine", "fingerprint": "65b9b14a7d145e3e2f3ec15f697d380e34b66ccc544b12c476af814ecf6a8e1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65b9b14a7d145e3e2f3ec15f697d380e34b66ccc544b12c476af814ecf6a8e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._emit` used but never assigned in __init__: Method `_embed_uploaded_file` of class `MultimodalRagStore` reads `self._emit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62471, "scanner": "repobility-ast-engine", "fingerprint": "d3c3f7d71002cee6d9786cc536977161354b8b101f0507b1db73a8516a5f1869", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3c3f7d71002cee6d9786cc536977161354b8b101f0507b1db73a8516a5f1869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._suffix_from_mime` used but never assigned in __init__: Method `_embed_uploaded_file` of class `MultimodalRagStore` reads `self._suffix_from_mime`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62470, "scanner": "repobility-ast-engine", "fingerprint": "6bea5dfdf46a04ca746f230fa0b26f4dc52e2f5bcecd4400aabc5bf7475aa44c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bea5dfdf46a04ca746f230fa0b26f4dc52e2f5bcecd4400aabc5bf7475aa44c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require_client` used but never assigned in __init__: Method `_embed_uploaded_file` of class `MultimodalRagStore` reads `self._require_client`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62469, "scanner": "repobility-ast-engine", "fingerprint": "1874c7b19076bc11006d947969e62af3f2c75538b1578e126bb61d6e13b199b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1874c7b19076bc11006d947969e62af3f2c75538b1578e126bb61d6e13b199b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._require_client` used but never assigned in __init__: Method `_embed_text` of class `MultimodalRagStore` reads `self._require_client`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62468, "scanner": "repobility-ast-engine", "fingerprint": "7c2f91208a01b673c3ea3249c9c5339591712ba225ab0f0797eb9a558824858c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c2f91208a01b673c3ea3249c9c5339591712ba225ab0f0797eb9a558824858c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/multimodal_agentic_rag/backend/rag_store.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.generate_response` used but never assigned in __init__: Method `process_query` of class `RAGPipeline` reads `self.generate_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62467, "scanner": "repobility-ast-engine", "fingerprint": "6a5bf8deaa497466786a64e7645d57938d1c741de9535160b54eae7dd65906cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a5bf8deaa497466786a64e7645d57938d1c741de9535160b54eae7dd65906cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/rag-as-a-service/rag_app.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_system_prompt` used but never assigned in __init__: Method `process_query` of class `RAGPipeline` reads `self.create_system_prompt`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62466, "scanner": "repobility-ast-engine", "fingerprint": "1b30d43242b9addd72a3abb989a00e2c09af10b805596be54e843b08bd4c5195", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b30d43242b9addd72a3abb989a00e2c09af10b805596be54e843b08bd4c5195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/rag-as-a-service/rag_app.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.retrieve_chunks` used but never assigned in __init__: Method `process_query` of class `RAGPipeline` reads `self.retrieve_chunks`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62465, "scanner": "repobility-ast-engine", "fingerprint": "20acb98dbd67ae95f89f52eb16fc755019e4946276d16af67df2140226e9542b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20acb98dbd67ae95f89f52eb16fc755019e4946276d16af67df2140226e9542b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/rag-as-a-service/rag_app.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.embed_query` used but never assigned in __init__: Method `embed_documents` of class `GeminiEmbedder` reads `self.embed_query`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62464, "scanner": "repobility-ast-engine", "fingerprint": "77627b8141b9bb2249747506ce08f8493316de123b1a3fcff4655021afe24b84", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|77627b8141b9bb2249747506ce08f8493316de123b1a3fcff4655021afe24b84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/gemini_agentic_rag/agentic_rag_gemini.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.embed_query` used but never assigned in __init__: Method `embed_documents` of class `OllamaEmbedderr` reads `self.embed_query`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62463, "scanner": "repobility-ast-engine", "fingerprint": "c4e6b1dc4e684c488738e3880d8559801f30c6ce4f731a01ea426769e1d94c0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c4e6b1dc4e684c488738e3880d8559801f30c6ce4f731a01ea426769e1d94c0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/qwen_local_rag/qwen_local_rag_agent.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.embed_query` used but never assigned in __init__: Method `embed_documents` of class `OllamaEmbedderr` reads `self.embed_query`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 62454, "scanner": "repobility-ast-engine", "fingerprint": "73250af6e5e3532aec7027e667603cbb253899545627144b082edf3e84373bdc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|73250af6e5e3532aec7027e667603cbb253899545627144b082edf3e84373bdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/deepseek_local_rag_agent/deepseek_rag_agent.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 62435, "scanner": "repobility-journey-contract", "fingerprint": "af157be63ae4503b6b1ddd717fb4bb73d0e0578b7c6ecec386b4d8f0d78f4840", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|308|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/components/UploadStep.tsx"}, "region": {"startLine": 308}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 62434, "scanner": "repobility-journey-contract", "fingerprint": "18b51b309fb012032a911b87ce1e82190a64a9ff33d960d80a223c1121c1572e", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|244|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "awesome_agent_skills/self-improving-agent-skills/frontend/src/components/UploadStep.tsx"}, "region": {"startLine": 244}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 62433, "scanner": "repobility-journey-contract", "fingerprint": "6aa66f7b64187edcaed1770b456522b804e48fe41fbd1a78786aad4ec2ad2409", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|183|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/auth/page.tsx"}, "region": {"startLine": 183}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 62432, "scanner": "repobility-journey-contract", "fingerprint": "b606d09b2d47d1f638341ad34c11d82b6e24978d53d5d467fd55e3b2a471e5f5", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|125|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/auth/page.tsx"}, "region": {"startLine": 125}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /plans/:id/retry/route."