{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@tanstack/react-query` is minor version(s) behind (^5.100.11 -> 5.101.0)", "shortDescription": {"text": "npm package `@tanstack/react-query` is minor version(s) behind (^5.100.11 -> 5.101.0)"}, "fullDescription": {"text": "`@tanstack/react-query` is pinned/resolved at ^5.100.11 but the latest stable release on the npm registry is 5.101.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 10 more): Same pattern found in 10 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0098", "name": "unic-ucd-version: RUSTSEC-2025-0098", "shortDescription": {"text": "unic-ucd-version: RUSTSEC-2025-0098"}, "fullDescription": {"text": "`unic-ucd-version` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0100", "name": "unic-ucd-ident: RUSTSEC-2025-0100", "shortDescription": {"text": "unic-ucd-ident: RUSTSEC-2025-0100"}, "fullDescription": {"text": "`unic-ucd-ident` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0080", "name": "unic-common: RUSTSEC-2025-0080", "shortDescription": {"text": "unic-common: RUSTSEC-2025-0080"}, "fullDescription": {"text": "`unic-common` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0075", "name": "unic-char-range: RUSTSEC-2025-0075", "shortDescription": {"text": "unic-char-range: RUSTSEC-2025-0075"}, "fullDescription": {"text": "`unic-char-range` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0081", "name": "unic-char-property: RUSTSEC-2025-0081", "shortDescription": {"text": "unic-char-property: RUSTSEC-2025-0081"}, "fullDescription": {"text": "`unic-char-property` is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2023-0071", "name": "rsa: RUSTSEC-2023-0071", "shortDescription": {"text": "rsa: RUSTSEC-2023-0071"}, "fullDescription": {"text": "Marvin Attack: potential key recovery through timing sidechannels"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0370", "name": "proc-macro-error: RUSTSEC-2024-0370", "shortDescription": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "fullDescription": {"text": "proc-macro-error is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0419", "name": "gtk3-macros: RUSTSEC-2024-0419", "shortDescription": {"text": "gtk3-macros: RUSTSEC-2024-0419"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0420", "name": "gtk-sys: RUSTSEC-2024-0420", "shortDescription": {"text": "gtk-sys: RUSTSEC-2024-0420"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0415", "name": "gtk: RUSTSEC-2024-0415", "shortDescription": {"text": "gtk: RUSTSEC-2024-0415"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0429", "name": "glib: RUSTSEC-2024-0429", "shortDescription": {"text": "glib: RUSTSEC-2024-0429"}, "fullDescription": {"text": "Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0414", "name": "gdkx11-sys: RUSTSEC-2024-0414", "shortDescription": {"text": "gdkx11-sys: RUSTSEC-2024-0414"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0417", "name": "gdkx11: RUSTSEC-2024-0417", "shortDescription": {"text": "gdkx11: RUSTSEC-2024-0417"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0411", "name": "gdkwayland-sys: RUSTSEC-2024-0411", "shortDescription": {"text": "gdkwayland-sys: RUSTSEC-2024-0411"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0418", "name": "gdk-sys: RUSTSEC-2024-0418", "shortDescription": {"text": "gdk-sys: RUSTSEC-2024-0418"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0412", "name": "gdk: RUSTSEC-2024-0412", "shortDescription": {"text": "gdk: RUSTSEC-2024-0412"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0416", "name": "atk-sys: RUSTSEC-2024-0416", "shortDescription": {"text": "atk-sys: RUSTSEC-2024-0416"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0413", "name": "atk: RUSTSEC-2024-0413", "shortDescription": {"text": "atk: RUSTSEC-2024-0413"}, "fullDescription": {"text": "gtk-rs GTK3 bindings - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC027", "name": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not config", "shortDescription": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "fullDescription": {"text": "Pass `noent: false` to libxmljs. Avoid xml2js or pass explicit secure config. Prefer parsers that don't expand external entities at all."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CACHIX_AUTH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1055"}, "properties": {"repository": "chiriapp/chiri", "repoUrl": "https://github.com/chiriapp/chiri", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 103539, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 103538, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 103510, "scanner": "repobility-threat-engine", "fingerprint": "0bc879fbd7a9759696a371fa79879c4cd52cf193816897ae30a5eb6397577cde", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bc879fbd7a9759696a371fa79879c4cd52cf193816897ae30a5eb6397577cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/ui/usePreserveScrollOnWindowFocus.ts"}, "region": {"startLine": 134}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 103501, "scanner": "repobility-threat-engine", "fingerprint": "757a41f3a210174f253c7f0aeeba18afa1b9786fe8d95a476d843a475b4c8ab0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"user@example.com\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|757a41f3a210174f253c7f0aeeba18afa1b9786fe8d95a476d843a475b4c8ab0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/AccountModal/CredentialsForm.tsx"}, "region": {"startLine": 206}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 103482, "scanner": "repobility-agent-runtime", "fingerprint": "389704fdd42912a7daee06e82008a3fbd9288669401633f2da919eba7fa9b42e", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|389704fdd42912a7daee06e82008a3fbd9288669401633f2da919eba7fa9b42e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/notifications/snoozes.