{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_README", "name": "No README file found", "shortDescription": {"text": "No README file found"}, "fullDescription": {"text": "Create a README.md with: project name and description, installation instructions, usage examples, configuration options, and contribution guidelines."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo", "shortDescription": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "fullDescription": {"text": "`gradle/wrapper/gradle-wrapper.jar` is a .jar binary (43,453 bytes) committed to a repo that otherwise has 223 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `P3pp3rF1y/MultiWorkspace/.github/workflows/mod-build-template.yml` pinned to mutable ref `@1.21.x`", "shortDescription": {"text": "Action `P3pp3rF1y/MultiWorkspace/.github/workflows/mod-build-template.yml` pinned to mutable ref `@1.21.x`"}, "fullDescription": {"text": "`uses: P3pp3rF1y/MultiWorkspace/.github/workflows/mod-build-template.yml@1.21.x` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1388"}, "properties": {"repository": "P3pp3rF1y/SophisticatedStorage", "repoUrl": "https://github.com/P3pp3rF1y/SophisticatedStorage", "branch": "1.21.x"}, "results": [{"ruleId": "CORE_NO_README", "level": "warning", "message": {"text": "No README file found"}, "properties": {"repobilityId": 142351, "scanner": "repobility-core", "fingerprint": "b55c73163757fe6b2364bb829fcd26e87b9d9e7b367dd2a3307a814b02b29cbd", "category": "documentation", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_README", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_readme"}}}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 142369, "scanner": "repobility-threat-engine", "fingerprint": "2516bc82fa2a06968dd04dce6796fa145e4f9cbcf6157e12009d1066e4916d61", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Incorrect block entity at \" + pos + \" exptected to find StorageBlockEntity\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2516bc82fa2a06968dd04dce6796fa145e4f9cbcf6157e12009d1066e4916d61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/common/gui/StorageContainerMenu.java"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 142368, "scanner": "repobility-threat-engine", "fingerprint": "ec668671a87ae904b88c100d0c433646c6f2e48a3a94021b13028744a4ded824", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "LOGGER.error(\"No storage contents found for uuid: \" + storageUuid + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ec668671a87ae904b88c100d0c433646c6f2e48a3a94021b13028744a4ded824"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/WoodStorageBlockBase.java"}, "region": {"startLine": 194}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d893bad9a9cbcd2ab922c0f39b4b4bc2a7dde9d6dfee1d523b75ebce4166f6f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/item/ShulkerBoxItem.java", "duplicate_line": 37, "correlation_key": "fp|d893bad9a9cbcd2ab922c0f39b4b4bc2a7dde9d6dfee1d523b75ebce4166f6f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/item/WoodStorageBlockItem.java"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f9e0a5c0beeda90033c6f56e167cec850ad29736c1322aa99b4df6865e0733e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageWrapper.java", "duplicate_line": 212, "correlation_key": "fp|3f9e0a5c0beeda90033c6f56e167cec850ad29736c1322aa99b4df6865e0733e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/entity/MovingStorageWrapper.java"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02301e9e9bdfd3ed67b9426239c0f34e8df1807317b5d4e28dc9c3c0d5554031", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/crafting/DoubleChestTierUpgradeShapelessRecipe.java", "duplicate_line": 19, "correlation_key": "fp|02301e9e9bdfd3ed67b9426239c0f34e8df1807317b5d4e28dc9c3c0d5554031"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/crafting/StorageTierUpgradeShapelessRecipe.java"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b47cfa77f17bc3c778e2f2f1096b19e1d930589285962c83f6a2ea6c06c966c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/DecorationTableBlockEntity.java", "duplicate_line": 527, "correlation_key": "fp|b47cfa77f17bc3c778e2f2f1096b19e1d930589285962c83f6a2ea6c06c966c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/compat/sb/SBCompat.java"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0ade80839a18c918b57412299d11c2ea07a52346dc38814e18c8b530c7d13f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/compat/recipeviewers/common/ShulkerBoxFromChestRecipesMaker.java", "duplicate_line": 