{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "GHSA-gc5v-m9x4-r6x2", "name": "requests: GHSA-gc5v-m9x4-r6x2", "shortDescription": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "fullDescription": {"text": "Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9wx4-h78v-vm56", "name": "requests: GHSA-9wx4-h78v-vm56", "shortDescription": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "fullDescription": {"text": "Requests `Session` object does not verify requests after making first request with verify=False"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-9hjg-9r4m-mvj7", "name": "requests: GHSA-9hjg-9r4m-mvj7", "shortDescription": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "fullDescription": {"text": "Requests vulnerable to .netrc credentials leak via malicious URLs"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-x3rm-644h-67m8", "name": "opencv-python: GHSA-x3rm-644h-67m8", "shortDescription": {"text": "opencv-python: GHSA-x3rm-644h-67m8"}, "fullDescription": {"text": "Out-of-bounds Read in OpenCV"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-hxfw-jm98-v4mq", "name": "opencv-python: GHSA-hxfw-jm98-v4mq", "shortDescription": {"text": "opencv-python: GHSA-hxfw-jm98-v4mq"}, "fullDescription": {"text": "Divide By Zero in OpenCV."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-r73j-pqj5-w3x7", "name": "pillow: GHSA-r73j-pqj5-w3x7", "shortDescription": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "fullDescription": {"text": "Pillow has a PDF Parsing Trailer Infinite Loop (DoS)"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-jgpv-4h4c-xhw3", "name": "pillow: GHSA-jgpv-4h4c-xhw3", "shortDescription": {"text": "pillow: GHSA-jgpv-4h4c-xhw3"}, "fullDescription": {"text": "Uncontrolled Resource Consumption in pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED124", "name": "requirements.txt: `dora-rs` has no version pin", "shortDescription": {"text": "requirements.txt: `dora-rs` has no version pin"}, "fullDescription": {"text": "Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-g7vv-2v7x-gj9p", "name": "tqdm: GHSA-g7vv-2v7x-gj9p", "shortDescription": {"text": "tqdm: GHSA-g7vv-2v7x-gj9p"}, "fullDescription": {"text": "tqdm CLI arguments injection attack"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4fx9-vc88-q2xc", "name": "pillow: GHSA-4fx9-vc88-q2xc", "shortDescription": {"text": "pillow: GHSA-4fx9-vc88-q2xc"}, "fullDescription": {"text": "Infinite loop in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 13."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 90 more): Same pattern found in 90 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 90 more): Same pattern found in 90 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-114", "name": "scipy: PYSEC-2023-114", "shortDescription": {"text": "scipy: PYSEC-2023-114"}, "fullDescription": {"text": "** DISPUTED ** A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-102", "name": "scipy: PYSEC-2023-102", "shortDescription": {"text": "scipy: PYSEC-2023-102"}, "fullDescription": {"text": "A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-74", "name": "requests: PYSEC-2023-74", "shortDescription": {"text": "requests: PYSEC-2023-74"}, "fullDescription": {"text": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-q799-q27x-vp7w", "name": "opencv-python: GHSA-q799-q27x-vp7w", "shortDescription": {"text": "opencv-python: GHSA-q799-q27x-vp7w"}, "fullDescription": {"text": "Out-of-bounds Write in OpenCV"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fw99-f933-rgh8", "name": "opencv-python: GHSA-fw99-f933-rgh8", "shortDescription": {"text": "opencv-python: GHSA-fw99-f933-rgh8"}, "fullDescription": {"text": "Out-of-bounds Read and Out-of-bounds Write in OpenCV"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-fm39-cw8h-3p63", "name": "opencv-python: GHSA-fm39-cw8h-3p63", "shortDescription": {"text": "opencv-python: GHSA-fm39-cw8h-3p63"}, "fullDescription": {"text": "Out-of-bounds Read in OpenCV"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8849-5h85-98qw", "name": "opencv-python: GHSA-8849-5h85-98qw", "shortDescription": {"text": "opencv-python: GHSA-8849-5h85-98qw"}, "fullDescription": {"text": "Out-of-bounds Write in OpenCV"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3448-vrgh-85xr", "name": "opencv-python: GHSA-3448-vrgh-85xr", "shortDescription": {"text": "opencv-python: GHSA-3448-vrgh-85xr"}, "fullDescription": {"text": "NULL Pointer Dereference in OpenCV."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-183", "name": "opencv-python: PYSEC-2023-183", "shortDescription": {"text": "opencv-python: PYSEC-2023-183"}, "fullDescription": {"text": "opencv-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-44wm-f244-xhp3", "name": "pillow: GHSA-44wm-f244-xhp3", "shortDescription": {"text": "pillow: GHSA-44wm-f244-xhp3"}, "fullDescription": {"text": "Pillow buffer overflow vulnerability"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-165", "name": "pillow: PYSEC-2026-165", "shortDescription": {"text": "pillow: PYSEC-2026-165"}, "fullDescription": {"text": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-227", "name": "pillow: PYSEC-2023-227", "shortDescription": {"text": "pillow: PYSEC-2023-227"}, "fullDescription": {"text": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2023-175", "name": "pillow: PYSEC-2023-175", "shortDescription": {"text": "pillow: PYSEC-2023-175"}, "fullDescription": {"text": "Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-9", "name": "pillow: PYSEC-2022-9", "shortDescription": {"text": "pillow: PYSEC-2022-9"}, "fullDescription": {"text": "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-8", "name": "pillow: PYSEC-2022-8", "shortDescription": {"text": "pillow: PYSEC-2022-8"}, "fullDescription": {"text": "path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-42979", "name": "pillow: PYSEC-2022-42979", "shortDescription": {"text": "pillow: PYSEC-2022-42979"}, "fullDescription": {"text": "Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification)."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2022-168", "name": "pillow: PYSEC-2022-168", "shortDescription": {"text": "pillow: PYSEC-2022-168"}, "fullDescription": {"text": "Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-94", "name": "pillow: PYSEC-2021-94", "shortDescription": {"text": "pillow: PYSEC-2021-94"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-93", "name": "pillow: PYSEC-2021-93", "shortDescription": {"text": "pillow: PYSEC-2021-93"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-92", "name": "pillow: PYSEC-2021-92", "shortDescription": {"text": "pillow: PYSEC-2021-92"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-71", "name": "pillow: PYSEC-2021-71", "shortDescription": {"text": "pillow: PYSEC-2021-71"}, "fullDescription": {"text": "In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-69", "name": "pillow: PYSEC-2021-69", "shortDescription": {"text": "pillow: PYSEC-2021-69"}, "fullDescription": {"text": "In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-42", "name": "pillow: PYSEC-2021-42", "shortDescription": {"text": "pillow: PYSEC-2021-42"}, "fullDescription": {"text": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-41", "name": "pillow: PYSEC-2021-41", "shortDescription": {"text": "pillow: PYSEC-2021-41"}, "fullDescription": {"text": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-40", "name": "pillow: PYSEC-2021-40", "shortDescription": {"text": "pillow: PYSEC-2021-40"}, "fullDescription": {"text": "Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-39", "name": "pillow: PYSEC-2021-39", "shortDescription": {"text": "pillow: PYSEC-2021-39"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-38", "name": "pillow: PYSEC-2021-38", "shortDescription": {"text": "pillow: PYSEC-2021-38"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-37", "name": "pillow: PYSEC-2021-37", "shortDescription": {"text": "pillow: PYSEC-2021-37"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-36", "name": "pillow: PYSEC-2021-36", "shortDescription": {"text": "pillow: PYSEC-2021-36"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-35", "name": "pillow: PYSEC-2021-35", "shortDescription": {"text": "pillow: PYSEC-2021-35"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-317", "name": "pillow: PYSEC-2021-317", "shortDescription": {"text": "pillow: PYSEC-2021-317"}, "fullDescription": {"text": "The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-139", "name": "pillow: PYSEC-2021-139", "shortDescription": {"text": "pillow: PYSEC-2021-139"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-138", "name": "pillow: PYSEC-2021-138", "shortDescription": {"text": "pillow: PYSEC-2021-138"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2021-137", "name": "pillow: PYSEC-2021-137", "shortDescription": {"text": "pillow: PYSEC-2021-137"}, "fullDescription": {"text": "An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la."}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "PYSEC-2026-113", "name": "pyarrow: PYSEC-2026-113", "shortDescription": {"text": "pyarrow: PYSEC-2026-113"}, "fullDescription": {"text": "Use After Free vulnerability in Apache Arrow C++.\n\nThis issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and String View data). Depending on the number of variadic buffers in a record batch column and on the temporal sequence of multi-threaded IO, a write to a dangling pointer could occur. The value (a `std::shared_ptr<Buffer>` object)\u00a0that is written to the dangling pointer is not under direct control of the attacker.\n\nPre-buffering is disabled by default but can be enabled using a specific C++ API call (`RecordBatchFileReader::PreBufferMetadata`). The functionality is not exposed in language bindings (Python, Ruby, C GLib), so these bindings are not vulnerable.