}, "properties": {"repobilityId": 62410, "scanner": "repobility-access-control", "fingerprint": "31ace7114a854fdb902cc3e37e241f4653a24b8ecffda09d41b6cf21cbe95dd4", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plans/:id/retry/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / id /retry/route.ts|4|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/retry/route.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /plans/:id/route."}, "properties": {"repobilityId": 62409, "scanner": "repobility-access-control", "fingerprint": "a5999d9fb641ab037e040f68cc151d6be71ac3a10bcace708cf26a22a719ce7c", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plans/:id/route", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / id /route.ts|48|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/route.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /plans/:id/route."}, "properties": {"repobilityId": 62408, "scanner": "repobility-access-control", "fingerprint": "a737b048ac56f799003dc03f2321d0bcc8f26e6ed31a278d326e123cdb5144bb", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/plans/:id/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / id /route.ts|4|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/client/app/api/plans/[id]/route.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 62399, "scanner": "repobility-docker", "fingerprint": "4ee8e7a70003ed4533350062c210e57d153444b5b3974f8e3f81d249ce8f7c4d", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "7474:7474", "target": "7474", "host_ip": "", "published": "7474"}, {"raw": "7687:7687", "target": "7687", "host_ip": "", "published": "7687"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "neo4j", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|4ee8e7a70003ed4533350062c210e57d153444b5b3974f8e3f81d249ce8f7c4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rag_tutorials/knowledge_graph_rag_citations/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62393, "scanner": "repobility-docker", "fingerprint": "a57a9de334fcdc2ee8028d4d0be052cfea2c8bcaea967779ad2d81c05e41ba4d", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a57a9de334fcdc2ee8028d4d0be052cfea2c8bcaea967779ad2d81c05e41ba4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/mcp-server/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62391, "scanner": "repobility-docker", "fingerprint": "ee46ddec8938afc029ceacee3ab401900a91bfa4ad97844c7673577c70493d42", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|ee46ddec8938afc029ceacee3ab401900a91bfa4ad97844c7673577c70493d42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/mcp-apps-generative-ui-showcase/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62390, "scanner": "repobility-docker", "fingerprint": "bac66c99be299505105412ac8e6903934ce070ea1a67f735728a8101949fde3f", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|bac66c99be299505105412ac8e6903934ce070ea1a67f735728a8101949fde3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/docker/Dockerfile.app"}, "region": {"startLine": 24}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 62386, "scanner": "repobility-docker", "fingerprint": "7c8976afdb4288eaf1816758ec4923fdfda1ca8d04678c05a2e2ab0ed0dc4126", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7c8976afdb4288eaf1816758ec4923fdfda1ca8d04678c05a2e2ab0ed0dc4126"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/generative-ui-starter-project/Dockerfile"}, "region": {"startLine": 29}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62385, "scanner": "repobility-docker", "fingerprint": "a40d71f3d7ce802d38bf3e164f4f1c16d883dec5be5e4dcd15787c0974444245", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a40d71f3d7ce802d38bf3e164f4f1c16d883dec5be5e4dcd15787c0974444245"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/Dockerfile"}, "region": {"startLine": 18}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62384, "scanner": "repobility-docker", "fingerprint": "8ca2a0be85b69ea13c72b88f5e1f2ad62218883257aa887936f30c2d22bcdd7e", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|8ca2a0be85b69ea13c72b88f5e1f2ad62218883257aa887936f30c2d22bcdd7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/docker/Dockerfile.app"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 62380, "scanner": "repobility-docker", "fingerprint": "b6dd403ba85c5e983514ba8da2c5b125cd03a76c9df10df5008ce37cfec5fd9d", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b6dd403ba85c5e983514ba8da2c5b125cd03a76c9df10df5008ce37cfec5fd9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-financial-coach-agent/Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 62378, "scanner": "repobility-docker", "fingerprint": "f4ca382f02830f3a7b219da88683da5b7f2185d64280a426d25438cf718dbe7a", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|f4ca382f02830f3a7b219da88683da5b7f2185d64280a426d25438cf718dbe7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-deep-research-agent/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 62375, "scanner": "repobility-docker", "fingerprint": "fac13e944179865d40b3e537005e647af7df1f488f392c234111e3d92668aded", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|fac13e944179865d40b3e537005e647af7df1f488f392c234111e3d92668aded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "advanced_ai_agents/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 62333, "scanner": "repobility-threat-engine", "fingerprint": "c23faa5f2f328c02e859d40fa684cda5b9e3c6d8f5864fae355a7d5668033b30", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(workspaceId", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c23faa5f2f328c02e859d40fa684cda5b9e3c6d8f5864fae355a7d5668033b30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "generative_ui_agents/ai-mcp-app-builder/apps/web/app/api/workspace/exec/route.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any