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 103481, "scanner": "repobility-agent-runtime", "fingerprint": "1c609fa2c61153910a7f6c5e01af34570b7079c113313722b3da46329a1ba34e", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|1c609fa2c61153910a7f6c5e01af34570b7079c113313722b3da46329a1ba34e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/RepeatModal.tsx"}, "region": {"startLine": 164}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 103537, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 103536, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 103535, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 103534, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@tanstack/react-query` is minor version(s) behind (^5.100.11 -> 5.101.0)"}, "properties": {"repobilityId": 103477, "scanner": "repobility-dependency-currency", "fingerprint": "ded6f0c7f2bf4f69456129b7ad036c11828b0ec6f2fee67385a7e164291ad204", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tanstack/react-query", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.101.0", "correlation_key": "fp|ded6f0c7f2bf4f69456129b7ad036c11828b0ec6f2fee67385a7e164291ad204", "current_version": "^5.100.11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d40558b48872eff6c63aea67abe4e2c1331b5510c1d41a5d7f2c983e0d701e9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/context/settingsContext.ts", "duplicate_line": 6, "correlation_key": "fp|d40558b48872eff6c63aea67abe4e2c1331b5510c1d41a5d7f2c983e0d701e9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/providers/SettingsProvider.tsx"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103442, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2754c784124db4c7b577e727667f1891499bde0852274b6552baadd608eda2b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/database/filters.ts", "duplicate_line": 35, "correlation_key": "fp|a2754c784124db4c7b577e727667f1891499bde0852274b6552baadd608eda2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/store/savedFilters.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103441, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37f2f9437129f2ec035cf7527d9bf110e7e581e95c214d0c67e8271f080d7b17", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/database/ui.ts", "duplicate_line": 22, "correlation_key": "fp|37f2f9437129f2ec035cf7527d9bf110e7e581e95c214d0c67e8271f080d7b17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/store/index.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103440, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd17990600729c8b80d2b53cca50bda4dfa0a6efdf8f0633cad98e899c06522f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/hooks/ui/useKeyboardShortcuts.ts", "duplicate_line": 195, "correlation_key": "fp|bd17990600729c8b80d2b53cca50bda4dfa0a6efdf8f0633cad98e899c06522f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/useMenuHandlers.ts"}, "region": {"startLine": 215}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103439, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e049293a1f388b5e8b589bcbb636f97bd6fd6fb7431b784b2ad9174d86142150", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/hooks/ui/useSidebarResize.ts", "duplicate_line": 10, "correlation_key": "fp|e049293a1f388b5e8b589bcbb636f97bd6fd6fb7431b784b2ad9174d86142150"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/ui/useTaskEditorResize.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103438, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b6014c582ec3207ce16b44162a72715be0f77c086def31abec417e3eb6626e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarFiltersList.tsx", "duplicate_line": 63, "correlation_key": "fp|2b6014c582ec3207ce16b44162a72715be0f77c086def31abec417e3eb6626e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarTagsList.tsx"}, "region": {"startLine": 100}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81091ac1c02cb13a1813bc74066380794cfa05096acba5323bef70a1c5e99ec1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarAccountsList.tsx", "duplicate_line": 1, "correlation_key": "fp|81091ac1c02cb13a1813bc74066380794cfa05096acba5323bef70a1c5e99ec1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarTagsList.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "646b445e433a69de77361a9ad15348e03012d08aa890faa52f7e77a4347ce658", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarCalendarItem.tsx", "duplicate_line": 36, "correlation_key": "fp|646b445e433a69de77361a9ad15348e03012d08aa890faa52f7e77a4347ce658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarTagItem.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2b7c748a9a950fcc11dc9234ad83d0a37c7a2fed02f8078812bb3aba7f1dda7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarFilterItem.tsx", "duplicate_line": 35, "correlation_key": "fp|c2b7c748a9a950fcc11dc9234ad83d0a37c7a2fed02f8078812bb3aba7f1dda7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarTagItem.tsx"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b499c871b3aecf5da461ee085db0cab4eb4a6f4eae8d025bc307c687d28cf3f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarAccountsSortMenu.tsx", "duplicate_line": 34, "correlation_key": "fp|b499c871b3aecf5da461ee085db0cab4eb4a6f4eae8d025bc307c687d28cf3f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarLocalSortMenu.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83680ae40fa67496c9dfae82130b6ae3c19fb750fcd9270a3fcf27546f1d2cec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarAccountsList.tsx", "duplicate_line": 135, "correlation_key": "fp|83680ae40fa67496c9dfae82130b6ae3c19fb750fcd9270a3fcf27546f1d2cec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarLocalList.tsx"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c059f54941a454c05b9777e937bb13c69e2aed67d08281a5adc9fd0f1f589f3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarFiltersList.tsx", "duplicate_line": 74, "correlation_key": "fp|c059f54941a454c05b9777e937bb13c69e2aed67d08281a5adc9fd0f1f589f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarLocalList.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "747ec390f208ec027b648bbc9d000939fa48b4e512618503127c73c682451f4f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarAccountsList.tsx", "duplicate_line": 92, "correlation_key": "fp|747ec390f208ec027b648bbc9d000939fa48b4e512618503127c73c682451f4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarFiltersList.tsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "461a641cd6eebdc064904ee2979d0ca61e056e9daa5452555d189c219b5f4821", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarCalendarItem.tsx", "duplicate_line": 36, "correlation_key": "fp|461a641cd6eebdc064904ee2979d0ca61e056e9daa5452555d189c219b5f4821"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarFilterItem.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a799bfa05b811516b164650d1e6abbf5794e6c87ed7181a61d48f95845fc1c65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/sidebar/SidebarAccountsList.tsx", "duplicate_line": 92, "correlation_key": "fp|a799bfa05b811516b164650d1e6abbf5794e6c87ed7181a61d48f95845fc1c65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/sidebar/SidebarCalendarList.tsx"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f03a39805c1c0a44d82112f36330effd10f2c70a2b40e932a7ab2d255c72a9ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/modals/OnboardingModal/AppearanceSettings.tsx", "duplicate_line": 13, "correlation_key": "fp|f03a39805c1c0a44d82112f36330effd10f2c70a2b40e932a7ab2d255c72a9ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/settings/LookAndFeelSettings.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9431c07597084748bac120b3a76776b92251104d923ce9b719422df1ec94ecf5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/settings/BadgesSettings/BadgesSettingsSortableBadges.tsx", "duplicate_line": 25, "correlation_key": "fp|9431c07597084748bac120b3a76776b92251104d923ce9b719422df1ec94ecf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/settings/EditorSettings/EditorSettingsSortableFields.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cff14d280b110cef0937e549f01bbce79a67fd938144bcc071b504eb5182a5fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/modals/CalendarModal.tsx", "duplicate_line": 216, "correlation_key": "fp|cff14d280b110cef0937e549f01bbce79a67fd938144bcc071b504eb5182a5fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/TagModal.tsx"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7017d6bea733b54d3602e8ef0fd003f9ffd07b7fe30ec65e39b46c958800faf4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/modals/DatePickerModal.tsx", "duplicate_line": 1, "correlation_key": "fp|7017d6bea733b54d3602e8ef0fd003f9ffd07b7fe30ec65e39b46c958800faf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/ReminderPickerModal.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4aa74eb57d483df8646610840d1a07aa857a41d2199ee0717a7259c3bc54fc4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/modals/CalendarModal.tsx", "duplicate_line": 216, "correlation_key": "fp|b4aa74eb57d483df8646610840d1a07aa857a41d2199ee0717a7259c3bc54fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/FilterModal.tsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 103423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3c05a840fdae6f2d2f0d685d4b00dd903b89cb47b030e0534c986543b75a94d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src-tauri/src/schema/v001_initial_tables.rs", "duplicate_line": 33, "correlation_key": "fp|3c05a840fdae6f2d2f0d685d4b00dd903b89cb47b030e0534c986543b75a94d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/schema/v002_nullable_account_calendar.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 103506, "scanner": "repobility-threat-engine", "fingerprint": "abb1a4037e99975aeaacf049e3d0d268c91a27d2bcc88305dff18b9b449118e4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|abb1a4037e99975aeaacf049e3d0d268c91a27d2bcc88305dff18b9b449118e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/UpdateModal.tsx"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 103505, "scanner": "repobility-threat-engine", "fingerprint": "b15288feb5ca2fbdd3dda5932578e6ddadd92ef4b3328d4e067bfeeaa67a815e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b15288feb5ca2fbdd3dda5932578e6ddadd92ef4b3328d4e067bfeeaa67a815e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/ChangelogModal.tsx"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 103504, "scanner": "repobility-threat-engine", "fingerprint": "d09fca8fccb546855b6cfc46dd251416bc207838ad551c1a165233e098c89c9b", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|src/utils/misc.ts|2|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/misc.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 103503, "scanner": "repobility-threat-engine", "fingerprint": "8c1ca5887e9d61121a2536048a1b977091f3a2b313717cbb9e21ff9ebd8140d6", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|163|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/CalendarModal.tsx"}, "region": {"startLine": 163}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 103502, "scanner": "repobility-threat-engine", "fingerprint": "6ed44ffc73b2816228d18b41bd5fe6ac062e16d427f26bfceccb78d63f1b69d3", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|49|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/AccountModal/FastmailOAuthStep.tsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 103500, "scanner": "repobility-threat-engine", "fingerprint": "f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f5f0ee0407b51d0ac20b895b10fb0fb2d25d496c71c3de2200e03e778c4fe3f2", "aggregated_count": 2}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 103499, "scanner": "repobility-threat-engine", "fingerprint": "f3960000787cf67a3a60c80c584b049a5a32aef256e0f7f050438752b907a46b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f3960000787cf67a3a60c80c584b049a5a32aef256e0f7f050438752b907a46b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/system/useAutostart.ts"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 103498, "scanner": "repobility-threat-engine", "fingerprint": "aa79afe481424d3ad34fb4f760a62aba3926bf0bee41b4cd70933d58559e03f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aa79afe481424d3ad34fb4f760a62aba3926bf0bee41b4cd70933d58559e03f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/OnboardingModal/RegionTimeSettings.