\n\nThe most likely consequence of this issue would be random crashes or memory corruption when reading specific kinds of IPC files. If the appli"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2017-0008", "name": "serial: RUSTSEC-2017-0008", "shortDescription": {"text": "serial: RUSTSEC-2017-0008"}, "fullDescription": {"text": "`serial` crate is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2024-0436", "name": "paste: RUSTSEC-2024-0436", "shortDescription": {"text": "paste: RUSTSEC-2024-0436"}, "fullDescription": {"text": "paste - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0119", "name": "number_prefix: RUSTSEC-2025-0119", "shortDescription": {"text": "number_prefix: RUSTSEC-2025-0119"}, "fullDescription": {"text": "number_prefix crate is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2020-0016", "name": "net2: RUSTSEC-2020-0016", "shortDescription": {"text": "net2: RUSTSEC-2020-0016"}, "fullDescription": {"text": "`net2` crate has been deprecated; use `socket2` instead"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0057", "name": "fxhash: RUSTSEC-2025-0057", "shortDescription": {"text": "fxhash: RUSTSEC-2025-0057"}, "fullDescription": {"text": "fxhash - no longer maintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "RUSTSEC-2025-0141", "name": "bincode: RUSTSEC-2025-0141", "shortDescription": {"text": "bincode: RUSTSEC-2025-0141"}, "fullDescription": {"text": "Bincode is unmaintained"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR006", "name": "Dockerfile pipes a remote script into a shell", "shortDescription": {"text": "Dockerfile pipes a remote script into a shell"}, "fullDescription": {"text": "Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/checkout` pinned to mutable ref `@v6`", "shortDescription": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "fullDescription": {"text": "`uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ros:humble` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ros:humble` not pinned by digest"}, "fullDescription": {"text": "`FROM ros:humble` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_invalid_queue_size", "shortDescription": {"text": "Phantom test coverage: test_invalid_queue_size"}, "fullDescription": {"text": "Test function `test_invalid_queue_size` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._await_alt_below` used but never assigned in __init__", "shortDescription": {"text": "`self._await_alt_below` used but never assigned in __init__"}, "fullDescription": {"text": "Method `run` of class `Mission` reads `self._await_alt_below`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "GHSA-8q59-q68h-6hv4", "name": "pyyaml: GHSA-8q59-q68h-6hv4", "shortDescription": {"text": "pyyaml: GHSA-8q59-q68h-6hv4"}, "fullDescription": {"text": "Improper Input Validation in PyYAML"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-57h3-9rgr-c24m", "name": "pillow: GHSA-57h3-9rgr-c24m", "shortDescription": {"text": "pillow: GHSA-57h3-9rgr-c24m"}, "fullDescription": {"text": "Out of bounds write in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3f63-hfp8-52jq", "name": "pillow: GHSA-3f63-hfp8-52jq", "shortDescription": {"text": "pillow: GHSA-3f63-hfp8-52jq"}, "fullDescription": {"text": "Arbitrary Code Execution in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-8vj2-vxx3-667w", "name": "pillow: GHSA-8vj2-vxx3-667w", "shortDescription": {"text": "pillow: GHSA-8vj2-vxx3-667w"}, "fullDescription": {"text": "Arbitrary expression injection in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-7534-mm45-c74v", "name": "pillow: GHSA-7534-mm45-c74v", "shortDescription": {"text": "pillow: GHSA-7534-mm45-c74v"}, "fullDescription": {"text": "Buffer Overflow in Pillow"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf.", "shortDescription": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1069"}, "properties": {"repository": "dora-rs/dora", "repoUrl": "https://github.com/dora-rs/dora", "branch": "main"}, "results": [{"ruleId": "GHSA-gc5v-m9x4-r6x2", "level": "warning", "message": {"text": "requests: GHSA-gc5v-m9x4-r6x2"}, "properties": {"repobilityId": 105178, "scanner": "osv-scanner", "fingerprint": "b0acf0a4b47976057c86bda9591609ef3f22d9d5d15f0e937323ed463bed3d8f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25645"], "package": "requests", "rule_id": "GHSA-gc5v-m9x4-r6x2", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2026-25645|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9wx4-h78v-vm56", "level": "warning", "message": {"text": "requests: GHSA-9wx4-h78v-vm56"}, "properties": {"repobilityId": 105177, "scanner": "osv-scanner", "fingerprint": "75f81b58db6b5ff4a8451d1c9315ed09d8f3dcb381572031e1984bb170ffd96f", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-35195"], "package": "requests", "rule_id": "GHSA-9wx4-h78v-vm56", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-35195|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-9hjg-9r4m-mvj7", "level": "warning", "message": {"text": "requests: GHSA-9hjg-9r4m-mvj7"}, "properties": {"repobilityId": 105176, "scanner": "osv-scanner", "fingerprint": "39870c0423fc9f40f3aee3447a20f83d08c77d9682dc4192fe28ce8a3e689fd5", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-47081"], "package": "requests", "rule_id": "GHSA-9hjg-9r4m-mvj7", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2024-47081|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-x3rm-644h-67m8", "level": "warning", "message": {"text": "opencv-python: GHSA-x3rm-644h-67m8"}, "properties": {"repobilityId": 105174, "scanner": "osv-scanner", "fingerprint": "9c7aaf3eb187c2a4069f722161fcdc64a71425b234d9aee81b18c01efcc00c6b", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-16249"], "package": "opencv-python", "rule_id": "GHSA-x3rm-644h-67m8", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-16249|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-hxfw-jm98-v4mq", "level": "warning", "message": {"text": "opencv-python: GHSA-hxfw-jm98-v4mq"}, "properties": {"repobilityId": 105172, "scanner": "osv-scanner", "fingerprint": "2ae4a1601d0a1e170946e9b9bfd9ec0390b94977b38d30f87c2bcbf529f18844", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-15939"], "package": "opencv-python", "rule_id": "GHSA-hxfw-jm98-v4mq", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-15939|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-r73j-pqj5-w3x7", "level": "warning", "message": {"text": "pillow: GHSA-r73j-pqj5-w3x7"}, "properties": {"repobilityId": 105165, "scanner": "osv-scanner", "fingerprint": "1d13c06349a7077b52282e1c3c4687c8ead9bda11836c21d4d05c8c544414768", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42310", "CVE-2026-42310"], "package": "pillow", "rule_id": "GHSA-r73j-pqj5-w3x7", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42310|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-jgpv-4h4c-xhw3", "level": "warning", "message": {"text": "pillow: GHSA-jgpv-4h4c-xhw3"}, "properties": {"repobilityId": 105164, "scanner": "osv-scanner", "fingerprint": "ad91b8ea3230035763df7b3b859789a8726c4fac1abe3c735b2dae3abc5027dc", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "pillow", "rule_id": "GHSA-jgpv-4h4c-xhw3", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|GHSA-JGPV-4H4C-XHW3|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 105126, "scanner": "repobility-docker", "fingerprint": "203e6753754e61cf7b4d3f1517ac5ebff76d9aea4543b1dd2e5dacbd26b48226", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.12-slim", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|203e6753754e61cf7b4d3f1517ac5ebff76d9aea4543b1dd2e5dacbd26b48226"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/slim/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 105123, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 105122, "scanner": "repobility-docker", "fingerprint": "22870d37e8039929c5202a628a8ba214556ccbb60da4076d7bcb0ca8df0547df", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ros:humble", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|22870d37e8039929c5202a628a8ba214556ccbb60da4076d7bcb0ca8df0547df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ros2dev/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 105114, "scanner": "repobility-threat-engine", "fingerprint": "cd2707e8d694adaf2872408fd69854584b9cab17c97854c39456646c19c02f2d", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "except Exception:\n                        pass", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|cd2707e8d694adaf2872408fd69854584b9cab17c97854c39456646c19c02f2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_rover.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 105075, "scanner": "repobility-agent-runtime", "fingerprint": "b022f3333033a35f516203411c29e591afe8ad5e158919d982fe92f2467d469e", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b022f3333033a35f516203411c29e591afe8ad5e158919d982fe92f2467d469e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/qa/all.sh"}, "region": {"startLine": 330}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 105074, "scanner": "repobility-agent-runtime", "fingerprint": "bc49e49d48ee9bb10577176a6b75df0fb96e43e8b9f1d7b44d3161aff7db227b", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|bc49e49d48ee9bb10577176a6b75df0fb96e43e8b9f1d7b44d3161aff7db227b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/contributor-qa-cheatsheet.md"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `dora-rs` has no version pin"}, "properties": {"repobilityId": 105048, "scanner": "repobility-supply-chain", "fingerprint": "3685a99da6618913de20ddec849b6bde739b53b0c7732e656a8e9fdf514161b4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3685a99da6618913de20ddec849b6bde739b53b0c7732e656a8e9fdf514161b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cross-language/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pyarrow` has no version pin"}, "properties": {"repobilityId": 105047, "scanner": "repobility-supply-chain", "fingerprint": "e9c5b9175e72a9dc685a9b1e9195be0b40e9db01cfa7c8f7868153ea41503d8a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e9c5b9175e72a9dc685a9b1e9195be0b40e9db01cfa7c8f7868153ea41503d8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cross-language/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `dora-rs` has no version pin"}, "properties": {"repobilityId": 105046, "scanner": "repobility-supply-chain", "fingerprint": "b301fc297b74059bca2154a1031e7d124d647dbcf0265f578ce9fb46b4387d4a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b301fc297b74059bca2154a1031e7d124d647dbcf0265f578ce9fb46b4387d4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pyarrow` has no version pin"}, "properties": {"repobilityId": 105045, "scanner": "repobility-supply-chain", "fingerprint": "63f3ad4733c5ecbc7587c8230f6dae14996239758db0aac942c11a518e43cbf4", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|63f3ad4733c5ecbc7587c8230f6dae14996239758db0aac942c11a518e43cbf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `scikit-learn` has no version pin"}, "properties": {"repobilityId": 105044, "scanner": "repobility-supply-chain", "fingerprint": "45bceeb02b4e96669183907ae39169dd1518766898f58393bf7758a8f11a79c6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45bceeb02b4e96669183907ae39169dd1518766898f58393bf7758a8f11a79c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `maturin` has no version pin"}, "properties": {"repobilityId": 