{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "Mutable default argument in `cached_loader` (dict)", "shortDescription": {"text": "Mutable default argument in `cached_loader` (dict)"}, "fullDescription": {"text": "`def cached_loader(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `assert_valid_statement` has cognitive complexity 10 (SonarSource scale). ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `assert_valid_statement` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `registry.kpool.at/kulturpool/development-operations/ci-cd/docker-images/poetry-packag", "shortDescription": {"text": "Workflow container/services image `registry.kpool.at/kulturpool/development-operations/ci-cd/docker-images/poetry-packaging/poetry-packaging:1.1.1` unpinned"}, "fullDescription": {"text": "`container/services image: registry.kpool.at/kulturpool/development-operations/ci-cd/docker-images/poetry-packaging/poetry-packaging:1.1.1` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `python:3.12.9` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `python:3.12.9` not pinned by digest"}, "fullDescription": {"text": "`FROM python:3.12.9` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.get_rdf_graph` used but never assigned in __init__", "shortDescription": {"text": "`self.get_rdf_graph` used but never assigned in __init__"}, "fullDescription": {"text": "Method `get_framed_json_ld` of class `EDM_Record` reads `self.get_rdf_graph`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_construct_programmatically", "shortDescription": {"text": "Phantom test coverage: test_construct_programmatically"}, "fullDescription": {"text": "Test function `test_construct_programmatically` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/572"}, "properties": {"repository": "kulturpool/EDMLib", "repoUrl": "https://github.com/kulturpool/EDMLib.git", "branch": "main"}, "results": [{"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 42595, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "Mutable default argument in `cached_loader` (dict)"}, "properties": {"repobilityId": 42578, "scanner": "repobility-ast-engine", "fingerprint": "991b507124c32ffc1dfa55ab9ce41b28292cc0a62d7b81be78df98ad6d73bed6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|991b507124c32ffc1dfa55ab9ce41b28292cc0a62d7b81be78df98ad6d73bed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/jsonld_cached_documentloader.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 42597, "scanner": "repobility-docker", "fingerprint": "908f73bd9eef378bc36c154f8050c6879e0a551b94ffd118901b93c64090bbe4", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "edmlib-devcontainer", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|908f73bd9eef378bc36c154f8050c6879e0a551b94ffd118901b93c64090bbe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 42596, "scanner": "repobility-docker", "fingerprint": "17db76956d5031bc0f18ad17985b317427398bd30b6f7d8def0941f946109086", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "edmlib-devcontainer", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|17db76956d5031bc0f18ad17985b317427398bd30b6f7d8def0941f946109086"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 42594, "scanner": "repobility-docker", "fingerprint": "b1e08a521ecce188142790445186a715875246234175868076c8f68ad13e5d7f", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b1e08a521ecce188142790445186a715875246234175868076c8f68ad13e5d7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `assert_valid_statement` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: case=2, if=3, match=1, nested_bonus=4."}, "properties": {"repobilityId": 42584, "scanner": "repobility-threat-engine", "fingerprint": "65ad98f42c4ceb8abad64dd8926d383aacf7a0a431d1e5881171b1e4c5e44010", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "assert_valid_statement", "breakdown": {"if": 3, "case": 2, "match": 1, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|65ad98f42c4ceb8abad64dd8926d383aacf7a0a431d1e5881171b1e4c5e44010"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/validation/edm_rights.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_rdf_graph` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=3, if=2, nested_bonus=6."}, "properties": {"repobilityId": 42583, "scanner": "repobility-threat-engine", "fingerprint": "9543d17fc6913b9e1af0f15c69a1fea1dba210100d53ab7a77f3630d498773aa", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_rdf_graph", "breakdown": {"if": 2, "for": 3, "else": 1, "nested_bonus": 6}, "complexity": 12, "correlation_key": "fp|9543d17fc6913b9e1af0f15c69a1fea1dba210100d53ab7a77f3630d498773aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/record.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_triples` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=2, for=2, if=2, nested_bonus=6."