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 103497, "scanner": "repobility-threat-engine", "fingerprint": "62b8a4339bab4f8014a895e3ef86dc7230667b54d6d942f708d3537826217d1c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62b8a4339bab4f8014a895e3ef86dc7230667b54d6d942f708d3537826217d1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/MacNotificationPermissionCard.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 103496, "scanner": "repobility-threat-engine", "fingerprint": "0f70dcb830f007110a79342e3f81eda77503ccc94f6c49e7c60c391ea17cb0cb", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0f70dcb830f007110a79342e3f81eda77503ccc94f6c49e7c60c391ea17cb0cb"}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 103492, "scanner": "repobility-threat-engine", "fingerprint": "4e412bf576271f452d8d53a380314293ad150630a073e041a292c54ddebe44eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4e412bf576271f452d8d53a380314293ad150630a073e041a292c54ddebe44eb", "aggregated_count": 2}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 103491, "scanner": "repobility-threat-engine", "fingerprint": "2848e8b923d9123f6afd95c5ed03cf3de420f3a4233af93e5fa7e1347d021aa9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2848e8b923d9123f6afd95c5ed03cf3de420f3a4233af93e5fa7e1347d021aa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/macos/menu.rs"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 103490, "scanner": "repobility-threat-engine", "fingerprint": "10775ffb4121aad20b997b6d91ff88b436eb806a68735a37d715390a78ee8053", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10775ffb4121aad20b997b6d91ff88b436eb806a68735a37d715390a78ee8053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/macos/login_item.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 103489, "scanner": "repobility-threat-engine", "fingerprint": "b72563f1eb528e61bf7e7730342a4b8287ba7b3b6a1a3a001930f20a61e25177", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b72563f1eb528e61bf7e7730342a4b8287ba7b3b6a1a3a001930f20a61e25177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/macos/app_nap.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 103488, "scanner": "repobility-threat-engine", "fingerprint": "6f69cc40d8227b472365c7f435e303c9d04aeb0b259aea4312d1580183ecc23b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6f69cc40d8227b472365c7f435e303c9d04aeb0b259aea4312d1580183ecc23b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/app/mod.rs"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 103487, "scanner": "repobility-threat-engine", "fingerprint": "53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|53d0d55f0ce05bf89db2db74d074a0af0d2e2f55e7abb4083cb8de8c90e785f6", "aggregated_count": 7}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 103486, "scanner": "repobility-threat-engine", "fingerprint": "347b342002c0c7d86383004d720d97400c611fcdb9916672b85ea8a332a16535", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|347b342002c0c7d86383004d720d97400c611fcdb9916672b85ea8a332a16535"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/ImportModal/FileUploadStep.tsx"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 103485, "scanner": "repobility-threat-engine", "fingerprint": "ef0a674c743eb89ca70a57272841e41d7c95b124cf560c84609dde9e65e3f11c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef0a674c743eb89ca70a57272841e41d7c95b124cf560c84609dde9e65e3f11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/AccountModal/QuickConnectFlow.tsx"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 103484, "scanner": "repobility-threat-engine", "fingerprint": "40efa78b8abc40f4a52852f17d914635bd6357a966e44765a278c932a29cf8ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40efa78b8abc40f4a52852f17d914635bd6357a966e44765a278c932a29cf8ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/native/macos/AppMenu.m"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 103483, "scanner": "repobility-threat-engine", "fingerprint": "d026f008b48f76aa8d55fd9a3a550733e9904ca5693ae91ad8ce1ed296b4720a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d026f008b48f76aa8d55fd9a3a550733e9904ca5693ae91ad8ce1ed296b4720a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/build.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@vitest/coverage-v8` is patch version(s) behind (^4.1.7 -> 4.1.8)"}, "properties": {"repobilityId": 103480, "scanner": "repobility-dependency-currency", "fingerprint": "bebf9a75432f2da6de37887675c4b6268093efbb04f34c34562b4b8fad1b0ed6", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitest/coverage-v8", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.1.8", "correlation_key": "fp|bebf9a75432f2da6de37887675c4b6268093efbb04f34c34562b4b8fad1b0ed6", "current_version": "^4.1.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@biomejs/biome` is patch version(s) behind (2.4.15 -> 2.4.16)"}, "properties": {"repobilityId": 103479, "scanner": "repobility-dependency-currency", "fingerprint": "6d51f285fc0c0dc98b04b59a0bb71702b33a40de7608849d51b1da755fd55b0c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@biomejs/biome", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.4.16", "correlation_key": "fp|6d51f285fc0c0dc98b04b59a0bb71702b33a40de7608849d51b1da755fd55b0c", "current_version": "2.4.15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `marked` is patch version(s) behind (^18.0.4 -> 18.0.5)"}, "properties": {"repobilityId": 103478, "scanner": "repobility-dependency-currency", "fingerprint": "b93ad92f1a2846ca6e24308d9c6cefd765a31c525cdf16bb87f8a80d2ecbfadb", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "marked", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "18.0.5", "correlation_key": "fp|b93ad92f1a2846ca6e24308d9c6cefd765a31c525cdf16bb87f8a80d2ecbfadb", "current_version": "^18.0.