105043, "scanner": "repobility-supply-chain", "fingerprint": "f768ca97db43d15e0b71c4e7a77999ac9497cee2e83fa7961933f22a5b3fce8a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f768ca97db43d15e0b71c4e7a77999ac9497cee2e83fa7961933f22a5b3fce8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `torchvision` has no version pin"}, "properties": {"repobilityId": 105042, "scanner": "repobility-supply-chain", "fingerprint": "fd80b662dc03906e7201095256c7bd3cb55050495db615dae6af15484497bb47", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd80b662dc03906e7201095256c7bd3cb55050495db615dae6af15484497bb47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `torch  # see https://pytorch.org/get-started/locally (recommended)` has no version pin"}, "properties": {"repobilityId": 105041, "scanner": "repobility-supply-chain", "fingerprint": "b58ebbc8b962c5bc625be457812b2665aa0f0c5ab40c4de60e28e3abb6923704", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b58ebbc8b962c5bc625be457812b2665aa0f0c5ab40c4de60e28e3abb6923704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `psutil  # system resources` has no version pin"}, "properties": {"repobilityId": 105040, "scanner": "repobility-supply-chain", "fingerprint": "1a393d31a47a0174bd77e5fcb704a5d853a036a8c0d3843a14b71cacc9ab36e7", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a393d31a47a0174bd77e5fcb704a5d853a036a8c0d3843a14b71cacc9ab36e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `numpy<2.0.0` has no version pin"}, "properties": {"repobilityId": 105039, "scanner": "repobility-supply-chain", "fingerprint": "e3ac037238cc6d21570d07c3b045c53a5f6672fef806cab8e258c0ecb4fc2a22", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3ac037238cc6d21570d07c3b045c53a5f6672fef806cab8e258c0ecb4fc2a22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `ipython  # interactive notebook` has no version pin"}, "properties": {"repobilityId": 105038, "scanner": "repobility-supply-chain", "fingerprint": "bbbb48f0d0c0649c626845c1aef38fed8eb42008578328c9d1ce7687cf996ad1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bbbb48f0d0c0649c626845c1aef38fed8eb42008578328c9d1ce7687cf996ad1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `gitpython` has no version pin"}, "properties": {"repobilityId": 105037, "scanner": "repobility-supply-chain", "fingerprint": "148fe96e295ad417e218f3fb532b74bd0c9304ba642ce7d0b6f196106b075d20", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|148fe96e295ad417e218f3fb532b74bd0c9304ba642ce7d0b6f196106b075d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `ultralytics` has no version pin"}, "properties": {"repobilityId": 105036, "scanner": "repobility-supply-chain", "fingerprint": "6ebb592504e9995c18680e8edc392308aceec3d3ba15fec6d158c51142df7b09", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ebb592504e9995c18680e8edc392308aceec3d3ba15fec6d158c51142df7b09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `dora-rs` has no version pin"}, "properties": {"repobilityId": 105035, "scanner": "repobility-supply-chain", "fingerprint": "c815749a9c132b46cda97143b71c946dad2b17b5735f0bea86841fd5816b6bf0", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c815749a9c132b46cda97143b71c946dad2b17b5735f0bea86841fd5816b6bf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/requirements.txt"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED124", "level": "warning", "message": {"text": "requirements.txt: `pyarrow` has no version pin"}, "properties": {"repobilityId": 105034, "scanner": "repobility-supply-chain", "fingerprint": "dae3b3615913da3f31524df44db973f8115fb6b5eac41eecadd923087dfeed77", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dae3b3615913da3f31524df44db973f8115fb6b5eac41eecadd923087dfeed77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105029, "scanner": "repobility-ast-engine", "fingerprint": "8575467e7e83d7ea4156d7eb934b029a3ccac2144a10fc1b91a4ec9e2905c465", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8575467e7e83d7ea4156d7eb934b029a3ccac2144a10fc1b91a4ec9e2905c465"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/scripts/forward_to_qgc.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105028, "scanner": "repobility-ast-engine", "fingerprint": "8b0c22b4eb76c4a4f1531d643c78182c649de3d778f3bb32fc31e9ae8715dfb8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8b0c22b4eb76c4a4f1531d643c78182c649de3d778f3bb32fc31e9ae8715dfb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-drain/receive_data.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105027, "scanner": "repobility-ast-engine", "fingerprint": "5bf1ae1b550cce1b6b9a9cbb372ea49cdf9fe0d2940afc2355a64d4fc17629f5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5bf1ae1b550cce1b6b9a9cbb372ea49cdf9fe0d2940afc2355a64d4fc17629f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/llm_op.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105026, "scanner": "repobility-ast-engine", "fingerprint": "55e859c64bf4236d428765dca6888e0a12d3b08d00aa975ee38b4fa71dbe0afe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55e859c64bf4236d428765dca6888e0a12d3b08d00aa975ee38b4fa71dbe0afe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-zero-copy-send/test_contract.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105025, "scanner": "repobility-ast-engine", "fingerprint": "f31c40ab2dc1d094d7c4b6558a78cd8753e96b8610c22c7aec3637cb61c4bb61", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f31c40ab2dc1d094d7c4b6558a78cd8753e96b8610c22c7aec3637cb61c4bb61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-zero-copy-send/test_contract.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105024, "scanner": "repobility-ast-engine", "fingerprint": "1e15bbe740d5653ae9b31280283ff7c136e3ac583c8ce2be489450f4bbc4e714", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e15bbe740d5653ae9b31280283ff7c136e3ac583c8ce2be489450f4bbc4e714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_rover.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 105023, "scanner": "repobility-ast-engine", "fingerprint": "22d30197b5a20246afe3dd392fa6dbc14884de6e821b562bff977e1ab17a9c92", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22d30197b5a20246afe3dd392fa6dbc14884de6e821b562bff977e1ab17a9c92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "GHSA-g7vv-2v7x-gj9p", "level": "note", "message": {"text": "tqdm: GHSA-g7vv-2v7x-gj9p"}, "properties": {"repobilityId": 105181, "scanner": "osv-scanner", "fingerprint": "d2c124ccb10d83dc84f4195ab036e2e37eed4978d985e736925ef9a436d8ac22", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2024-34062"], "package": "tqdm", "rule_id": "GHSA-g7vv-2v7x-gj9p", "scanner": "osv-scanner", "correlation_key": "vuln|tqdm|CVE-2024-34062|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4fx9-vc88-q2xc", "level": "note", "message": {"text": "pillow: GHSA-4fx9-vc88-q2xc"}, "properties": {"repobilityId": 105162, "scanner": "osv-scanner", "fingerprint": "8f6f923db671929aa8d6d73b61977e5a88a54818fb0b3c86bea44acc93bbd040", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "pillow", "rule_id": "GHSA-4fx9-vc88-q2xc", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|GHSA-4FX9-VC88-Q2XC|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 105124, "scanner": "repobility-docker", "fingerprint": "434b1a91775467cf1582bcbc2f1e7b6a40cd76315c0c871233c926c1f01ac102", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|434b1a91775467cf1582bcbc2f1e7b6a40cd76315c0c871233c926c1f01ac102"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/slim/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 105121, "scanner": "repobility-docker", "fingerprint": "591e6c35a18c62a58a997b88b8b68526f6372175b81fe79bc88348a5dff5c004", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|591e6c35a18c62a58a997b88b8b68526f6372175b81fe79bc88348a5dff5c004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ros2dev/Dockerfile"}, "region": {"startLine": 44}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 13 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, elif=1, for=1, if=4, nested_bonus=6."}, "properties": {"repobilityId": 105099, "scanner": "repobility-threat-engine", "fingerprint": "3fecee61ca7d790d7c4d8ceb8e1b11db52562140656eab6ca62b70243ced2db6", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 13 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "for": 1, "elif": 1, "break": 1, "nested_bonus": 6}, "complexity": 13, "correlation_key": "fp|3fecee61ca7d790d7c4d8ceb8e1b11db52562140656eab6ca62b70243ced2db6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cross-language/python_receiver.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, for=1, if=2, nested_bonus=5."}, "properties": {"repobilityId": 105098, "scanner": "repobility-threat-engine", "fingerprint": "d92d4577ebd9f23f3c419b5210fd4a77780cc774e73d9853a688baa685d311d1", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "for": 1, "elif": 1, "nested_bonus": 5}, "complexity": 9, "correlation_key": "fp|d92d4577ebd9f23f3c419b5210fd4a77780cc774e73d9853a688baa685d311d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/cli/src/template/python/__node-name__/__node_name__/main.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `add_input` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=6, nested_bonus=2, or=1, ternary=1."}, "properties": {"repobilityId": 105097, "scanner": "repobility-threat-engine", "fingerprint": "96ea2f3c52b1e609731cc4e95d33c06c9edfe14d13da7ab53b029623fefbe1a2", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "add_input", "breakdown": {"if": 6, "or": 1, "else": 1, "ternary": 1, "nested_bonus": 2}, "complexity": 11, "correlation_key": "fp|96ea2f3c52b1e609731cc4e95d33c06c9edfe14d13da7ab53b029623fefbe1a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/builder.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104996, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b478ad3c5d19d4645a985b13e576ea2139153fd68846515158457581f28af9c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/fault_tolerance/event_log_observer_node/src/main.rs", "duplicate_line": 1, "correlation_key": "fp|b478ad3c5d19d4645a985b13e576ea2139153fd68846515158457581f28af9c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fault_tolerance/input_closed_observer_node/src/main.