{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `load_config` has cognitive complexity 9 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `load_config` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`", "shortDescription": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`"}, "fullDescription": {"text": "`uses: astral-sh/setup-uv@v8.0.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_not_triggered_internal_id", "shortDescription": {"text": "Phantom test coverage: test_not_triggered_internal_id"}, "fullDescription": {"text": "Test function `test_not_triggered_internal_id` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.signal_bot` used but never assigned in __init__", "shortDescription": {"text": "`self.signal_bot` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_get_group` of class `TestGetter` reads `self.signal_bot`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `signal` used but not imported", "shortDescription": {"text": "Missing import: `signal` used but not imported"}, "fullDescription": {"text": "The file uses `signal.something(...)` but never imports `signal`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1181"}, "properties": {"repository": "signalbot-org/signalbot", "repoUrl": "https://github.com/signalbot-org/signalbot", "branch": "main"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 118498, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 118469, "scanner": "repobility-ast-engine", "fingerprint": "b6fd99ad7de74cc6acc5a8569b2ecbc616178ff491d07d7545e545be12649bf4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6fd99ad7de74cc6acc5a8569b2ecbc616178ff491d07d7545e545be12649bf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/bot.py"}, "region": {"startLine": 793}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 118468, "scanner": "repobility-ast-engine", "fingerprint": "1142746036dd9a901b8bbf5d82c3b7590ff7db9124db4acb232b3facc6554b65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1142746036dd9a901b8bbf5d82c3b7590ff7db9124db4acb232b3facc6554b65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/bot.py"}, "region": {"startLine": 682}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 118499, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `load_config` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=6, nested_bonus=3."}, "properties": {"repobilityId": 118492, "scanner": "repobility-threat-engine", "fingerprint": "17da198b87e14dc072e7f032b96f1483f5bf4eaf58d1908a9eaa27a90b3a205e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "load_config", "breakdown": {"if": 6, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|17da198b87e14dc072e7f032b96f1483f5bf4eaf58d1908a9eaa27a90b3a205e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/bot_config.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 118496, "scanner": "repobility-threat-engine", "fingerprint": "33ceb367e18efe0cfc6f9c7e1e766f2b24d8e7b76f8d69938fbb757b62517dae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33ceb367e18efe0cfc6f9c7e1e766f2b24d8e7b76f8d69938fbb757b62517dae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/storage.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 118495, "scanner": "repobility-threat-engine", "fingerprint": "d7824044864dfe5c0219ed073599fb3dea0a039db85f54f99350d147e1fe09e2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d7824044864dfe5c0219ed073599fb3dea0a039db85f54f99350d147e1fe09e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/command.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 118491, "scanner": "repobility-threat-engine", "fingerprint": "86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|86ba1835d70968651e1fbb2569a4d94211de579a814cf34a5d1e1e2eafe3f130", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118490, "scanner": "repobility-threat-engine", "fingerprint": "cdb66d8e86ad3c268ac444ae9180ad122b4e59e679fa472dedfe5e4a4eb3ef72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cdb66d8e86ad3c268ac444ae9180ad122b4e59e679fa472dedfe5e4a4eb3ef72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/storage.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118489, "scanner": "repobility-threat-engine", "fingerprint": "be75c38cd4179edb8534636d4ee241accf305ea996c036cc9f82dd69bdddd46a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|be75c38cd4179edb8534636d4ee241accf305ea996c036cc9f82dd69bdddd46a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/command.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 118488, "scanner": "repobility-threat-engine", "fingerprint": "64fc7b7909696e1e0b71b00a9a5f0698d3f7d164d14cf28b1ce1330d791ccfbc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64fc7b7909696e1e0b71b00a9a5f0698d3f7d164d14cf28b1ce1330d791ccfbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/commands/help.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 118497, "scanner": "repobility-threat-engine", "fingerprint": "ad55d2efb24552991b4b4532dbf6b96831981e0c3867fd1bc55745ae44883928", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self._redis.delete(key)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ad55d2efb24552991b4b4532dbf6b96831981e0c3867fd1bc55745ae44883928"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/storage.