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0098", "level": "error", "message": {"text": "unic-ucd-version: RUSTSEC-2025-0098"}, "properties": {"repobilityId": 103533, "scanner": "osv-scanner", "fingerprint": "4591b2e40fb625ee960e40b825e792320d36cc2b67f21cf95d9380adf1051c2a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-ucd-version", "rule_id": "RUSTSEC-2025-0098", "scanner": "osv-scanner", "correlation_key": "fp|4591b2e40fb625ee960e40b825e792320d36cc2b67f21cf95d9380adf1051c2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0100", "level": "error", "message": {"text": "unic-ucd-ident: RUSTSEC-2025-0100"}, "properties": {"repobilityId": 103532, "scanner": "osv-scanner", "fingerprint": "8f0570f29425dacdaa9e6997abb4528c66840a88120ce791b63b3604083abd9c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-ucd-ident", "rule_id": "RUSTSEC-2025-0100", "scanner": "osv-scanner", "correlation_key": "fp|8f0570f29425dacdaa9e6997abb4528c66840a88120ce791b63b3604083abd9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0080", "level": "error", "message": {"text": "unic-common: RUSTSEC-2025-0080"}, "properties": {"repobilityId": 103531, "scanner": "osv-scanner", "fingerprint": "cf1566186549b3fdb16dd0298d40269c1157ccf6913d429e78a96348713d29af", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-common", "rule_id": "RUSTSEC-2025-0080", "scanner": "osv-scanner", "correlation_key": "fp|cf1566186549b3fdb16dd0298d40269c1157ccf6913d429e78a96348713d29af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0075", "level": "error", "message": {"text": "unic-char-range: RUSTSEC-2025-0075"}, "properties": {"repobilityId": 103530, "scanner": "osv-scanner", "fingerprint": "1739c48acc4fb0c76651621d921bf8f5d82aa101e665c4cebb325e7fc5351f98", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-char-range", "rule_id": "RUSTSEC-2025-0075", "scanner": "osv-scanner", "correlation_key": "fp|1739c48acc4fb0c76651621d921bf8f5d82aa101e665c4cebb325e7fc5351f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0081", "level": "error", "message": {"text": "unic-char-property: RUSTSEC-2025-0081"}, "properties": {"repobilityId": 103529, "scanner": "osv-scanner", "fingerprint": "c4282273c2e617677882e3ba89a689c44b5af66009047606a9897a5334f5009f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "unic-char-property", "rule_id": "RUSTSEC-2025-0081", "scanner": "osv-scanner", "correlation_key": "fp|c4282273c2e617677882e3ba89a689c44b5af66009047606a9897a5334f5009f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2023-0071", "level": "error", "message": {"text": "rsa: RUSTSEC-2023-0071"}, "properties": {"repobilityId": 103528, "scanner": "osv-scanner", "fingerprint": "963e266217c64e4b6adfce0fbd2a173e4fb6cd324d6917e2e683a597d7672679", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-49092", "GHSA-4grx-2x9w-596c", "GHSA-c38w-74pg-36hr"], "package": "rsa", "rule_id": "RUSTSEC-2023-0071", "scanner": "osv-scanner", "correlation_key": "vuln|rsa|CVE-2023-49092|src-tauri/cargo.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0370", "level": "error", "message": {"text": "proc-macro-error: RUSTSEC-2024-0370"}, "properties": {"repobilityId": 103527, "scanner": "osv-scanner", "fingerprint": "a946e591a9b106b829dadcf373416f107496dfa41f7c884a9eb5fe91c9d29303", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "proc-macro-error", "rule_id": "RUSTSEC-2024-0370", "scanner": "osv-scanner", "correlation_key": "fp|a946e591a9b106b829dadcf373416f107496dfa41f7c884a9eb5fe91c9d29303"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 103526, "scanner": "osv-scanner", "fingerprint": "15430abc114bd39fb445d4755d2c4465106313ff59dfe71c606e6042f261651f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|15430abc114bd39fb445d4755d2c4465106313ff59dfe71c606e6042f261651f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0419", "level": "error", "message": {"text": "gtk3-macros: RUSTSEC-2024-0419"}, "properties": {"repobilityId": 103525, "scanner": "osv-scanner", "fingerprint": "d8ee85a3b65ad6c236b3364acf37a3cfd71b634b2985e8950d4f12a8333c55f1", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk3-macros", "rule_id": "RUSTSEC-2024-0419", "scanner": "osv-scanner", "correlation_key": "fp|d8ee85a3b65ad6c236b3364acf37a3cfd71b634b2985e8950d4f12a8333c55f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0420", "level": "error", "message": {"text": "gtk-sys: RUSTSEC-2024-0420"}, "properties": {"repobilityId": 103524, "scanner": "osv-scanner", "fingerprint": "dad86a91b845630df60b3887105019f56ecd59f393a19c2c1074882dd9246bae", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk-sys", "rule_id": "RUSTSEC-2024-0420", "scanner": "osv-scanner", "correlation_key": "fp|dad86a91b845630df60b3887105019f56ecd59f393a19c2c1074882dd9246bae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0415", "level": "error", "message": {"text": "gtk: RUSTSEC-2024-0415"}, "properties": {"repobilityId": 103523, "scanner": "osv-scanner", "fingerprint": "f102cf6e31e88a89b5a7648432a15d8a74707411923c47fc595f726f53ddfb0b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gtk", "rule_id": "RUSTSEC-2024-0415", "scanner": "osv-scanner", "correlation_key": "fp|f102cf6e31e88a89b5a7648432a15d8a74707411923c47fc595f726f53ddfb0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0429", "level": "error", "message": {"text": "glib: RUSTSEC-2024-0429"}, "properties": {"repobilityId": 103522, "scanner": "osv-scanner", "fingerprint": "8e0b636579d6db65e04362a1f3db943898fb031f730dee047014d614ae23b5fc", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["GHSA-wrw7-89jp-8q8g"], "package": "glib", "rule_id": "RUSTSEC-2024-0429", "scanner": "osv-scanner", "correlation_key": "vuln|glib|GHSA-WRW7-89JP-8Q8G|src-tauri/cargo.lock", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wrw7-89jp-8q8g", "RUSTSEC-2024-0429"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["826f4ecf79dcb0900caa385023eb415e1dba3bdf8882d696e28b92157187682c", "8e0b636579d6db65e04362a1f3db943898fb031f730dee047014d614ae23b5fc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0414", "level": "error", "message": {"text": "gdkx11-sys: RUSTSEC-2024-0414"}, "properties": {"repobilityId": 103521, "scanner": "osv-scanner", "fingerprint": "27f1934e9fe558a2814aaff63453589136512213166126accd0c2531b2b97835", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkx11-sys", "rule_id": "RUSTSEC-2024-0414", "scanner": "osv-scanner", "correlation_key": "fp|27f1934e9fe558a2814aaff63453589136512213166126accd0c2531b2b97835"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0417", "level": "error", "message": {"text": "gdkx11: RUSTSEC-2024-0417"}, "properties": {"repobilityId": 103520, "scanner": "osv-scanner", "fingerprint": "f16c1876bd0ffe066d75b65d29d76013f2e0219f210745aca412690ca99e87c4", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkx11", "rule_id": "RUSTSEC-2024-0417", "scanner": "osv-scanner", "correlation_key": "fp|f16c1876bd0ffe066d75b65d29d76013f2e0219f210745aca412690ca99e87c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0411", "level": "error", "message": {"text": "gdkwayland-sys: RUSTSEC-2024-0411"}, "properties": {"repobilityId": 103519, "scanner": "osv-scanner", "fingerprint": "688438bed907f5016369a5e2c578bec7dec4f38e36787e18ddda72dbbf691231", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdkwayland-sys", "rule_id": "RUSTSEC-2024-0411", "scanner": "osv-scanner", "correlation_key": "fp|688438bed907f5016369a5e2c578bec7dec4f38e36787e18ddda72dbbf691231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0418", "level": "error", "message": {"text": "gdk-sys: RUSTSEC-2024-0418"}, "properties": {"repobilityId": 103518, "scanner": "osv-scanner", "fingerprint": "62aab3b0b3810a34f98414e6c9fbd4d8f5dd932560fbd65bf83ea39855accee5", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdk-sys", "rule_id": "RUSTSEC-2024-0418", "scanner": "osv-scanner", "correlation_key": "fp|62aab3b0b3810a34f98414e6c9fbd4d8f5dd932560fbd65bf83ea39855accee5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0412", "level": "error", "message": {"text": "gdk: RUSTSEC-2024-0412"}, "properties": {"repobilityId": 103517, "scanner": "osv-scanner", "fingerprint": "1ecbb5078ce8fd77234ed2090991d9019ba0fe27a152aeb065d47f60bfdbfdd7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "gdk", "rule_id": "RUSTSEC-2024-0412", "scanner": "osv-scanner", "correlation_key": "fp|1ecbb5078ce8fd77234ed2090991d9019ba0fe27a152aeb065d47f60bfdbfdd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0416", "level": "error", "message": {"text": "atk-sys: RUSTSEC-2024-0416"}, "properties": {"repobilityId": 103516, "scanner": "osv-scanner", "fingerprint": "e301b4bb4ad1df05f65fe1129121a3948e2fabee67a093f743d77a26f68e5e6b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atk-sys", "rule_id": "RUSTSEC-2024-0416", "scanner": "osv-scanner", "correlation_key": "fp|e301b4bb4ad1df05f65fe1129121a3948e2fabee67a093f743d77a26f68e5e6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0413", "level": "error", "message": {"text": "atk: RUSTSEC-2024-0413"}, "properties": {"repobilityId": 103515, "scanner": "osv-scanner", "fingerprint": "efd9e04c6a947d85144a0f1407b4998bb55c41af8020d9b8dd1b9b64c4b66b3b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "atk", "rule_id": "RUSTSEC-2024-0413", "scanner": "osv-scanner", "correlation_key": "fp|efd9e04c6a947d85144a0f1407b4998bb55c41af8020d9b8dd1b9b64c4b66b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 103513, "scanner": "repobility-threat-engine", "fingerprint": "4f10aa55427b981230630c107904248199d7c66cb115d776aad0b44a56144bd9", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([k, v]) => `${k}=${v}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4f10aa55427b981230630c107904248199d7c66cb115d776aad0b44a56144bd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/recurrence.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 103512, "scanner": "repobility-threat-engine", "fingerprint": "535bc734291ab8963c6477e31c7f0d019f96bdf178e739076867399b6b2031be", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((part) => `${part.charAt(0).toUpperCase()}${part.slice(1).toLowerCase()}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|535bc734291ab8963c6477e31c7f0d019f96bdf178e739076867399b6b2031be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/platform.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC027", "level": "error", "message": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "properties": {"repobilityId": 103511, "scanner": "repobility-threat-engine", "fingerprint": "59631afb290a43d0870c25dfdf065c9772f994572b6d213a2a7d12e653d54cde", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new DOMParser()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC027", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|59631afb290a43d0870c25dfdf065c9772f994572b6d213a2a7d12e653d54cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/mobileconfig.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 103509, "scanner": "repobility-threat-engine", "fingerprint": "537e7c8bf58e8035162268126431bf3fde7eb6fc411d3ea5a66351814bef7517", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.activeToastIds.delete(groupKey);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|537e7c8bf58e8035162268126431bf3fde7eb6fc411d3ea5a66351814bef7517"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/ui/useToast.ts"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 103508, "scanner": "repobility-threat-engine", "fingerprint": "0abd474a55ddc52c217fbcd8d4457fd2e540bd6b45586ac9fd292cecf23190be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "notifiedReminders.delete(key);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0abd474a55ddc52c217fbcd8d4457fd2e540bd6b45586ac9fd292cecf23190be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/system/useNotifications.ts"}, "region": {"startLine": 182}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 103507, "scanner": "repobility-threat-engine", "fingerprint": "a9990e0c18d7785d75b871c04a7081159aa06e095a060f608437595047c8930f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "next.delete(account.id);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a9990e0c18d7785d75b871c04a7081159aa06e095a060f608437595047c8930f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/settings/ConnectionSettings/ConnectionsSettings.tsx"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 103495, "scanner": "repobility-threat-engine", "fingerprint": "9c2322c34d4e98e6f019b261389d38bbcffb0e99e275484d7333c7a11c1447b1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c2322c34d4e98e6f019b261389d38bbcffb0e99e275484d7333c7a11c1447b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/AccountModal/CredentialsForm.tsx"}, "region": {"startLine": 168}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 103494, "scanner": "repobility-threat-engine", "fingerprint": "68a64ef63f873be1c30fd093893bc72baa9afaf5e6bfcf692f0b65c10f47fde7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|68a64ef63f873be1c30fd093893bc72baa9afaf5e6bfcf692f0b65c10f47fde7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/modals/AccountModal/AdvancedSection.