{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DEPCUR-GHA", "name": "GitHub Action `tj-actions/changed-files@v46` is 1 major version(s) behind (latest v47.0.6)", "shortDescription": {"text": "GitHub Action `tj-actions/changed-files@v46` is 1 major version(s) behind (latest v47.0.6)"}, "fullDescription": {"text": "`uses: tj-actions/changed-files@v46` is 1 major version(s) behind the latest published release v47.0.6. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 605 lines (recommend <300)", "shortDescription": {"text": "Average file size is 605 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `eps1lon/actions-label-merge-conflict` pinned to mutable ref `@v3.1.0`", "shortDescription": {"text": "Action `eps1lon/actions-label-merge-conflict` pinned to mutable ref `@v3.1.0`"}, "fullDescription": {"text": "`uses: eps1lon/actions-label-merge-conflict@v3.1.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/129"}, "properties": {"repository": "EbookFoundation/free-programming-books", "repoUrl": "https://github.com/EbookFoundation/free-programming-books.git", "branch": "main"}, "results": [{"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `tj-actions/changed-files@v46` is 1 major version(s) behind (latest v47.0.6)"}, "properties": {"repobilityId": 53645, "scanner": "repobility-dependency-currency", "fingerprint": "cc7c213e1e946470fa42afcd2f9c78ba42dcf6521178d05d41e4dd5dff5b1615", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "tj-actions/changed-files", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v47.0.6", "correlation_key": "fp|cc7c213e1e946470fa42afcd2f9c78ba42dcf6521178d05d41e4dd5dff5b1615", "current_version": "v46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v5` is 1 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53643, "scanner": "repobility-dependency-currency", "fingerprint": "38484aead64ade35826665e6be012f71bb1e44ac8ad4ca53d15c092920ce98f8", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|38484aead64ade35826665e6be012f71bb1e44ac8ad4ca53d15c092920ce98f8", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v5` is 1 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53642, "scanner": "repobility-dependency-currency", "fingerprint": "2e493eefc70030adf715ad16dde8b4ecae886efb2dd332c249627e9d5049b2ef", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|2e493eefc70030adf715ad16dde8b4ecae886efb2dd332c249627e9d5049b2ef", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fpb-lint.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `tj-actions/changed-files@v46` is 1 major version(s) behind (latest v47.0.6)"}, "properties": {"repobilityId": 53640, "scanner": "repobility-dependency-currency", "fingerprint": "de4702970be83dbc5e66d984959d5c72469e69e2d4694ca45c9c99a8c38eb070", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "tj-actions/changed-files", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v47.0.6", "correlation_key": "fp|de4702970be83dbc5e66d984959d5c72469e69e2d4694ca45c9c99a8c38eb070", "current_version": "v46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v5` is 1 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 53638, "scanner": "repobility-dependency-currency", "fingerprint": "298c62ced883553b1a296cb6e4528260f178b3056f1c66b0dc41bf15c45af9c7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|298c62ced883553b1a296cb6e4528260f178b3056f1c66b0dc41bf15c45af9c7", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 34126, "scanner": "repobility-ast-engine", "fingerprint": "b20d1286a011ec6f68174544693b1ef63c98b3e8181d308f17d181499fdff828", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b20d1286a011ec6f68174544693b1ef63c98b3e8181d308f17d181499fdff828"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rtl_ltr_linter.