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104995, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af4f3a4c091df1b5cc770189e616ef9ad8596cbfba6d7615232fca3fe26608c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/message/src/daemon_to_coordinator.rs", "duplicate_line": 30, "correlation_key": "fp|af4f3a4c091df1b5cc770189e616ef9ad8596cbfba6d7615232fca3fe26608c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/message/src/node_to_daemon.rs"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104994, "scanner": "repobility-ai-code-hygiene", "fingerprint": "639ed23b853798268457ba01004d8e947b6d1efc9b178a6373e1b7621e16ba00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/extensions/ros2-bridge/msg-gen/src/types/action.rs", "duplicate_line": 474, "correlation_key": "fp|639ed23b853798268457ba01004d8e947b6d1efc9b178a6373e1b7621e16ba00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/msg-gen/src/types/service.rs"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104993, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23db860440ed9718ad95c943c2577a2ce13b66dd16f4fc1242dd01e7e1b1b22e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/build.rs", "duplicate_line": 149, "correlation_key": "fp|23db860440ed9718ad95c943c2577a2ce13b66dd16f4fc1242dd01e7e1b1b22e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/msg-gen/build.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104992, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a8e2546d469be013ded5a2ee446092ed13418b935d2f6060acf52573c22e603", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/build.rs", "duplicate_line": 146, "correlation_key": "fp|8a8e2546d469be013ded5a2ee446092ed13418b935d2f6060acf52573c22e603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/build.rs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104991, "scanner": "repobility-ai-code-hygiene", "fingerprint": "10efe32f168bfdd6267fceb26636d30a8d7ae64eb93a5771335e688d66894f6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/extensions/ros2-bridge/arrow/src/serialize/array.rs", "duplicate_line": 19, "correlation_key": "fp|10efe32f168bfdd6267fceb26636d30a8d7ae64eb93a5771335e688d66894f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/arrow/src/serialize/sequence.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104990, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6683d2656a376d58dd8939823046acca6cfd9f0f85872927c28ae00f11e102d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/extensions/ros2-bridge/arrow/src/deserialize/mod.rs", "duplicate_line": 25, "correlation_key": "fp|6683d2656a376d58dd8939823046acca6cfd9f0f85872927c28ae00f11e102d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/arrow/src/serialize/mod.rs"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104989, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d569fbacc863b94e8fb714bda146726e6f738788cb29ac553f6dff351672f6a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/coordinator-store/src/in_memory.rs", "duplicate_line": 277, "correlation_key": "fp|d569fbacc863b94e8fb714bda146726e6f738788cb29ac553f6dff351672f6a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/coordinator-store/src/redb_store.rs"}, "region": {"startLine": 641}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104988, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6856665025da6b5c294cdf736ff0f951699a9a815aa1fc2d2c7a11b6ce66874", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "libraries/arrow-convert/src/from_impls.rs", "duplicate_line": 75, "correlation_key": "fp|c6856665025da6b5c294cdf736ff0f951699a9a815aa1fc2d2c7a11b6ce66874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/arrow-convert/src/into_impls.rs"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104987, "scanner": "repobility-ai-code-hygiene", "fingerprint": "549ec2e05b18b87c74ecdb215f18f8fdc77adf69dbf6a98979328277fddc07d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "binaries/runtime/src/operator/python.rs", "duplicate_line": 226, "correlation_key": "fp|549ec2e05b18b87c74ecdb215f18f8fdc77adf69dbf6a98979328277fddc07d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/runtime/src/operator/shared_lib.rs"}, "region": {"startLine": 70}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104986, "scanner": "repobility-ai-code-hygiene", "fingerprint": "068504f4a6f81a6cec647c79736286b808275abfde1a2925e8d9b311a1e626cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/rust/node/src/daemon_connection/tcp.rs", "duplicate_line": 85, "correlation_key": "fp|068504f4a6f81a6cec647c79736286b808275abfde1a2925e8d9b311a1e626cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/daemon/src/socket_stream_utils.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104985, "scanner": "repobility-ai-code-hygiene", "fingerprint": "af996f790f471b54ff8437c547eba12514e241877b183984a7ea2a1486a65cc2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "binaries/daemon/src/local_listener.rs", "duplicate_line": 124, "correlation_key": "fp|af996f790f471b54ff8437c547eba12514e241877b183984a7ea2a1486a65cc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/daemon/src/node_communication/tcp.rs"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104984, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1495a73fe8a6cd613e6256c8205f52cc90e5164ee8674a9bea9f03c9f5142bd2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "binaries/coordinator/src/ws_daemon.rs", "duplicate_line": 26, "correlation_key": "fp|1495a73fe8a6cd613e6256c8205f52cc90e5164ee8674a9bea9f03c9f5142bd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/daemon/src/coordinator.rs"}, "region": {"startLine": 163}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104983, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d80426d41424b00730e9f8568621b35e40efebe23465b50a2c93005aed518208", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/rust/node/src/node/arrow_utils.rs", "duplicate_line": 133, "correlation_key": "fp|d80426d41424b00730e9f8568621b35e40efebe23465b50a2c93005aed518208"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/cli/src/command/topic/echo.rs"}, "region": {"startLine": 223}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104982, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6adb0e79c55b69b2c5fe1f0ab9baef48c1ca5ddf2f4686417ee613b536f3c577", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/python/operator/src/lib.rs", "duplicate_line": 60, "correlation_key": "fp|6adb0e79c55b69b2c5fe1f0ab9baef48c1ca5ddf2f4686417ee613b536f3c577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/rust/node/src/event_stream/merged.rs"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104981, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f238f53c2d607d6e6677a64aaf59a3f92314e21128ff5a7eac6f02af9e63f35", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/rust/node/src/daemon_connection/interactive.rs", "duplicate_line": 65, "correlation_key": "fp|3f238f53c2d607d6e6677a64aaf59a3f92314e21128ff5a7eac6f02af9e63f35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/rust/node/src/daemon_connection/node_integration_testing.rs"}, "region": {"startLine": 112}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104980, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27676c68aef312f32ec5dc48f82ebacc10d48321d06aeeb802ab843201377d11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/python/cli/src/lib.rs", "duplicate_line": 3, "correlation_key": "fp|27676c68aef312f32ec5dc48f82ebacc10d48321d06aeeb802ab843201377d11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/src/lib.rs"}, "region": {"startLine": 502}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104979, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8555ad7f88876de5dc6ffefa8f9b1d0d6db6d56eb3417f09e218f5dba822df28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/build.rs", "duplicate_line": 61, "correlation_key": "fp|8555ad7f88876de5dc6ffefa8f9b1d0d6db6d56eb3417f09e218f5dba822df28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c/operator/build.rs"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104978, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc8ab7f4c1110d0f982b6813b4868eec54b5a27d7407b4d38134a04b1efe60be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c/node/build.rs", "duplicate_line": 19, "correlation_key": "fp|bc8ab7f4c1110d0f982b6813b4868eec54b5a27d7407b4d38134a04b1efe60be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c/operator/build.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104977, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5959f21a17dad733ccb4f83d31e3eaa837d207c07eeba1707f07d4b225e5bab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/src/lib.rs", "duplicate_line": 801, "correlation_key": "fp|c5959f21a17dad733ccb4f83d31e3eaa837d207c07eeba1707f07d4b225e5bab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c/node/src/lib.rs"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104976, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1176612eb8bfeb4b48b6bb72960bbc2ac5d49ac2d2c81a4fa8a504a6ae4cb5ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/build.rs", "duplicate_line": 61, "correlation_key": "fp|1176612eb8bfeb4b48b6bb72960bbc2ac5d49ac2d2c81a4fa8a504a6ae4cb5ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c/node/build.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 104975, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcf6794d5101db5b405617d4c02cf6b889862059c147ef4994e52e9c4007e955", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apis/c++/node/build.rs", "duplicate_line": 45, "correlation_key": "fp|bcf6794d5101db5b405617d4c02cf6b889862059c147ef4994e52e9c4007e955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/operator/build.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 105118, "scanner": "repobility-threat-engine", "fingerprint": "a64f767c75ed1e8d7222fbaf4b04f4c374aeeb39928c31eae0cc67725f5509d9", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|103|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/ros2-bridge/python/src/typed/mod.rs"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 105113, "scanner": "repobility-threat-engine", "fingerprint": "061bde27cb2201e9b46c13f570bb143faa9233d538cd6968728ac36e1f444de6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|061bde27cb2201e9b46c13f570bb143faa9233d538cd6968728ac36e1f444de6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 105106, "scanner": "repobility-threat-engine", "fingerprint": "47dfff8e55d48241f02d2a4fae23960439c1bf165a6bd752caf8ded6badef537", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|47dfff8e55d48241f02d2a4fae23960439c1bf165a6bd752caf8ded6badef537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/c-dataflow/operator.c"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 105105, "scanner": "repobility-threat-engine", "fingerprint": "2ccd5c3789260fbfdff84ebd9003627401899773547ca03771fa363dc9680094", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ccd5c3789260fbfdff84ebd9003627401899773547ca03771fa363dc9680094"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/cli/src/template/c/operator/operator-template.c"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 105104, "scanner": "repobility-threat-engine", "fingerprint": "e6e87df05fa0fe570cd92b1a7e92f3113b03e16ac77fd1b3eef7e9c7e390350d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e6e87df05fa0fe570cd92b1a7e92f3113b03e16ac77fd1b3eef7e9c7e390350d", "aggregated_count": 12}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 105103, "scanner": "repobility-threat-engine", "fingerprint": "55a36964877ba873f579a762028df48455c1879022fbd4c4422b8a90759e0f47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|55a36964877ba873f579a762028df48455c1879022fbd4c4422b8a90759e0f47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/rust/operator/types/src/lib.rs"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 105102, "scanner": "repobility-threat-engine", "fingerprint": "1238f9c067ffcd4af00f4cd85aa9c0c06e481dcf4681e0221d9a0446fa172362", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1238f9c067ffcd4af00f4cd85aa9c0c06e481dcf4681e0221d9a0446fa172362"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/rust/operator/src/raw.