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 118494, "scanner": "repobility-threat-engine", "fingerprint": "12e0ef362c8975e24fbe62b5c5f3a1665a3a4462cb2f12e195c88c57f861444a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12e0ef362c8975e24fbe62b5c5f3a1665a3a4462cb2f12e195c88c57f861444a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/storage.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 118493, "scanner": "repobility-threat-engine", "fingerprint": "f0f2632c93cc4cb831539f943b942fd971e2ff679d76d888bdf57eeeff90d7f8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f0f2632c93cc4cb831539f943b942fd971e2ff679d76d888bdf57eeeff90d7f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/command.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v8.0.0`"}, "properties": {"repobilityId": 118487, "scanner": "repobility-supply-chain", "fingerprint": "0a385ae4454d1f8df486b5c8ec0755ce10cfb7a20a4f88cf87512e8cabe3ac7b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a385ae4454d1f8df486b5c8ec0755ce10cfb7a20a4f88cf87512e8cabe3ac7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/install-uv/action.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `octokit/request-action` pinned to mutable ref `@v3.x`"}, "properties": {"repobilityId": 118486, "scanner": "repobility-supply-chain", "fingerprint": "0bb075594e8b45e175381078ed9df743d1b7432caf50c85095989a54adc1ef41", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0bb075594e8b45e175381078ed9df743d1b7432caf50c85095989a54adc1ef41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `octokit/request-action` pinned to mutable ref `@v3.x`"}, "properties": {"repobilityId": 118485, "scanner": "repobility-supply-chain", "fingerprint": "e44614ed8ef666ec7aa02b13aca85d8364c9bab40844faea67a89e0af2ec6e04", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e44614ed8ef666ec7aa02b13aca85d8364c9bab40844faea67a89e0af2ec6e04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/create-or-update-comment` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 118484, "scanner": "repobility-supply-chain", "fingerprint": "7ad57fee47858cde6ba4578e7a602ca62ef290601441f55d3c3b22b14da13fe5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7ad57fee47858cde6ba4578e7a602ca62ef290601441f55d3c3b22b14da13fe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118483, "scanner": "repobility-supply-chain", "fingerprint": "fa687bc0fe8bc15628880199ef53126d60062f57f45bfebfa1e1160b7d316c44", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fa687bc0fe8bc15628880199ef53126d60062f57f45bfebfa1e1160b7d316c44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `octokit/request-action` pinned to mutable ref `@v3.x`"}, "properties": {"repobilityId": 118482, "scanner": "repobility-supply-chain", "fingerprint": "73e42ebf340cd915c28b5797bdc0b6d00fa64d83a266242f25dded022c4194f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|73e42ebf340cd915c28b5797bdc0b6d00fa64d83a266242f25dded022c4194f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `octokit/request-action` pinned to mutable ref `@v3.x`"}, "properties": {"repobilityId": 118481, "scanner": "repobility-supply-chain", "fingerprint": "3fca0ff88bd89aa1dc73cc9e6ddb1cffd4151183b903436b37154f9f53912fdf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3fca0ff88bd89aa1dc73cc9e6ddb1cffd4151183b903436b37154f9f53912fdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-command.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118480, "scanner": "repobility-supply-chain", "fingerprint": "70cc8ced9a55534039ffd2073b0ed54d07c024f51c25f3be68f1f92629e2c4c0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70cc8ced9a55534039ffd2073b0ed54d07c024f51c25f3be68f1f92629e2c4c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci-docs.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118479, "scanner": "repobility-supply-chain", "fingerprint": "b8457fe1e8f565cd448bd95fc15842033761727b806642a68da871fe787c0e0e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8457fe1e8f565cd448bd95fc15842033761727b806642a68da871fe787c0e0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-docs.yaml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118477, "scanner": "repobility-supply-chain", "fingerprint": "0f13aa3165a6257fb38e7e98c25fbf6a07b871e0ef6cca2709c889b93238d23f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f13aa3165a6257fb38e7e98c25fbf6a07b871e0ef6cca2709c889b93238d23f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118476, "scanner": "repobility-supply-chain", "fingerprint": "f3ecc2308d461e17e8887673c7f232212046db75e0f66f37053d76667f763a3c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f3ecc2308d461e17e8887673c7f232212046db75e0f66f37053d76667f763a3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `j178/prek-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 