}, "properties": {"repobilityId": 42582, "scanner": "repobility-threat-engine", "fingerprint": "835f80e14e9f727ae94e4aa408e90db96076207ecdd50cf753ae9dfaba737d03", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_triples", "breakdown": {"if": 2, "for": 2, "else": 1, "except": 2, "nested_bonus": 6}, "complexity": 13, "correlation_key": "fp|835f80e14e9f727ae94e4aa408e90db96076207ecdd50cf753ae9dfaba737d03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/base.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 42540, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 42593, "scanner": "repobility-threat-engine", "fingerprint": "a2a195a00df98fdc9bc87a32e250d971eb7a01ad75bbfb44c9a722619d95bbc2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a2a195a00df98fdc9bc87a32e250d971eb7a01ad75bbfb44c9a722619d95bbc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 241}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 42591, "scanner": "repobility-threat-engine", "fingerprint": "7630b83c29ce4bbe81150c08d9813daeab892a3e586453b4080977cd4a515bd8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7630b83c29ce4bbe81150c08d9813daeab892a3e586453b4080977cd4a515bd8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/record.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 42589, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 42588, "scanner": "repobility-threat-engine", "fingerprint": "613a31d4a6e2460e73d65d3fdabc631338e0509f2db8c5b296d082360b0b58f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|613a31d4a6e2460e73d65d3fdabc631338e0509f2db8c5b296d082360b0b58f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/validation/3d_vocabularies.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 42587, "scanner": "repobility-threat-engine", "fingerprint": "e629ca1cf8f6fd79e52622660d9f649bbc7b52a8bf99588eca20d19c0dd2e534", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e629ca1cf8f6fd79e52622660d9f649bbc7b52a8bf99588eca20d19c0dd2e534"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/enums.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 42586, "scanner": "repobility-threat-engine", "fingerprint": "b5bb9a1430d278128c162679b454b609f44259e7bf6ac673dea6513cfeea4ed8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5bb9a1430d278128c162679b454b609f44259e7bf6ac673dea6513cfeea4ed8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/classes/service.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 42585, "scanner": "repobility-threat-engine", "fingerprint": "33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "get_triples", "breakdown": {"if": 2, "for": 2, "else": 1, "except": 2, "nested_bonus": 6}, "aggregated": true, "complexity": 13, "correlation_key": "fp|33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "aggregated_count": 1}}}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 42592, "scanner": "repobility-threat-engine", "fingerprint": "a18c0a39c7870997321ddfa1d67a92aec1d41fffb881177acd499bc08f69437b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "temp.update({att: values})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a18c0a39c7870997321ddfa1d67a92aec1d41fffb881177acd499bc08f69437b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 42590, "scanner": "repobility-threat-engine", "fingerprint": "e24711bf4ef006433f4779aad2bf5e0c7b015cb594cb6c74714c77e565d31b75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.head(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e24711bf4ef006433f4779aad2bf5e0c7b015cb594cb6c74714c77e565d31b75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/record.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `registry.kpool.at/kulturpool/development-operations/ci-cd/docker-images/poetry-packaging/poetry-packaging:1.1.1` unpinned"}, "properties": {"repobilityId": 42581, "scanner": "repobility-supply-chain", "fingerprint": "755f958c53b34643f43c8be76be60223a1c58dd3a20914660b34f5853e91f2f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|755f958c53b34643f43c8be76be60223a1c58dd3a20914660b34f5853e91f2f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-to-pypi.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 42580, "scanner": "repobility-supply-chain", "fingerprint": "3318e9ecb94d09badfb9049f4f9c25403a37634467a863ca3c1d4b425613c34c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3318e9ecb94d09badfb9049f4f9c25403a37634467a863ca3c1d4b425613c34c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-to-pypi.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12.9` not pinned by digest"}, "properties": {"repobilityId": 42579, "scanner": "repobility-supply-chain", "fingerprint": "6577b98cd1121fd2e4965754cd8423466058bcbd3b184a6f63db058133fe551d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6577b98cd1121fd2e4965754cd8423466058bcbd3b184a6f63db058133fe551d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".devcontainer/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_rdf_graph` used but never assigned in __init__"}, "properties": {"repobilityId": 42577, "scanner": "repobility-ast-engine", "fingerprint": "b5fb2f040137960ebabe202b902e72fe5f2827c5b3dd3bd03956bbc8724906c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5fb2f040137960ebabe202b902e72fe5f2827c5b3dd3bd03956bbc8724906c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/record.