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 103493, "scanner": "repobility-threat-engine", "fingerprint": "28e79c74e89c4024c7cc1746f20f9ef8322563c9629a45e1d9139d641f1c707b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|28e79c74e89c4024c7cc1746f20f9ef8322563c9629a45e1d9139d641f1c707b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/ErrorBoundary.tsx"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 103476, "scanner": "repobility-supply-chain", "fingerprint": "75b94e16378a20c5c06f7a4a225168a191ebb1d1105827cc033ac99bff145f3d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75b94e16378a20c5c06f7a4a225168a191ebb1d1105827cc033ac99bff145f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 103475, "scanner": "repobility-supply-chain", "fingerprint": "17d9b10c0c943af2adb025708b49ad267562e40638472545ed45c2c68cf7c12e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|17d9b10c0c943af2adb025708b49ad267562e40638472545ed45c2c68cf7c12e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 103474, "scanner": "repobility-supply-chain", "fingerprint": "4413c1068845a916bc1cd96781ecd94d3a5f8fc9bb22553cf5343cbbb836b673", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4413c1068845a916bc1cd96781ecd94d3a5f8fc9bb22553cf5343cbbb836b673"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `tauri-apps/tauri-action` pinned to mutable ref `@v0`"}, "properties": {"repobilityId": 103473, "scanner": "repobility-supply-chain", "fingerprint": "7546f97d88931cb1805fd0f3a55ce73739a4a86050fcbcc79fa5a173f8c168cb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7546f97d88931cb1805fd0f3a55ce73739a4a86050fcbcc79fa5a173f8c168cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 103472, "scanner": "repobility-supply-chain", "fingerprint": "b34d8e609746d647f2f8b00378f5326e820eb75403043479a23e1dda715cebd9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b34d8e609746d647f2f8b00378f5326e820eb75403043479a23e1dda715cebd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 103471, "scanner": "repobility-supply-chain", "fingerprint": "f6569d74ac907c6c77c08b09348e5cec276cf70bda8d5422e094ffd5f3d5fdc4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6569d74ac907c6c77c08b09348e5cec276cf70bda8d5422e094ffd5f3d5fdc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pnpm/action-setup` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103470, "scanner": "repobility-supply-chain", "fingerprint": "01d0774be2e98cbc9fd5e0f7a3d18e5e08ea60013efc61a2487d7991f9dd8e86", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01d0774be2e98cbc9fd5e0f7a3d18e5e08ea60013efc61a2487d7991f9dd8e86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103469, "scanner": "repobility-supply-chain", "fingerprint": "aed6a229b88101e3708e522491fab5b4a3c838d28457e4ca6e2e67b150395539", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aed6a229b88101e3708e522491fab5b4a3c838d28457e4ca6e2e67b150395539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103468, "scanner": "repobility-supply-chain", "fingerprint": "54f9a335e0b5ffea6eefbe90480058f8fbf0941878c20e8df87f58204609ed63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|54f9a335e0b5ffea6eefbe90480058f8fbf0941878c20e8df87f58204609ed63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 103465, "scanner": "repobility-supply-chain", "fingerprint": "e9149656ee3c3ad77794ddf0c66cf65d284067a28758cc533ad4f2aa203fdb2e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e9149656ee3c3ad77794ddf0c66cf65d284067a28758cc533ad4f2aa203fdb2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v25`"}, "properties": {"repobilityId": 103464, "scanner": "repobility-supply-chain", "fingerprint": "7da4933a9caf1060e4a1e1d79a3e8f4dba26978081858802a9f2f5fb6868c483", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7da4933a9caf1060e4a1e1d79a3e8f4dba26978081858802a9f2f5fb6868c483"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration.yml"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103463, "scanner": "repobility-supply-chain", "fingerprint": "250ef3084d52d4dbbfafd3c4b0bda71623fc343e7d941b059abe0ccdb42749f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|250ef3084d52d4dbbfafd3c4b0bda71623fc343e7d941b059abe0ccdb42749f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration.yml"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 103462, "scanner": "repobility-supply-chain", "fingerprint": "cb2c50a844a30d8b74022f2d4df9acf30d1eec01fa02358885de73424caffa77", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb2c50a844a30d8b74022f2d4df9acf30d1eec01fa02358885de73424caffa77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/post-release.yml"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v25`"}, "properties": {"repobilityId": 103461, "scanner": "repobility-supply-chain", "fingerprint": "1476412a9835d7a7cd02d8b779f4a3dcd2dfd7b491b8f59ea3f54043544de080", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1476412a9835d7a7cd02d8b779f4a3dcd2dfd7b491b8f59ea3f54043544de080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/post-release.yml"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103460, "scanner": "repobility-supply-chain", "fingerprint": "608e74bd8d19b74411dc1af61ac4dd668fdbbf50fefd14d65d204c2b601f147f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|608e74bd8d19b74411dc1af61ac4dd668fdbbf50fefd14d65d204c2b601f147f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/post-release.yml"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103459, "scanner": "repobility-supply-chain", "fingerprint": "f9bff7ec4823a7b3db828505d5581d432d90c52b1c50da3b7b9dd9d92facb229", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f9bff7ec4823a7b3db828505d5581d432d90c52b1c50da3b7b9dd9d92facb229"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/post-release.