118475, "scanner": "repobility-supply-chain", "fingerprint": "87c3abc4f2f997d978ce0ec1ccc1342b26b5bffdbbab4ba05a4e199423e504fc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|87c3abc4f2f997d978ce0ec1ccc1342b26b5bffdbbab4ba05a4e199423e504fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118474, "scanner": "repobility-supply-chain", "fingerprint": "90c857e794deb542c12d4b130a84574cc76f329ab6f1086b0d8d9408ed430337", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|90c857e794deb542c12d4b130a84574cc76f329ab6f1086b0d8d9408ed430337"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118473, "scanner": "repobility-supply-chain", "fingerprint": "e3f1e206c4db73d8c808ef49aaf3a9719c88baa2085464297886e71cc6ac3d5d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3f1e206c4db73d8c808ef49aaf3a9719c88baa2085464297886e71cc6ac3d5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yaml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 118472, "scanner": "repobility-supply-chain", "fingerprint": "721078bfafdb1f0285d2741a4f356ab279afec69eec78e3448e04793f7b29aef", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|721078bfafdb1f0285d2741a4f356ab279afec69eec78e3448e04793f7b29aef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yaml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `peter-evans/slash-command-dispatch` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 118471, "scanner": "repobility-supply-chain", "fingerprint": "e4fd06e4e8ee88ad761b788dd9a4dc6f778f54067ac10af7862d3ba63321a262", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4fd06e4e8ee88ad761b788dd9a4dc6f778f54067ac10af7862d3ba63321a262"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-dispatch.yaml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions-cool/check-user-permission` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 118470, "scanner": "repobility-supply-chain", "fingerprint": "d5a3f5f029a53002fdadf3be4ebf9dc89dca034ab25ca71f6938402cfd837de0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d5a3f5f029a53002fdadf3be4ebf9dc89dca034ab25ca71f6938402cfd837de0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/deploy-pr-dispatch.yaml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_not_triggered_internal_id"}, "properties": {"repobilityId": 118466, "scanner": "repobility-ast-engine", "fingerprint": "2dcd7b0c8570af9409f53539ea71e349e4c59ae59aef872635eaf0dafd55d70e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2dcd7b0c8570af9409f53539ea71e349e4c59ae59aef872635eaf0dafd55d70e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_not_triggered_id"}, "properties": {"repobilityId": 118465, "scanner": "repobility-ast-engine", "fingerprint": "c9a93a9bea06030ad660be20678b634d686f6352904ffb1cf9aa005bfeab3112", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9a93a9bea06030ad660be20678b634d686f6352904ffb1cf9aa005bfeab3112"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_not_triggered_name"}, "properties": {"repobilityId": 118464, "scanner": "repobility-ast-engine", "fingerprint": "432e8607422957f51f8129f12e4144519a633010568640105ab56266e00395d4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|432e8607422957f51f8129f12e4144519a633010568640105ab56266e00395d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_triggered_internal_id"}, "properties": {"repobilityId": 118463, "scanner": "repobility-ast-engine", "fingerprint": "a9c76d706276db439243a4b1324482e36d1b165b592493b483e1f5691057fe87", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a9c76d706276db439243a4b1324482e36d1b165b592493b483e1f5691057fe87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_triggered_id"}, "properties": {"repobilityId": 118462, "scanner": "repobility-ast-engine", "fingerprint": "a6bdbd9b1c071e4a708254a56b161840b04d2efd666ec432e9c186394b1999d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a6bdbd9b1c071e4a708254a56b161840b04d2efd666ec432e9c186394b1999d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_triggered_name"}, "properties": {"repobilityId": 118461, "scanner": "repobility-ast-engine", "fingerprint": "8d1f45ac4c71d5b76b16708fc4ee6f6586b3ee27365cb72ad209103acefddfe2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8d1f45ac4c71d5b76b16708fc4ee6f6586b3ee27365cb72ad209103acefddfe2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_decorator.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118460, "scanner": "repobility-ast-engine", "fingerprint": "217e3fb0fae875b66aef273560f938bf821936ea1c038b8bb9fa3e60d3dbf12f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|217e3fb0fae875b66aef273560f938bf821936ea1c038b8bb9fa3e60d3dbf12f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118459, "scanner": "repobility-ast-engine", "fingerprint": "448e4c85284b62dc989c9765d74a1c45e6b8cc933aa3ede5958c6e84a813b2bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|448e4c85284b62dc989c9765d74a1c45e6b8cc933aa3ede5958c6e84a813b2bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118458, "scanner": "repobility-ast-engine", "fingerprint": "3979f2d49de12bfebf1de6fd7a13037bb247bf3895aee698565b4ed35ad76b36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3979f2d49de12bfebf1de6fd7a13037bb247bf3895aee698565b4ed35ad76b36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118457, "scanner": "repobility-ast-engine", "fingerprint": "3b90c96df27b50ad37ee875f268d576106c4c8f2b8fcb4f63497c89bd6684b99", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b90c96df27b50ad37ee875f268d576106c4c8f2b8fcb4f63497c89bd6684b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.found_group` used