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_rdf_graph` used but never assigned in __init__"}, "properties": {"repobilityId": 42576, "scanner": "repobility-ast-engine", "fingerprint": "326a8a482461b39e8cbaa2b73efa71fb7885d098d28b303de5496847302c0985", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|326a8a482461b39e8cbaa2b73efa71fb7885d098d28b303de5496847302c0985"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/record.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.label` used but never assigned in __init__"}, "properties": {"repobilityId": 42575, "scanner": "repobility-ast-engine", "fingerprint": "0c5a358963eba1e7ce6fb27ade0a19c1c642cd6b6ebaf82e1a769e717ccf92fc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c5a358963eba1e7ce6fb27ade0a19c1c642cd6b6ebaf82e1a769e717ccf92fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/base.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.model_fields` used but never assigned in __init__"}, "properties": {"repobilityId": 42574, "scanner": "repobility-ast-engine", "fingerprint": "3d42611d71de8fafc67393f311bcd43ec964851f1fcba9048f009eef42f8dc9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d42611d71de8fafc67393f311bcd43ec964851f1fcba9048f009eef42f8dc9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/base.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 42573, "scanner": "repobility-ast-engine", "fingerprint": "6b461911b42c1efdd2b60146b308b5a41f8a9db1a72231ef8d1cec2c207db114", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6b461911b42c1efdd2b60146b308b5a41f8a9db1a72231ef8d1cec2c207db114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/edm/enums.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_construct_programmatically"}, "properties": {"repobilityId": 42572, "scanner": "repobility-ast-engine", "fingerprint": "2bd77d84c1621032967722f36268cd2b901101bdff1cbf29e0e736b034eecd1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bd77d84c1621032967722f36268cd2b901101bdff1cbf29e0e736b034eecd1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/parser/test_aggregation_uri_validation.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parse_edm_xml"}, "properties": {"repobilityId": 42571, "scanner": "repobility-ast-engine", "fingerprint": "b83369caa93d00e3d31b7c8a36c9dffdd1ce1bf039d18c9c9348acd528f396bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b83369caa93d00e3d31b7c8a36c9dffdd1ce1bf039d18c9c9348acd528f396bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/parser/test_aggregation_uri_validation.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_parser_empty_element_and_invalid_ref"}, "properties": {"repobilityId": 42570, "scanner": "repobility-ast-engine", "fingerprint": "a26ebfcc4d3537e0895916c710b9b5b49a96ade2420f5ce806b4be2a3aefb406", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a26ebfcc4d3537e0895916c710b9b5b49a96ade2420f5ce806b4be2a3aefb406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/parser/test_parser.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_edm_type_with_lang_raises"}, "properties": {"repobilityId": 42569, "scanner": "repobility-ast-engine", "fingerprint": "34fc3d4d3db00e7e99d870c6ad35824952e4b66504855595d15d79998968fa69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|34fc3d4d3db00e7e99d870c6ad35824952e4b66504855595d15d79998968fa69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/parser/test_parser.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_edm_rights"}, "properties": {"repobilityId": 42568, "scanner": "repobility-ast-engine", "fingerprint": "5cc25cdf46ece65aa674b7359ab71d732bad020fe11526579c49e3cf3065e5ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5cc25cdf46ece65aa674b7359ab71d732bad020fe11526579c49e3cf3065e5ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/parser/test_rights.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_uriref_raises_exception"}, "properties": {"repobilityId": 42567, "scanner": "repobility-ast-engine", "fingerprint": "632985017cb2f19bfed3bb9b1e87249f13fbe615a3d860b36fbbffed88e1b584", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|632985017cb2f19bfed3bb9b1e87249f13fbe615a3d860b36fbbffed88e1b584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_uri_ref.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_edm_type_validation"}, "properties": {"repobilityId": 42566, "scanner": "repobility-ast-engine", "fingerprint": "cbecb228b021a515c870e8f871cae4fc18ea4179a780d31a193b0a83ab76c3d1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbecb228b021a515c870e8f871cae4fc18ea4179a780d31a193b0a83ab76c3d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_classes.