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 105101, "scanner": "repobility-threat-engine", "fingerprint": "94887605fbf9f24dade17a55a97bdcf9322590ff1a25567c52a8a3ccda3ab0fe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94887605fbf9f24dade17a55a97bdcf9322590ff1a25567c52a8a3ccda3ab0fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/rust/node/src/event_stream/data_conversion.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 42 more): Same pattern found in 42 additional files. Review if needed."}, "properties": {"repobilityId": 105100, "scanner": "repobility-threat-engine", "fingerprint": "609d442b6ee8f7794590b53c136dd2382ce30eb7f3f4ac25005f93728dca1833", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 42 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "add_input", "breakdown": {"if": 6, "or": 1, "else": 1, "ternary": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 11, "correlation_key": "fp|609d442b6ee8f7794590b53c136dd2382ce30eb7f3f4ac25005f93728dca1833", "aggregated_count": 42}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 105096, "scanner": "repobility-threat-engine", "fingerprint": "85ec3eccaf0bfe128928923e456de1000685456afb92090ca169094b7c5ae089", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85ec3eccaf0bfe128928923e456de1000685456afb92090ca169094b7c5ae089"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/__init__.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 105095, "scanner": "repobility-threat-engine", "fingerprint": "a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a28cbeac28128be054c3f8e1a83589ca9ebddaa29ed78b582b0c2183d021e21c", "aggregated_count": 4}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105094, "scanner": "repobility-threat-engine", "fingerprint": "c4aa103ebc05429ae90d3eb9f8eed7170da0ec8b56da9719aec5343794c4e535", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c4aa103ebc05429ae90d3eb9f8eed7170da0ec8b56da9719aec5343794c4e535"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/cuda.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105093, "scanner": "repobility-threat-engine", "fingerprint": "bc8dfd2110ef9a0e9375f9449d2ae7f6e8c2dcf5d8e9e03b3a617bb2c2582cd3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bc8dfd2110ef9a0e9375f9449d2ae7f6e8c2dcf5d8e9e03b3a617bb2c2582cd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/builder.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 105092, "scanner": "repobility-threat-engine", "fingerprint": "e641f48621f92cd05e6643fa42d1f5a556732e523f0ba68870e847f614f65caf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e641f48621f92cd05e6643fa42d1f5a556732e523f0ba68870e847f614f65caf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/__init__.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 105091, "scanner": "repobility-threat-engine", "fingerprint": "3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3ed4a11ec48650075e843160edf55362aa121897a652d0286a1dc826dd94d954", "aggregated_count": 1}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 105087, "scanner": "repobility-threat-engine", "fingerprint": "b1899ad9a25e479f08b044c714484673af97b97db31ba68b3b42a9328e60eab3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b1899ad9a25e479f08b044c714484673af97b97db31ba68b3b42a9328e60eab3", "aggregated_count": 5}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 105086, "scanner": "repobility-threat-engine", "fingerprint": "d224ed48ed22f3614eb5e9861fdb54be4498cbf12765a3c96bedabe1134b160c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d224ed48ed22f3614eb5e9861fdb54be4498cbf12765a3c96bedabe1134b160c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/rust-dataflow/status-node/src/main.rs"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 105085, "scanner": "repobility-threat-engine", "fingerprint": "b126210bae7c325f7f4e36ce845ab74cb46b3c6092011e540a0e33c74e34ce9b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b126210bae7c325f7f4e36ce845ab74cb46b3c6092011e540a0e33c74e34ce9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/rust-dataflow/node/src/tests.rs"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 105084, "scanner": "repobility-threat-engine", "fingerprint": "7d5454677e26cc6c2541b0233215a7f79105d6392990844d610c9b84b8b1fb91", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d5454677e26cc6c2541b0233215a7f79105d6392990844d610c9b84b8b1fb91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/node/build.rs"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 105083, "scanner": "repobility-threat-engine", "fingerprint": "b17f1ec465193ef7ce8066123d319303f0c2f0f6555fca5f49c1f6e6239078c9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b17f1ec465193ef7ce8066123d319303f0c2f0f6555fca5f49c1f6e6239078c9", "aggregated_count": 15}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 105082, "scanner": "repobility-threat-engine", "fingerprint": "e0a2819e113d3cb1f48ae22cfb585243669ec411133682e6d831916b18405b30", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e0a2819e113d3cb1f48ae22cfb585243669ec411133682e6d831916b18405b30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c/node/build.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 105081, "scanner": "repobility-threat-engine", "fingerprint": "cb4590457149fba4b7b29e85fc9a78226ac88061b2a8ff11089533383f82c43d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb4590457149fba4b7b29e85fc9a78226ac88061b2a8ff11089533383f82c43d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/operator/build.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 105080, "scanner": "repobility-threat-engine", "fingerprint": "da2c1783a73cf748ae70f39ed35f4628290d69b4f0152522e99c02d76d803e09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|da2c1783a73cf748ae70f39ed35f4628290d69b4f0152522e99c02d76d803e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/node/build.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 90 more): Same pattern found in 90 additional files. Review if needed."}, "properties": {"repobilityId": 105079, "scanner": "repobility-threat-engine", "fingerprint": "9e15132073150e0ab803957264c9c8927cba2e195a5ca8e438e3be5d76392d65", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 90 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9e15132073150e0ab803957264c9c8927cba2e195a5ca8e438e3be5d76392d65", "aggregated_count": 90}}}, {"ruleId": "PYSEC-2023-114", "level": "error", "message": {"text": "scipy: PYSEC-2023-114"}, "properties": {"repobilityId": 105180, "scanner": "osv-scanner", "fingerprint": "92b97f23abd91c0c6ced12aef3f8354e294870ad44f2d196184a22f2c0790dcb", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-29824"], "package": "scipy", "rule_id": "PYSEC-2023-114", "scanner": "osv-scanner", "correlation_key": "vuln|scipy|CVE-2023-29824|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-102", "level": "error", "message": {"text": "scipy: PYSEC-2023-102"}, "properties": {"repobilityId": 105179, "scanner": "osv-scanner", "fingerprint": "fb17433e635f4dd490efce7e7703e4d698d158203a0eaa1047ccdcaae648e68c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2023-25399"], "package": "scipy", "rule_id": "PYSEC-2023-102", "scanner": "osv-scanner", "correlation_key": "vuln|scipy|CVE-2023-25399|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-74", "level": "error", "message": {"text": "requests: PYSEC-2023-74"}, "properties": {"repobilityId": 105175, "scanner": "osv-scanner", "fingerprint": "65077625d38e751767abf21d8813d0d7c76d3893207370687889e7868343422d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2023-32681", "GHSA-j8r2-6x86-q33q"], "package": "requests", "rule_id": "PYSEC-2023-74", "scanner": "osv-scanner", "correlation_key": "vuln|requests|CVE-2023-32681|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j8r2-6x86-q33q", "PYSEC-2023-74"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["29b201c13860854310e3689b7bcefd2759efe82cb9252af55cf43bcb7af2d33d", "65077625d38e751767abf21d8813d0d7c76d3893207370687889e7868343422d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-q799-q27x-vp7w", "level": "error", "message": {"text": "opencv-python: GHSA-q799-q27x-vp7w"}, "properties": {"repobilityId": 105173, "scanner": "osv-scanner", "fingerprint": "bc461396f89e309819e1a26a1d58f914b3f5c7fd295e3b323bc2f541e6e6f72a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-5064"], "package": "opencv-python", "rule_id": "GHSA-q799-q27x-vp7w", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-5064|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fw99-f933-rgh8", "level": "error", "message": {"text": "opencv-python: GHSA-fw99-f933-rgh8"}, "properties": {"repobilityId": 105171, "scanner": "osv-scanner", "fingerprint": "6e099ff6d378c1a42afc2c1f387cc1c3ec100b44929600878bef5f60f24614c7", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-14492"], "package": "opencv-python", "rule_id": "GHSA-fw99-f933-rgh8", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-14492|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-fm39-cw8h-3p63", "level": "error", "message": {"text": "opencv-python: GHSA-fm39-cw8h-3p63"}, "properties": {"repobilityId": 105170, "scanner": "osv-scanner", "fingerprint": "84e3ea5749197d0cb09c225eccb6440b7f8184205e8f9bb7abb805fa06d7bb1b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-14491"], "package": "opencv-python", "rule_id": "GHSA-fm39-cw8h-3p63", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-14491|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8849-5h85-98qw", "level": "error", "message": {"text": "opencv-python: GHSA-8849-5h85-98qw"}, "properties": {"repobilityId": 105169, "scanner": "osv-scanner", "fingerprint": "849e3516389b1118684330c0ecfa37083bf0600da3718cbc0ceb8f795660f1e6", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-9423"], "package": "opencv-python", "rule_id": "GHSA-8849-5h85-98qw", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-9423|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3448-vrgh-85xr", "level": "error", "message": {"text": "opencv-python: GHSA-3448-vrgh-85xr"}, "properties": {"repobilityId": 105168, "scanner": "osv-scanner", "fingerprint": "88131cc9388350678066cc88cc64934ee14b1b57dfc97bf366577823043f1d4b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2019-14493"], "package": "opencv-python", "rule_id": "GHSA-3448-vrgh-85xr", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2019-14493|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-183", "level": "error", "message": {"text": "opencv-python: PYSEC-2023-183"}, "properties": {"repobilityId": 105167, "scanner": "osv-scanner", "fingerprint": "48a6013028bb1a874e87e46202b0b9b486589e9d6c1b9416770982089d2f0d0d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "package": "opencv-python", "rule_id": "PYSEC-2023-183", "scanner": "osv-scanner", "correlation_key": "vuln|opencv-python|CVE-2023-4863|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-qr4w-53vh-m672", "PYSEC-2023-183"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["48a6013028bb1a874e87e46202b0b9b486589e9d6c1b9416770982089d2f0d0d", "af62d54fb3da68f2b8e2fe9268c0af09afdb9096e91757bb836870e06ab404b7"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-44wm-f244-xhp3", "level": "error", "message": {"text": "pillow: GHSA-44wm-f244-xhp3"}, "properties": {"repobilityId": 105161, "scanner": "osv-scanner", "fingerprint": "b24d134ab06eeeed56d53004beeaf6b0287b3d3c8e940f064fda181f04c3f11b", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2024-28219", "CVE-2024-28219"], "package": "pillow", "rule_id": "GHSA-44wm-f244-xhp3", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2024-28219|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-165", "level": "error", "message": {"text": "pillow: PYSEC-2026-165"}, "properties": {"repobilityId": 105159, "scanner": "osv-scanner", "fingerprint": "63445480831e1646d5c89b19ef2637a3100a04e8e0b0240280fcc86c3b441045", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2026-42308", "CVE-2026-42308", "GHSA-wjx4-4jcj-g98j"], "package": "pillow", "rule_id": "PYSEC-2026-165", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2026-42308|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-wjx4-4jcj-g98j", "PYSEC-2026-165"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["474df18ed64b2ca271c1ecaa9f24013ee87caab0afe43b2c1406cdf5a80ef934", "63445480831e1646d5c89b19ef2637a3100a04e8e0b0240280fcc86c3b441045"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-227", "level": "error", "message": {"text": "pillow: PYSEC-2023-227"}, "properties": {"repobilityId": 105158, "scanner": "osv-scanner", "fingerprint": "2fe55cca42047c230a48cc355135c7e16ec1ab4db9b9ac0477b724dc8827b718", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2023-44271", "CVE-2023-44271", "GHSA-8ghj-p4vj-mr35"], "package": "pillow", "rule_id": "PYSEC-2023-227", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2023-44271|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8ghj-p4vj-mr35", "PYSEC-2023-227"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2fe55cca42047c230a48cc355135c7e16ec1ab4db9b9ac0477b724dc8827b718", "f9f020f8bdd51441920dc18505b13db88d112af79baf701468166cdaa3ed842d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2023-175", "level": "error", "message": {"text": "pillow: PYSEC-2023-175"}, "properties": {"repobilityId": 105157, "scanner": "osv-scanner", "fingerprint": "4c776cd5dcb7d354c9db4b4aebb86b8846b3b8188905d8330377f78b508b3a26", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "package": "pillow", "rule_id": "PYSEC-2023-175", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2023-4863|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-j7hp-h8jx-5ppr", "PYSEC-2023-175"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4c776cd5dcb7d354c9db4b4aebb86b8846b3b8188905d8330377f78b508b3a26", "d0345b7f6ea61ade6a016388ecd81cf0518c6c8a499ab9e06464ff254c5bd87a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-9", "level": "error", "message": {"text": "pillow: PYSEC-2022-9"}, "properties": {"repobilityId": 105156, "scanner": "osv-scanner", "fingerprint": "2d17a0e3072d7212429ee3dde08e16d59a54de5a6cab7af5b8a7efc1185ce46c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2022-22816", "CVE-2022-22816", "GHSA-xrcv-f9gm-v42c"], "package": "pillow", "rule_id": "PYSEC-2022-9", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2022-22816|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-xrcv-f9gm-v42c", "PYSEC-2022-9"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2d17a0e3072d7212429ee3dde08e16d59a54de5a6cab7af5b8a7efc1185ce46c", "c0ffb8d47e191c51f80fb319e3485446719629a8a95861589469500123140760"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-8", "level": "error", "message": {"text": "pillow: PYSEC-2022-8"}, "properties": {"repobilityId": 105155, "scanner": "osv-scanner", "fingerprint": "59bb0d0ac4334c211fb2372f7b37f4b70a549fe9786984b80462a98e28226aff", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2022-22815", "CVE-2022-22815", "GHSA-pw3c-h7wp-cvhx"], "package": "pillow", "rule_id": "PYSEC-2022-8", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2022-22815|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-pw3c-h7wp-cvhx", "PYSEC-2022-8"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["59bb0d0ac4334c211fb2372f7b37f4b70a549fe9786984b80462a98e28226aff", "81da3313a9a632f5438323af00f90c21553cdc02521ef10d9ceb3996c211a283"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-42979", "level": "error", "message": {"text": "pillow: PYSEC-2022-42979"}, "properties": {"repobilityId": 105154, "scanner": "osv-scanner", "fingerprint": "1b6ba1d195f9fb45f7c07f92333ad74c1067dd9d3e33fc39d66b15751d05855d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2022-45198", "CVE-2022-45198", "GHSA-m2vv-5vj5-2hm7"], "package": "pillow", "rule_id": "PYSEC-2022-42979", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2022-45198|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-m2vv-5vj5-2hm7", "PYSEC-2022-42979"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1b6ba1d195f9fb45f7c07f92333ad74c1067dd9d3e33fc39d66b15751d05855d", "b04b890d135bf37b13737de9246efbf4ba72b40a116d6794ef82be783036eeff"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2022-168", "level": "error", "message": {"text": "pillow: PYSEC-2022-168"}, "properties": {"repobilityId": 105153, "scanner": "osv-scanner", "fingerprint": "e4d597aa0170bb1baedb8a3cf20bf7f2af68535212029e79e6fa411549bc916d", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2022-24303", "CVE-2022-24303", "GHSA-9j59-75qj-795w"], "package": "pillow", "rule_id": "PYSEC-2022-168", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2022-24303|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-9j59-75qj-795w", "PYSEC-2022-168"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["689b2950ebac04be231b981bb043a6e4ebcaed4a0ef1e1572797abda4119d427", "e4d597aa0170bb1baedb8a3cf20bf7f2af68535212029e79e6fa411549bc916d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-94", "level": "error", "message": {"text": "pillow: PYSEC-2021-94"}, "properties": {"repobilityId": 105151, "scanner": "osv-scanner", "fingerprint": "8f1dfa0e780ad9dd5fc5b5e7eb35de754238930b3894f4044ff603bafaaa3399", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-28678", "CVE-2021-28678", "GHSA-hjfx-8p6c-g7gx"], "package": "pillow", "rule_id": "PYSEC-2021-94", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-28678|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hjfx-8p6c-g7gx", "PYSEC-2021-94"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["8f1dfa0e780ad9dd5fc5b5e7eb35de754238930b3894f4044ff603bafaaa3399", "91e08543db827771110090593754302f780a6f96e7053723d37a4646d8e5ef3d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-93", "level": "error", "message": {"text": "pillow: PYSEC-2021-93"}, "properties": {"repobilityId": 105150, "scanner": "osv-scanner", "fingerprint": "d94efcb6905f490c6b6296372e99a29e00597d42fece96b264e06e12a6331581", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-28677", "CVE-2021-28677", "GHSA-q5hq-fp76-qmrc"], "package": "pillow", "rule_id": "PYSEC-2021-93", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-28677|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-q5hq-fp76-qmrc", "PYSEC-2021-93"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3cbc1eac3e26b83c6a99238840578f83e74ba8ed82c5fca71e44b3572de9b3bd", "d94efcb6905f490c6b6296372e99a29e00597d42fece96b264e06e12a6331581"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-92", "level": "error", "message": {"text": "pillow: PYSEC-2021-92"}, "properties": {"repobilityId": 105149, "scanner": "osv-scanner", "fingerprint": "49df06fa9c3c68d74e77afa7438797da8085c46a2db0060f41d9760c3746ad79", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-28676", "CVE-2021-28676", "GHSA-7r7m-5h27-29hp"], "package": "pillow", "rule_id": "PYSEC-2021-92", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-28676|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-7r7m-5h27-29hp", "PYSEC-2021-92"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["02664865838bec5ccae95ac663d298c54f85d80173c343eabfb7aaa3c515f044", "49df06fa9c3c68d74e77afa7438797da8085c46a2db0060f41d9760c3746ad79"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-71", "level": "error", "message": {"text": "pillow: PYSEC-2021-71"}, "properties": {"repobilityId": 105148, "scanner": "osv-scanner", "fingerprint": "44b71c7421e51f97e41fc63beca2712948950e13ef8f31abaf412613d23ba3b0", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2020-35655", "CVE-2020-35655", "GHSA-hf64-x4gq-p99h"], "package": "pillow", "rule_id": "PYSEC-2021-71", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2020-35655|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-hf64-x4gq-p99h", "PYSEC-2021-71"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["44b71c7421e51f97e41fc63beca2712948950e13ef8f31abaf412613d23ba3b0", "90e5231d41aa7a0d388735d4689cc53117b9beb12ed9c075f86c6eb85342fda4"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-69", "level": "error", "message": {"text": "pillow: PYSEC-2021-69"}, "properties": {"repobilityId": 