but never assigned in __init__"}, "properties": {"repobilityId": 118456, "scanner": "repobility-ast-engine", "fingerprint": "1033014d0dcbd96d63dedca1bfa0872b128ebee6c653fbe790877079ddf62cf7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1033014d0dcbd96d63dedca1bfa0872b128ebee6c653fbe790877079ddf62cf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.found_group` used but never assigned in __init__"}, "properties": {"repobilityId": 118455, "scanner": "repobility-ast-engine", "fingerprint": "60755e1aae76449893ec5320460203b27a7c97d241f0a8e19bb88f1e207f9c68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60755e1aae76449893ec5320460203b27a7c97d241f0a8e19bb88f1e207f9c68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.phone_number` used but never assigned in __init__"}, "properties": {"repobilityId": 118454, "scanner": "repobility-ast-engine", "fingerprint": "006095453b6ee7b97402c217ce059a8c1c0295f440eaac98113883b0a08af5af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|006095453b6ee7b97402c217ce059a8c1c0295f440eaac98113883b0a08af5af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_service` used but never assigned in __init__"}, "properties": {"repobilityId": 118453, "scanner": "repobility-ast-engine", "fingerprint": "65b46c4d747b50cb2a718d03ebb0d83b4ee8f8563db0176ed1fe80b5a25d3088", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65b46c4d747b50cb2a718d03ebb0d83b4ee8f8563db0176ed1fe80b5a25d3088"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118452, "scanner": "repobility-ast-engine", "fingerprint": "0b6d2cb851aaf510c6a2e98a5d1af41a2ac31abc5a46b369753e3f4689063e4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0b6d2cb851aaf510c6a2e98a5d1af41a2ac31abc5a46b369753e3f4689063e4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118451, "scanner": "repobility-ast-engine", "fingerprint": "e8fd385d2c3eda39c336f49d4d67cad02c674d3813d655c391cafab033c2e778", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8fd385d2c3eda39c336f49d4d67cad02c674d3813d655c391cafab033c2e778"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.internal_id` used but never assigned in __init__"}, "properties": {"repobilityId": 118450, "scanner": "repobility-ast-engine", "fingerprint": "0fca7990e7a74d5f2cb3ea56d9ae65fbe52a69ed7eb4bb66282d3c2821db2ee9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0fca7990e7a74d5f2cb3ea56d9ae65fbe52a69ed7eb4bb66282d3c2821db2ee9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_id` used but never assigned in __init__"}, "properties": {"repobilityId": 118449, "scanner": "repobility-ast-engine", "fingerprint": "5154252a0cd47664535671465a08994b6b8322137c4c4ed63a75fcce211fb4b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5154252a0cd47664535671465a08994b6b8322137c4c4ed63a75fcce211fb4b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118448, "scanner": "repobility-ast-engine", "fingerprint": "4836815548996044d54cb6a0b3ef2cabbca9082480c78cb960aa58dbf4bfdd1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4836815548996044d54cb6a0b3ef2cabbca9082480c78cb960aa58dbf4bfdd1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118447, "scanner": "repobility-ast-engine", "fingerprint": "8ff70227c24a2b22e73ae1cfbe73a530f3a16d4824887a181f0356cf24a5063b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ff70227c24a2b22e73ae1cfbe73a530f3a16d4824887a181f0356cf24a5063b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118446, "scanner": "repobility-ast-engine", "fingerprint": "8b68ca2caa9078b1f44ba3579bca0360617447f5d78c05504085bd77c1dcc5ec", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b68ca2caa9078b1f44ba3579bca0360617447f5d78c05504085bd77c1dcc5ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118445, "scanner": "repobility-ast-engine", "fingerprint": "47207a98744dd4818eb82652d391af930dabd2e245479b7b1da363c6165b2ac3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47207a98744dd4818eb82652d391af930dabd2e245479b7b1da363c6165b2ac3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118444, "scanner": "repobility-ast-engine", "fingerprint": "0561d3a908b01d73cafd93c10e20d9a29f56b1831f26943310b885d371319c6e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0561d3a908b01d73cafd93c10e20d9a29f56b1831f26943310b885d371319c6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118443, "scanner": "repobility-ast-engine", "fingerprint": "ba4ae4f5f3616fb4933df8d08db767021f34e912c2d6acd4c8124008dac531bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba4ae4f5f3616fb4933df8d08db767021f34e912c2d6acd4c8124008dac531bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.internal_id` used but never assigned in __init__"}, "properties": {"repobilityId": 118442, "scanner": "repobility-ast-engine", "fingerprint": "32bee06609680ada6425aa15573f85709caf8b7b476b881d17cae79848377c96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32bee06609680ada6425aa15573f85709caf8b7b476b881d17cae79848377c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.group_id` used