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_skos_pref_label_single_missing_tag_raises"}, "properties": {"repobilityId": 42565, "scanner": "repobility-ast-engine", "fingerprint": "53a226135703945e9b1ab9787654e97a74fc832fe6aa5f5caa0beb3552760563", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53a226135703945e9b1ab9787654e97a74fc832fe6aa5f5caa0beb3552760563"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_classes.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_skos_pref_label_multi_none_lang_tags_fail"}, "properties": {"repobilityId": 42564, "scanner": "repobility-ast-engine", "fingerprint": "c76f2bbc11d2c424ad56be01d99f56f7e32d32d212be948d6d02512442fda4e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c76f2bbc11d2c424ad56be01d99f56f7e32d32d212be948d6d02512442fda4e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_classes.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_skos_pref_label"}, "properties": {"repobilityId": 42563, "scanner": "repobility-ast-engine", "fingerprint": "99f79820b4bcc4cb1929056186fcae476fcacb84255b914bab3a1715286c0c9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99f79820b4bcc4cb1929056186fcae476fcacb84255b914bab3a1715286c0c9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_classes.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validation_cho_and_aggregation_id"}, "properties": {"repobilityId": 42562, "scanner": "repobility-ast-engine", "fingerprint": "2e96b9460c5900b9db65ff6f4db2f1681bb4884594d05def565704c598e2bf29", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e96b9460c5900b9db65ff6f4db2f1681bb4884594d05def565704c598e2bf29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_classes.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_providedcho_empty_identifier_raises"}, "properties": {"repobilityId": 42561, "scanner": "repobility-ast-engine", "fingerprint": "2b32c2ee706f432d676834a56deba84c9ceb75d2afd1e5c1c81ef45ad1be3f65", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b32c2ee706f432d676834a56deba84c9ceb75d2afd1e5c1c81ef45ad1be3f65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_providedCHO.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_providedcho_missing_identifier_raises"}, "properties": {"repobilityId": 42560, "scanner": "repobility-ast-engine", "fingerprint": "33277147aacc39f4835b2b81e78d851c147a96214068eb9d78caa6f3b89d385f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33277147aacc39f4835b2b81e78d851c147a96214068eb9d78caa6f3b89d385f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_edm_providedCHO.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_for_invalid_statements"}, "properties": {"repobilityId": 42559, "scanner": "repobility-ast-engine", "fingerprint": "6c0891ee25e78c7b2c855c3e45db1e8970ed70429878b2aa61bff92ef41698b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6c0891ee25e78c7b2c855c3e45db1e8970ed70429878b2aa61bff92ef41698b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_rights.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_for_valid_statements"}, "properties": {"repobilityId": 42558, "scanner": "repobility-ast-engine", "fingerprint": "4264a50406d06781f3db5c0cafed7a513f840979ef7885a581ac55e41d9a5698", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4264a50406d06781f3db5c0cafed7a513f840979ef7885a581ac55e41d9a5698"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/edm/test_rights.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.value` used but never assigned in __init__"}, "properties": {"repobilityId": 42557, "scanner": "repobility-ast-engine", "fingerprint": "dc1e5def91cb4637ff87f3f0d47441501d4aacc89063811e0760c07c1ed4ab12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc1e5def91cb4637ff87f3f0d47441501d4aacc89063811e0760c07c1ed4ab12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/shared_types.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42556, "scanner": "repobility-ast-engine", "fingerprint": "f2766350fd95e0b653c6993b995d27037a76cac4126056b5b47014dd63c08851", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2766350fd95e0b653c6993b995d27037a76cac4126056b5b47014dd63c08851"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 