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 34125, "scanner": "repobility-ast-engine", "fingerprint": "ddf6ca344ce86973875c4dbcf2972bad1ea337a749a6ced08f072b4b3c4b2879", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddf6ca344ce86973875c4dbcf2972bad1ea337a749a6ced08f072b4b3c4b2879"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rtl_ltr_linter.py"}, "region": {"startLine": 214}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 3159, "scanner": "repobility-threat-engine", "fingerprint": "436cc5ad494b818344b4c3721a4b60d2332a46b62fd852c92984b631d9d72c96", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|436cc5ad494b818344b4c3721a4b60d2332a46b62fd852c92984b631d9d72c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rtl_ltr_linter.py"}, "region": {"startLine": 595}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 605 lines (recommend <300)"}, "properties": {"repobilityId": 3158, "scanner": "repobility-core", "fingerprint": "1f69a831bcdac3780574a747de21cefd1bf1158df6c610eb4ad381312ab65b43", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|1f69a831bcdac3780574a747de21cefd1bf1158df6c610eb4ad381312ab65b43"}}}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `eps1lon/actions-label-merge-conflict@v3.0.3` is minor version(s) behind (latest v3.1.0)"}, "properties": {"repobilityId": 53637, "scanner": "repobility-dependency-currency", "fingerprint": "380b466cb9aecf0126223a5cff8a1f1d1963868d8adac2c80d6c670986458dd2", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "eps1lon/actions-label-merge-conflict", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v3.1.0", "correlation_key": "fp|380b466cb9aecf0126223a5cff8a1f1d1963868d8adac2c80d6c670986458dd2", "current_version": "v3.0.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/detect-conflicting-prs.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 34124, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `eps1lon/actions-label-merge-conflict` pinned to mutable ref `@v3.1.0`"}, "properties": {"repobilityId": 56832, "scanner": "repobility-supply-chain", "fingerprint": "d80833698761a9a81626d971df559423024321ac4817a2cbbe554d05193eba58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d80833698761a9a81626d971df559423024321ac4817a2cbbe554d05193eba58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/detect-conflicting-prs.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 34145, "scanner": "repobility-supply-chain", "fingerprint": "bbf034aa9a2007c27b5dcb9cf4be8616736504821a9cf1c53a922bff950cc85e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bbf034aa9a2007c27b5dcb9cf4be8616736504821a9cf1c53a922bff950cc85e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `tj-actions/changed-files` pinned to mutable ref `@v46`"}, "properties": {"repobilityId": 34144, "scanner": "repobility-supply-chain", "fingerprint": "204ce802ad738ef80149bf77ba5eaf15e45cac0049787e70ac10eca877ab285f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|204ce802ad738ef80149bf77ba5eaf15e45cac0049787e70ac10eca877ab285f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 34143, "scanner": "repobility-supply-chain", "fingerprint": "968e64455cd4c673e01b9ec39c77b493c3ce431e254a4aa508ce08534a19cc40", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|968e64455cd4c673e01b9ec39c77b493c3ce431e254a4aa508ce08534a19cc40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 34142, "scanner": "repobility-supply-chain", "fingerprint": "c4cb4383bb36757468542c5ed9b8904b96fb1d998eaa3dd9136e825a6723055e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c4cb4383bb36757468542c5ed9b8904b96fb1d998eaa3dd9136e825a6723055e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rtl-ltr-linter.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 34141, "scanner": "repobility-supply-chain", "fingerprint": "6653cc3513efbe43d4172e6d10118fb5608ba7e218e545d9f41e39f97188a867", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6653cc3513efbe43d4172e6d10118fb5608ba7e218e545d9f41e39f97188a867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 34140, "scanner": "repobility-supply-chain", "fingerprint": "02529b661b30cf87d90a62ddfcd2dcc4997ce22b4f7033608b9f0b7c5e89554d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|02529b661b30cf87d90a62ddfcd2dcc4997ce22b4f7033608b9f0b7c5e89554d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fpb-lint.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 34139, "scanner": "repobility-supply-chain", "fingerprint": "36bd48a54f97d98f661bb7b0a9da2724958ba90ee9d4e7cab419bd46fc9c7e43", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|36bd48a54f97d98f661bb7b0a9da2724958ba90ee9d4e7cab419bd46fc9c7e43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fpb-lint.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 34138, "scanner": "repobility-supply-chain", "fingerprint": "76c3e6614450e009294513a13b7a7683239b75eea13aa834258258a06cacc83d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76c3e6614450e009294513a13b7a7683239b75eea13aa834258258a06cacc83d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/fpb-lint.