but never assigned in __init__"}, "properties": {"repobilityId": 118441, "scanner": "repobility-ast-engine", "fingerprint": "5d3678238e4c59220847cf73b686d88f86cbd206c9cb1de38100b62499d890a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5d3678238e4c59220847cf73b686d88f86cbd206c9cb1de38100b62499d890a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.phone_number` used but never assigned in __init__"}, "properties": {"repobilityId": 118440, "scanner": "repobility-ast-engine", "fingerprint": "fe6fff87da0d13234f38aece1c6bbbd83169646682d08a937393a4b6332050d0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe6fff87da0d13234f38aece1c6bbbd83169646682d08a937393a4b6332050d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_service` used but never assigned in __init__"}, "properties": {"repobilityId": 118439, "scanner": "repobility-ast-engine", "fingerprint": "af9e76255036b6ed44a918f93fe5a07dd5a7395f08162034e6bab4470d50ff19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af9e76255036b6ed44a918f93fe5a07dd5a7395f08162034e6bab4470d50ff19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118438, "scanner": "repobility-ast-engine", "fingerprint": "e92ac40599415f0587a84482e35f90501e66a28036e5e6c5934afa87e8bedf1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e92ac40599415f0587a84482e35f90501e66a28036e5e6c5934afa87e8bedf1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118437, "scanner": "repobility-ast-engine", "fingerprint": "32f28085fa7c463df5c6bd665efea14768cce58a42e0eccac700899d173b6d2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32f28085fa7c463df5c6bd665efea14768cce58a42e0eccac700899d173b6d2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.signal_bot` used but never assigned in __init__"}, "properties": {"repobilityId": 118436, "scanner": "repobility-ast-engine", "fingerprint": "3931d2a3f8f56b23da674461e20e4890122885ec0134cff41cb8839941a4cccd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3931d2a3f8f56b23da674461e20e4890122885ec0134cff41cb8839941a4cccd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_version"}, "properties": {"repobilityId": 118435, "scanner": "repobility-ast-engine", "fingerprint": "0ce0a68b0a9f928b7957dbc85ef610eb05c8413be6167f4f5b7017ae97443559", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ce0a68b0a9f928b7957dbc85ef610eb05c8413be6167f4f5b7017ae97443559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_old_version_raises_runtime_error"}, "properties": {"repobilityId": 118434, "scanner": "repobility-ast-engine", "fingerprint": "2418f45fc2146f631e52f370a5af057558f31f52d9d8aca5b9a18ec6297e09d2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2418f45fc2146f631e52f370a5af057558f31f52d9d8aca5b9a18ec6297e09d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unset_version"}, "properties": {"repobilityId": 118433, "scanner": "repobility-ast-engine", "fingerprint": "2a345e9f15a93c0995dd272d8b7c0889a4e54428b42298009ffc8b5ac98e4b17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a345e9f15a93c0995dd272d8b7c0889a4e54428b42298009ffc8b5ac98e4b17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_new_version_is_okay"}, "properties": {"repobilityId": 118432, "scanner": "repobility-ast-engine", "fingerprint": "7c829a3c5599ca0d5fe0d91ff5a8d35a2421bac342b4c5d826226af50ffe9dd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7c829a3c5599ca0d5fe0d91ff5a8d35a2421bac342b4c5d826226af50ffe9dd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_bot.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_init_with_password"}, "properties": {"repobilityId": 118431, "scanner": "repobility-ast-engine", "fingerprint": "c794a5763d9df4a2acc09d1546e3c027c23f1ee3f04b5933e312facbb8f5f9d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c794a5763d9df4a2acc09d1546e3c027c23f1ee3f04b5933e312facbb8f5f9d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_storage.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_init_without_password"}, "properties": {"repobilityId": 118430, "scanner": "repobility-ast-engine", "fingerprint": "d4ce574ecfba72d83e0350ae2d876922757f6706022caed8ced8d938b1d05746", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d4ce574ecfba72d83e0350ae2d876922757f6706022caed8ced8d938b1d05746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_storage.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 118478, "scanner": "repobility-supply-chain", "fingerprint": "228f1d4593c66ae9bb68e25b8d1fc80fec4ff5546543345f5af17a7fb232996e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|228f1d4593c66ae9bb68e25b8d1fc80fec4ff5546543345f5af17a7fb232996e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `signal` used but not imported"}, "properties": {"repobilityId": 118467, "scanner": "repobility-ast-engine", "fingerprint": "eb878a25393c82bb6fde97c2b942a3ac60f3db561a82afafd95284d458d40620", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb878a25393c82bb6fde97c2b942a3ac60f3db561a82afafd95284d458d40620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/signalbot/message.py"}, "region": {"startLine": 249}}}]}]}]}