274}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42555, "scanner": "repobility-ast-engine", "fingerprint": "f699afe0c650a6bcbfef76bdf50339898e3796e7c206f050541d67caee28d08d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f699afe0c650a6bcbfef76bdf50339898e3796e7c206f050541d67caee28d08d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42554, "scanner": "repobility-ast-engine", "fingerprint": "5c351a34c981b571555eed886f7f811891849858eedf042fbe9625e48036f59e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c351a34c981b571555eed886f7f811891849858eedf042fbe9625e48036f59e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42553, "scanner": "repobility-ast-engine", "fingerprint": "1e120bbf5a07fb5cc229f5c9ff394c52e2486091c52bd3eab8af94010efa58ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e120bbf5a07fb5cc229f5c9ff394c52e2486091c52bd3eab8af94010efa58ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42552, "scanner": "repobility-ast-engine", "fingerprint": "ca7aafb465c316f2abab8d3c800e1c7655fcfe6a3a4e68dc9ded934b90bb8d8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca7aafb465c316f2abab8d3c800e1c7655fcfe6a3a4e68dc9ded934b90bb8d8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42551, "scanner": "repobility-ast-engine", "fingerprint": "016699b4cbce15ab18844addbd15196e4a671f4da392813c9ec618ce35d388db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|016699b4cbce15ab18844addbd15196e4a671f4da392813c9ec618ce35d388db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 269}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_many_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42550, "scanner": "repobility-ast-engine", "fingerprint": "30d6de279a49c70e752226f7fff458781477e7931e543341fa613a57404ec6df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|30d6de279a49c70e752226f7fff458781477e7931e543341fa613a57404ec6df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 268}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_single_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42549, "scanner": "repobility-ast-engine", "fingerprint": "5ba018ff93ba356f1fea0abd9b4c1da29934b28a7b9328005528d668140ed49f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ba018ff93ba356f1fea0abd9b4c1da29934b28a7b9328005528d668140ed49f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.parse_single_class` used but never assigned in __init__"}, "properties": {"repobilityId": 42548, "scanner": "repobility-ast-engine", "fingerprint": "412a5391ec52fcaaa54db2c0cf7d2d0bd1cb444a530a81f5d222fac638c465be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|412a5391ec52fcaaa54db2c0cf7d2d0bd1cb444a530a81f5d222fac638c465be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 266}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_instance_triples` used but never assigned in __init__"}, "properties": {"repobilityId": 42547, "scanner": "repobility-ast-engine", "fingerprint": "63054d40824590b30f44731f668318c834d2c950e958660e1f15c0f1254a8bc3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63054d40824590b30f44731f668318c834d2c950e958660e1f15c0f1254a8bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_many_ref` used but never assigned in __init__"}, "properties": {"repobilityId": 42546, "scanner": "repobility-ast-engine", "fingerprint": "5795e94d02e954f1cae78c2c9fb100f60d59aa391575946cbaeb565c41dfeb4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5795e94d02e954f1cae78c2c9fb100f60d59aa391575946cbaeb565c41dfeb4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_webresources` used but never assigned in __init__"}, "properties": {"repobilityId": 42545, "scanner": "repobility-ast-engine", "fingerprint": "fa556d7be208fad286a72474b967c6c653efe7e31f9bc0f54f17facb50a20118", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa556d7be208fad286a72474b967c6c653efe7e31f9bc0f54f17facb50a20118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_aggregation` used but never assigned in __init__"}, "properties": {"repobilityId": 42544, "scanner": "repobility-ast-engine", "fingerprint": "ae649fe08ff935026573f2ed700250d6b22abc6b96be493b8625c645a8be4b7e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae649fe08ff935026573f2ed700250d6b22abc6b96be493b8625c645a8be4b7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 236}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_single_ref` used but never assigned in __init__"}, "properties": {"repobilityId": 42543, "scanner": "repobility-ast-engine", "fingerprint": "03674afdf33c022223466ec7d374c14cc1573675cc52d442c4324658b3cbd1f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|03674afdf33c022223466ec7d374c14cc1573675cc52d442c4324658b3cbd1f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_instance_triples` used but never assigned in __init__"}, "properties": {"repobilityId": 42542, "scanner": "repobility-ast-engine", "fingerprint": "9df371cd8e5c90b49d5f7c184923d4e230c056250dfa285f7fef12ab58d506f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9df371cd8e5c90b49d5f7c184923d4e230c056250dfa285f7fef12ab58d506f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.get_many_ref` used but never assigned in __init__"}, "properties": {"repobilityId": 42541, "scanner": "repobility-ast-engine", "fingerprint": "3214c6070db7e269ce36a6552909d39af014e178c79c04a89f27ac5ee9b95981", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3214c6070db7e269ce36a6552909d39af014e178c79c04a89f27ac5ee9b95981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "edmlib/parser.py"}, "region": {"startLine": 138}}}]}]}]}