105147, "scanner": "osv-scanner", "fingerprint": "f18c3f4e831685529568194710db3eb644f1d0fac5cda418471e05f9c93bf59a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2020-35653", "CVE-2020-35653", "GHSA-f5g8-5qq7-938w"], "package": "pillow", "rule_id": "PYSEC-2021-69", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2020-35653|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f5g8-5qq7-938w", "PYSEC-2021-69"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["27ef3be15cd1c067499cab0c679665f8be831a55c80b788d8a2ff5614aa0af91", "f18c3f4e831685529568194710db3eb644f1d0fac5cda418471e05f9c93bf59a"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-42", "level": "error", "message": {"text": "pillow: PYSEC-2021-42"}, "properties": {"repobilityId": 105146, "scanner": "osv-scanner", "fingerprint": "0334339a3b657070b1a7188283afb923d4782b847c7ffba94eefc5b491cd2d9e", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-27923", "CVE-2021-27923", "GHSA-95q3-8gr9-gm8w"], "package": "pillow", "rule_id": "PYSEC-2021-42", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-27923|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-95q3-8gr9-gm8w", "PYSEC-2021-42"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0334339a3b657070b1a7188283afb923d4782b847c7ffba94eefc5b491cd2d9e", "94fc96d32b60fb47aad8e540d8bae0157adcedb7f1a454762207791101663f33"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-41", "level": "error", "message": {"text": "pillow: PYSEC-2021-41"}, "properties": {"repobilityId": 105145, "scanner": "osv-scanner", "fingerprint": "2e25bfd50aa5a7408249fc0294dec9b3466cc92edef4689d4de82249c8c3ea00", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-27922", "CVE-2021-27922", "GHSA-3wvg-mj6g-m9cv"], "package": "pillow", "rule_id": "PYSEC-2021-41", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-27922|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-3wvg-mj6g-m9cv", "PYSEC-2021-41"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2e25bfd50aa5a7408249fc0294dec9b3466cc92edef4689d4de82249c8c3ea00", "9bb44a0af325b205a2530d5c86d1676f81145c929b3373fef466124e4d0de5c5"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-40", "level": "error", "message": {"text": "pillow: PYSEC-2021-40"}, "properties": {"repobilityId": 105144, "scanner": "osv-scanner", "fingerprint": "c4240e82ba51958d4348f71528940d5dac246bed290c8395e08d55a064d5e3b8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-27921", "CVE-2021-27921", "GHSA-f4w8-cv6p-x6r5"], "package": "pillow", "rule_id": "PYSEC-2021-40", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-27921|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-f4w8-cv6p-x6r5", "PYSEC-2021-40"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["001b8d56d3cbd6feb4dc84cbe32ce66590f651809435f3e4728e9073360f6868", "c4240e82ba51958d4348f71528940d5dac246bed290c8395e08d55a064d5e3b8"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-39", "level": "error", "message": {"text": "pillow: PYSEC-2021-39"}, "properties": {"repobilityId": 105143, "scanner": "osv-scanner", "fingerprint": "7dda6b6cb0eb08fc2755dbe8884c01dcc5b98234ca964875f6376cdcd5f5e82f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25293", "CVE-2021-25293", "GHSA-p43w-g3c5-g5mq"], "package": "pillow", "rule_id": "PYSEC-2021-39", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25293|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-p43w-g3c5-g5mq", "PYSEC-2021-39"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["7db9a4123690b3776bfbec150125c9c717ad419df7419ae60849fce4be2ec49e", "7dda6b6cb0eb08fc2755dbe8884c01dcc5b98234ca964875f6376cdcd5f5e82f"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-38", "level": "error", "message": {"text": "pillow: PYSEC-2021-38"}, "properties": {"repobilityId": 105142, "scanner": "osv-scanner", "fingerprint": "8fff4854b06d718e6b6a6879f2ecec2f747ce8b11d7f4921ec5dd5a4aa3f0884", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25292", "CVE-2021-25292", "GHSA-9hx2-hgq2-2g4f"], "package": "pillow", "rule_id": "PYSEC-2021-38", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25292|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-9hx2-hgq2-2g4f", "PYSEC-2021-38"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["0c12869b4b5c7799425f5d78af6a68e1a03f19ba337c09d7e06170b64507cae9", "8fff4854b06d718e6b6a6879f2ecec2f747ce8b11d7f4921ec5dd5a4aa3f0884"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-37", "level": "error", "message": {"text": "pillow: PYSEC-2021-37"}, "properties": {"repobilityId": 105141, "scanner": "osv-scanner", "fingerprint": "18e9bcd322216deb03286d1a01402921429b3140806b0d307f05eaa10141fba9", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25291", "CVE-2021-25291", "GHSA-mvg9-xffr-p774"], "package": "pillow", "rule_id": "PYSEC-2021-37", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25291|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-mvg9-xffr-p774", "PYSEC-2021-37"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["18e9bcd322216deb03286d1a01402921429b3140806b0d307f05eaa10141fba9", "38b4f68570ec084b1e53bdf491e9e98fb6b546524fdeee81bb238abd0ba50e4b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-36", "level": "error", "message": {"text": "pillow: PYSEC-2021-36"}, "properties": {"repobilityId": 105140, "scanner": "osv-scanner", "fingerprint": "4d9a8d0e3eb2b0348db7b3e601b45364a13400e4b09e8b4dcf89c6da5641951a", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25290", "CVE-2021-25290", "GHSA-8xjq-8fcg-g5hw"], "package": "pillow", "rule_id": "PYSEC-2021-36", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25290|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8xjq-8fcg-g5hw", "PYSEC-2021-36"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4d9a8d0e3eb2b0348db7b3e601b45364a13400e4b09e8b4dcf89c6da5641951a", "663189e629555266ebae67695b9cd1ab14a07f6186a4e4c37bca81284539c6ef"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-35", "level": "error", "message": {"text": "pillow: PYSEC-2021-35"}, "properties": {"repobilityId": 105139, "scanner": "osv-scanner", "fingerprint": "af013f953aa3c04c5b11216f031716ce786b2b26ca9b6d2f7d5801be1a5dcf05", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25289", "CVE-2021-25289", "GHSA-57h3-9rgr-c24m"], "package": "pillow", "rule_id": "PYSEC-2021-35", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2020-35654|token", "duplicate_count": 2, "duplicate_rule_ids": ["GHSA-vqcj-wrf2-7v73", "PYSEC-2021-35", "PYSEC-2021-70"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["63e5305eb700d5480f0ea91ea880aaf70199802ff0bb57108a7ee3185e19b2c2", "af013f953aa3c04c5b11216f031716ce786b2b26ca9b6d2f7d5801be1a5dcf05", "e9fec5abee15810e89e59408aadfc173cc4bac5e4a199059b8f8beda9a87406b"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-317", "level": "error", "message": {"text": "pillow: PYSEC-2021-317"}, "properties": {"repobilityId": 105137, "scanner": "osv-scanner", "fingerprint": "2e5986dad39ca03c12550abd5e64942ee7dfbed442c723b57af9d91590ad5857", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-23437", "CVE-2021-23437", "GHSA-98vv-pw6r-q6q4", "SNYK-PYTHON-PILLOW-1319443"], "package": "pillow", "rule_id": "PYSEC-2021-317", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-23437|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-98vv-pw6r-q6q4", "PYSEC-2021-317"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["2e5986dad39ca03c12550abd5e64942ee7dfbed442c723b57af9d91590ad5857", "ef4470166f2416b70bbd2edc0d4367ccf07f369fabba6994c14c5994cc3e7859"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-139", "level": "error", "message": {"text": "pillow: PYSEC-2021-139"}, "properties": {"repobilityId": 105136, "scanner": "osv-scanner", "fingerprint": "3d0a054d4277cd5ef329f7d5e7e9bb994f2cd7f90a5fcd17f5666acab7f1ebee", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-28675", "CVE-2021-28675", "GHSA-g6rj-rv7j-xwp4"], "package": "pillow", "rule_id": "PYSEC-2021-139", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-28675|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-g6rj-rv7j-xwp4", "PYSEC-2021-139"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["3d0a054d4277cd5ef329f7d5e7e9bb994f2cd7f90a5fcd17f5666acab7f1ebee", "4a0a1667c0c70c26ba868d0a081997a08d95e1b1a81e4f5c2ba047719feeabee"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-138", "level": "error", "message": {"text": "pillow: PYSEC-2021-138"}, "properties": {"repobilityId": 105135, "scanner": "osv-scanner", "fingerprint": "147e26c2fbe83be335d0f6524a491c35a19e6848791a75136bedb9f49863b8ec", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25288", "CVE-2021-25288", "GHSA-rwv7-3v45-hg29"], "package": "pillow", "rule_id": "PYSEC-2021-138", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25288|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-rwv7-3v45-hg29", "PYSEC-2021-138"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["147e26c2fbe83be335d0f6524a491c35a19e6848791a75136bedb9f49863b8ec", "dc348e23ec205c51608a38d9fb1ff0b37a425bc1f2d41b2a9779fa03aea16448"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2021-137", "level": "error", "message": {"text": "pillow: PYSEC-2021-137"}, "properties": {"repobilityId": 105134, "scanner": "osv-scanner", "fingerprint": "a84c95d8e73d938d953ca54a33834c3ccff5884326559a9505495f17fd0c0737", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25287", "CVE-2021-25287", "GHSA-77gc-v2xv-rvvh"], "package": "pillow", "rule_id": "PYSEC-2021-137", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25287|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-77gc-v2xv-rvvh", "PYSEC-2021-137"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["a84c95d8e73d938d953ca54a33834c3ccff5884326559a9505495f17fd0c0737", "cb58119897ab74caf7a7f9226e80c895913c4aad02e5379537533156e2653726"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "PYSEC-2026-113", "level": "error", "message": {"text": "pyarrow: PYSEC-2026-113"}, "properties": {"repobilityId": 105133, "scanner": "osv-scanner", "fingerprint": "60ed124c1fc5839b33895c2cffbee0e409c4535553e230b06973be07a4b1d2b8", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-25087"], "package": "pyarrow", "rule_id": "PYSEC-2026-113", "scanner": "osv-scanner", "correlation_key": "vuln|pyarrow|CVE-2026-25087|apis/python/node/uv.lock"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/uv.