76, "correlation_key": "fp|e0ade80839a18c918b57412299d11c2ea07a52346dc38814e18c8b530c7d13f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/compat/recipeviewers/common/TierUpgradeRecipesMaker.java"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11f4db1ed528ac88f216c6d64f661b1b1c0ce3981090a7d84580061697828ada", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/BarrelBakedModelBase.java", "duplicate_line": 594, "correlation_key": "fp|11f4db1ed528ac88f216c6d64f661b1b1c0ce3981090a7d84580061697828ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/ShulkerBoxDynamicModel.java"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142357, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d78508329c898e18373e85495a53f889eadc1b800d72ec6c395d2c8c74d78f33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/ChestDynamicModel.java", "duplicate_line": 50, "correlation_key": "fp|d78508329c898e18373e85495a53f889eadc1b800d72ec6c395d2c8c74d78f33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/ShulkerBoxDynamicModel.java"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142356, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e64caee61899c7bb7347ef82391c484898b36b5f65386885b4b37e661fc1b5b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/BarrelBakedModelBase.java", "duplicate_line": 594, "correlation_key": "fp|e64caee61899c7bb7347ef82391c484898b36b5f65386885b4b37e661fc1b5b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/client/render/ChestDynamicModel.java"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142355, "scanner": "repobility-ai-code-hygiene", "fingerprint": "833df14e879f0655f0fb65610de69327ca43e4d1544e91d9598cb93e1988e831", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageIOBlockEntity.java", "duplicate_line": 174, "correlation_key": "fp|833df14e879f0655f0fb65610de69327ca43e4d1544e91d9598cb93e1988e831"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageLinkBlockEntity.java"}, "region": {"startLine": 83}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142354, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9a4b0c2f9aaabc39d7688fbaacf2cae98062f98b5e6b51f2c874aa455d28490", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageConnectorBlockEntity.java", "duplicate_line": 54, "correlation_key": "fp|a9a4b0c2f9aaabc39d7688fbaacf2cae98062f98b5e6b51f2c874aa455d28490"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageLinkBlockEntity.java"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142353, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24a52553a101f05a8b7ebe96a1457edf253b03160a4179cc58d8287adf245562", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageBlockEntity.java", "duplicate_line": 377, "correlation_key": "fp|24a52553a101f05a8b7ebe96a1457edf253b03160a4179cc58d8287adf245562"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/StorageConnectorBlockEntity.java"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 142352, "scanner": "repobility-ai-code-hygiene", "fingerprint": "922d1f4cd3714018bb38d72ef8fe6d26846ab498ef1e4a1e9d573461e1df4db4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/BarrelBlock.java", "duplicate_line": 78, "correlation_key": "fp|922d1f4cd3714018bb38d72ef8fe6d26846ab498ef1e4a1e9d573461e1df4db4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/ShulkerBoxBlock.java"}, "region": {"startLine": 287}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 142367, "scanner": "repobility-threat-engine", "fingerprint": "338a8bb475973b987b3be865da23b1524ef87d0abf12384a81f6798c9433f15f", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|42|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/item/StackStorageWrapper.java"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 142366, "scanner": "repobility-threat-engine", "fingerprint": "173690878fb6a8d80a27654f3fa9add120180b694d6c9a6bd8fef7214f19a8ab", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|88|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/java/net/p3pp3rf1y/sophisticatedstorage/block/WoodStorageBlockBase.java"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo"}, "properties": {"repobilityId": 142365, "scanner": "repobility-supply-chain", "fingerprint": "e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e2b2941256bb00bcea86f3210c442cc86a6e12532e912731b9d72756a556437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `P3pp3rF1y/MultiWorkspace/.github/workflows/mod-build-template.yml` pinned to mutable ref `@1.21.x`"}, "properties": {"repobilityId": 142364, "scanner": "repobility-supply-chain", "fingerprint": "4faa43b231a28fe723e2022a62c39a5446172392da820f9b810e6d69dfaa4e98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4faa43b231a28fe723e2022a62c39a5446172392da820f9b810e6d69dfaa4e98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/gradle.yml"}, "region": {"startLine": 10}}}]}]}]}