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 103452, "scanner": "repobility-supply-chain", "fingerprint": "472c7725647f31cdc553af8e22098a92e542d629d6a472a9edee1b68ee5c45ac", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|472c7725647f31cdc553af8e22098a92e542d629d6a472a9edee1b68ee5c45ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v25`"}, "properties": {"repobilityId": 103451, "scanner": "repobility-supply-chain", "fingerprint": "28e4e93f925eb22cb9af657c818605568ef26b7211908b62abe9ef22a4d34b65", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|28e4e93f925eb22cb9af657c818605568ef26b7211908b62abe9ef22a4d34b65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103450, "scanner": "repobility-supply-chain", "fingerprint": "a2da221fec01d8f82e735cf2f42e6d5f7eea275b99391b626343ab8023ee4e0a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a2da221fec01d8f82e735cf2f42e6d5f7eea275b99391b626343ab8023ee4e0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 103449, "scanner": "repobility-supply-chain", "fingerprint": "d18668cf04658d2ede73d601433e444855dd7bbd7e4c2744549469bbe2885982", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d18668cf04658d2ede73d601433e444855dd7bbd7e4c2744549469bbe2885982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v25`"}, "properties": {"repobilityId": 103448, "scanner": "repobility-supply-chain", "fingerprint": "1d9a15a33614075bedcf2dca1827435d4149bac61c870ad6314cd99e203e04d9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1d9a15a33614075bedcf2dca1827435d4149bac61c870ad6314cd99e203e04d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103447, "scanner": "repobility-supply-chain", "fingerprint": "52e2b9ae6b45696df23a3e4530f801672f8716dcc33cab346cdc2c2bda05c8f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|52e2b9ae6b45696df23a3e4530f801672f8716dcc33cab346cdc2c2bda05c8f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/cachix-action` pinned to mutable ref `@v17`"}, "properties": {"repobilityId": 103446, "scanner": "repobility-supply-chain", "fingerprint": "d6b1bac22aed4ac8873d83054aa22e3dad9256e71a3c662ed40380b390b78d3f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6b1bac22aed4ac8873d83054aa22e3dad9256e71a3c662ed40380b390b78d3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `cachix/install-nix-action` pinned to mutable ref `@v25`"}, "properties": {"repobilityId": 103445, "scanner": "repobility-supply-chain", "fingerprint": "5881423b0817629aea5eff23c86ffce6c0acb65bbdf5134ff29e370982cf0a84", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5881423b0817629aea5eff23c86ffce6c0acb65bbdf5134ff29e370982cf0a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 103444, "scanner": "repobility-supply-chain", "fingerprint": "a37375bb329082bf2009338969b393c60bbaedbf7751bf36424cdd7f412314a6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a37375bb329082bf2009338969b393c60bbaedbf7751bf36424cdd7f412314a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 103514, "scanner": "gitleaks", "fingerprint": "1ae0371fa37be94de246dbb2833dc2b31c240d8b8968d6ab2b3c0363a344d255", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|4|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/tests/integration/webdav-push.test.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103467, "scanner": "repobility-supply-chain", "fingerprint": "5ee6609ff1b31c0dc6ad4ade553ad336730408ec0c48161f7ec87b022208b71e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ee6609ff1b31c0dc6ad4ade553ad336730408ec0c48161f7ec87b022208b71e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103466, "scanner": "repobility-supply-chain", "fingerprint": "666939d63cd4295eed280ec4ad82ee86c883957a6c3c4b60c224cb3c8cdf92ad", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|666939d63cd4295eed280ec4ad82ee86c883957a6c3c4b60c224cb3c8cdf92ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103458, "scanner": "repobility-supply-chain", "fingerprint": "66ac1354059f9e3089ef69b6c46f2ebb720c752f291e7beba76a7ac081245644", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66ac1354059f9e3089ef69b6c46f2ebb720c752f291e7beba76a7ac081245644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103457, "scanner": "repobility-supply-chain", "fingerprint": "a9cd71ce04866b47216e0cb1acab91d244eef071b3d741769ca412a57be2df88", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9cd71ce04866b47216e0cb1acab91d244eef071b3d741769ca412a57be2df88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103456, "scanner": "repobility-supply-chain", "fingerprint": "2217cde91165f5db226513db6fcc18f25a679ceb0a09bcd961953843ca7ad29a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2217cde91165f5db226513db6fcc18f25a679ceb0a09bcd961953843ca7ad29a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103455, "scanner": "repobility-supply-chain", "fingerprint": "aba9ef38315098222fe1cd5215bf4ba1f8c7f86e759c952b81d97da18f8d1970", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aba9ef38315098222fe1cd5215bf4ba1f8c7f86e759c952b81d97da18f8d1970"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103454, "scanner": "repobility-supply-chain", "fingerprint": "e267fd82037641d60193057fd9381e801430c27ee316f02e8716dcb263a4fc5d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e267fd82037641d60193057fd9381e801430c27ee316f02e8716dcb263a4fc5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CACHIX_AUTH_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 103453, "scanner": "repobility-supply-chain", "fingerprint": "69f8683206c4e595e156bcdcc4ad28178f0210cf5c9529fe4074690468e39d43", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69f8683206c4e595e156bcdcc4ad28178f0210cf5c9529fe4074690468e39d43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 33}}}]}]}]}