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-ecosystem/action-remove-labels` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 34137, "scanner": "repobility-supply-chain", "fingerprint": "79ea21da334d854c09691d586c7f8eeaebf1391d81b3a97806a24776a754cacf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79ea21da334d854c09691d586c7f8eeaebf1391d81b3a97806a24776a754cacf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues-pinner.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-ecosystem/action-add-labels` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 34136, "scanner": "repobility-supply-chain", "fingerprint": "ec1fabbbcf7bd593a1cef6508dcee129a98cf1e4215a8dee7059c97b586aa8eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec1fabbbcf7bd593a1cef6508dcee129a98cf1e4215a8dee7059c97b586aa8eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/issues-pinner.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 34135, "scanner": "repobility-supply-chain", "fingerprint": "1dcc954780476087754b88cc0f74af3c6e0814d753cefd457d5980c8193d3564", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1dcc954780476087754b88cc0f74af3c6e0814d753cefd457d5980c8193d3564"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 34134, "scanner": "repobility-supply-chain", "fingerprint": "b02b093fed340e504e740c78a4ea37d1c73e4ef8158009d18edaa864c8b7d066", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b02b093fed340e504e740c78a4ea37d1c73e4ef8158009d18edaa864c8b7d066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 34133, "scanner": "repobility-supply-chain", "fingerprint": "2975417733638299de2047c5a45463ad8d00b2dcb2417b5ef037ae5ec82e3c03", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2975417733638299de2047c5a45463ad8d00b2dcb2417b5ef037ae5ec82e3c03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ruby/setup-ruby` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 34132, "scanner": "repobility-supply-chain", "fingerprint": "767daa5e64cf5fa55b31599788f3aa58048251b65cb5db29958ffceab1ae8a4c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|767daa5e64cf5fa55b31599788f3aa58048251b65cb5db29958ffceab1ae8a4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 34131, "scanner": "repobility-supply-chain", "fingerprint": "a0d4982af47e8d01b516c05b2c6b000e246eacc1a5f0625aea489812ba7e65af", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a0d4982af47e8d01b516c05b2c6b000e246eacc1a5f0625aea489812ba7e65af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `tj-actions/changed-files` pinned to mutable ref `@v46`"}, "properties": {"repobilityId": 34130, "scanner": "repobility-supply-chain", "fingerprint": "308aba1f3b0af38d0dd2cf10ca3a8ae0d4e8a03b6b237c7b795f4defc9f137d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|308aba1f3b0af38d0dd2cf10ca3a8ae0d4e8a03b6b237c7b795f4defc9f137d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 34129, "scanner": "repobility-supply-chain", "fingerprint": "9693a691eb56ae511a0d1fca51e1836ee490daa7e56df8160def4af5cbc6bd6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9693a691eb56ae511a0d1fca51e1836ee490daa7e56df8160def4af5cbc6bd6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/check-urls.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/github-script` pinned to mutable ref `@v9`"}, "properties": {"repobilityId": 34128, "scanner": "repobility-supply-chain", "fingerprint": "7d02aff30f8e948791077e3095847de6250d3311736e04d1174706aaf8dd5c4e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d02aff30f8e948791077e3095847de6250d3311736e04d1174706aaf8dd5c4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/comment-pr.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `eps1lon/actions-label-merge-conflict` pinned to mutable ref `@v3.0.3`"}, "properties": {"repobilityId": 34127, "scanner": "repobility-supply-chain", "fingerprint": "0d237f33291a7fff29e3385e122c1cb735d14944cb35a9c04275476ae6e70c0c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0d237f33291a7fff29e3385e122c1cb735d14944cb35a9c04275476ae6e70c0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/detect-conflicting-prs.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 3157, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}