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2017-0008", "level": "error", "message": {"text": "serial: RUSTSEC-2017-0008"}, "properties": {"repobilityId": 105132, "scanner": "osv-scanner", "fingerprint": "21bea907de0cfa41b0eeeddc660f4ea15019afeb7ec51ef9b7d35f6e4cf2c279", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "serial", "rule_id": "RUSTSEC-2017-0008", "scanner": "osv-scanner", "correlation_key": "fp|21bea907de0cfa41b0eeeddc660f4ea15019afeb7ec51ef9b7d35f6e4cf2c279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2024-0436", "level": "error", "message": {"text": "paste: RUSTSEC-2024-0436"}, "properties": {"repobilityId": 105131, "scanner": "osv-scanner", "fingerprint": "ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "paste", "rule_id": "RUSTSEC-2024-0436", "scanner": "osv-scanner", "correlation_key": "fp|ecf6a49d252eada338538964a3d9bb37acf276dba6d473e55cf76f528b35783f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0119", "level": "error", "message": {"text": "number_prefix: RUSTSEC-2025-0119"}, "properties": {"repobilityId": 105130, "scanner": "osv-scanner", "fingerprint": "cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "number_prefix", "rule_id": "RUSTSEC-2025-0119", "scanner": "osv-scanner", "correlation_key": "fp|cc81fba84c326e572b9634175b3b53e32085ac28a5cd991c3bb028754d296545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2020-0016", "level": "error", "message": {"text": "net2: RUSTSEC-2020-0016"}, "properties": {"repobilityId": 105129, "scanner": "osv-scanner", "fingerprint": "fff6e28e16d5d240a8da5838eb43cd2c39b2cc8614ebc0006b0bbf6b34e77c2f", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "net2", "rule_id": "RUSTSEC-2020-0016", "scanner": "osv-scanner", "correlation_key": "fp|fff6e28e16d5d240a8da5838eb43cd2c39b2cc8614ebc0006b0bbf6b34e77c2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0057", "level": "error", "message": {"text": "fxhash: RUSTSEC-2025-0057"}, "properties": {"repobilityId": 105128, "scanner": "osv-scanner", "fingerprint": "81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "fxhash", "rule_id": "RUSTSEC-2025-0057", "scanner": "osv-scanner", "correlation_key": "fp|81c2c5c48229a549978285f8dfbddc82d310de8f2cb86fdbc68f4a69f0c7a63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "RUSTSEC-2025-0141", "level": "error", "message": {"text": "bincode: RUSTSEC-2025-0141"}, "properties": {"repobilityId": 105127, "scanner": "osv-scanner", "fingerprint": "634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "bincode", "rule_id": "RUSTSEC-2025-0141", "scanner": "osv-scanner", "correlation_key": "fp|634ded575a91e8662811f47a1170cf5fb4279a65e3c3176bb84aeaac3c78b213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Cargo.lock"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 105125, "scanner": "repobility-docker", "fingerprint": "cbf71928976852e8854ab408ebf51524e70dab4b06e359a9ab21cf20d9312ada", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cbf71928976852e8854ab408ebf51524e70dab4b06e359a9ab21cf20d9312ada"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/slim/Dockerfile"}, "region": {"startLine": 16}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 105120, "scanner": "repobility-docker", "fingerprint": "9702d47ad88dd90ec5693247ce538ce01cb621e43552f4315ede9f24708636dc", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9702d47ad88dd90ec5693247ce538ce01cb621e43552f4315ede9f24708636dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ros2dev/Dockerfile"}, "region": {"startLine": 44}}}]}, {"ruleId": "DKR006", "level": "error", "message": {"text": "Dockerfile pipes a remote script into a shell"}, "properties": {"repobilityId": 105119, "scanner": "repobility-docker", "fingerprint": "5aeebf8681a6eb927689682cc59778c3862a2ffa9b48cca591546a367a8d6143", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "RUN instruction contains curl/wget piped into a shell.", "evidence": {"rule_id": "DKR006", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|5aeebf8681a6eb927689682cc59778c3862a2ffa9b48cca591546a367a8d6143"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ros2dev/Dockerfile"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 105117, "scanner": "repobility-threat-engine", "fingerprint": "f79c2f603b468c9c4b053002c9465166bb23d514625270dfb900590480d31a36", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f79c2f603b468c9c4b053002c9465166bb23d514625270dfb900590480d31a36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ros2-comparison/ros2_receiver.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 105116, "scanner": "repobility-threat-engine", "fingerprint": "70ae21283531c786e94781bbb0866dee80d843c835820db02891e93d7e1467d0", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|201|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/llm_op.py"}, "region": {"startLine": 201}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 105115, "scanner": "repobility-threat-engine", "fingerprint": "756b210df0487b47dd83cc67c4449cc9532fc23a8f2b65d88358b6cb06c5986d", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|25|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/file_saver_op.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 105112, "scanner": "repobility-threat-engine", "fingerprint": "f84fd74b34236f4d1db856f12c113b628c5a7ac7de27ea8011003f5965fa4d64", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hasher.update(&bytes);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f84fd74b34236f4d1db856f12c113b628c5a7ac7de27ea8011003f5965fa4d64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "libraries/extensions/download/src/lib.rs"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 105111, "scanner": "repobility-threat-engine", "fingerprint": "7a09ab737469f0dab3461d803b8b6f1fdc11e07e3e92f1e4319262a1d9131966", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pbar.update(1)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a09ab737469f0dab3461d803b8b6f1fdc11e07e3e92f1e4319262a1d9131966"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cuda-benchmark/receiver.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 105110, "scanner": "repobility-threat-engine", "fingerprint": "b99e484d91814e773a89784a3cf6da658bd4db5f3d448094a3531a51949388bd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pbar.update(1)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b99e484d91814e773a89784a3cf6da658bd4db5f3d448094a3531a51949388bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/cuda-benchmark/demo_receiver.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 105108, "scanner": "repobility-threat-engine", "fingerprint": "0bec7bd86014da93733f2c2132fc29442dee58bdb74c4ce6ce854a2459b0a1f8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bec7bd86014da93733f2c2132fc29442dee58bdb74c4ce6ce854a2459b0a1f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/runtime/src/operator/shared_lib.rs"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 105107, "scanner": "repobility-threat-engine", "fingerprint": "6d6f05d9922cee15cf8025865fa7c2c8673f1bc1283d85cbff13a862d08f4082", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6d6f05d9922cee15cf8025865fa7c2c8673f1bc1283d85cbff13a862d08f4082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/daemon/src/spawn/command.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 105090, "scanner": "repobility-threat-engine", "fingerprint": "33b734a658386cd830f9a0be301cfff8afd232fe66607764034d4d26a9f5b96e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|33b734a658386cd830f9a0be301cfff8afd232fe66607764034d4d26a9f5b96e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/ros2-bridge/python/parameter/parameter_node.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 105089, "scanner": "repobility-threat-engine", "fingerprint": "d95d31ccdb57d64d018b0ebd3a9c8c422bf0ae9c18c74e1ff404c3f896a06b03", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d95d31ccdb57d64d018b0ebd3a9c8c422bf0ae9c18c74e1ff404c3f896a06b03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_rover.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 105088, "scanner": "repobility-threat-engine", "fingerprint": "e70533d3916303f5e03d69e19286d5d0b770b9060b8ce25a04d2076c8f2e1639", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e70533d3916303f5e03d69e19286d5d0b770b9060b8ce25a04d2076c8f2e1639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/dora/__init__.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105078, "scanner": "repobility-threat-engine", "fingerprint": "995041d433b962db8a96b8ded393d861dfe6757a67c70a0c1d5b6c8403719436", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|995041d433b962db8a96b8ded393d861dfe6757a67c70a0c1d5b6c8403719436"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/operator/src/lib.rs"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105077, "scanner": "repobility-threat-engine", "fingerprint": "feb8b90788f319a110f07ec37903698837c24743dc6653384cce4e1dcd38e118", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|feb8b90788f319a110f07ec37903698837c24743dc6653384cce4e1dcd38e118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/operator/build.rs"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 105076, "scanner": "repobility-threat-engine", "fingerprint": "908ccc09064f0c76458d722080b9a0986d4353da7d11fb589ac4f425282aa45a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|908ccc09064f0c76458d722080b9a0986d4353da7d11fb589ac4f425282aa45a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/c++/node/build.rs"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105073, "scanner": "repobility-supply-chain", "fingerprint": "20322c3d10cd7f290bf0d496a4634156d4e0b5b4b0203a6e0849c9561151b205", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20322c3d10cd7f290bf0d496a4634156d4e0b5b4b0203a6e0849c9561151b205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 301}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 105072, "scanner": "repobility-supply-chain", "fingerprint": "c1b7255afd20613f58a69ce6736eae97ddbf9281e2f6ae67bca77c61a10c72be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c1b7255afd20613f58a69ce6736eae97ddbf9281e2f6ae67bca77c61a10c72be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105071, "scanner": "repobility-supply-chain", "fingerprint": "7639889297271ee1d1fff6df5021289f369d6a650c6344e30fabc1fd13c24b70", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7639889297271ee1d1fff6df5021289f369d6a650c6344e30fabc1fd13c24b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105070, "scanner": "repobility-supply-chain", "fingerprint": "20a5bfbc7d699d47fd969e3cbb55d0b6fdcc1def3606f609886d572713cc458a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20a5bfbc7d699d47fd969e3cbb55d0b6fdcc1def3606f609886d572713cc458a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 105069, "scanner": "repobility-supply-chain", "fingerprint": "d29de0b94640b1ec72ee21195ee1d8ad5e4779c76de826a81309d1e900f0c416", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d29de0b94640b1ec72ee21195ee1d8ad5e4779c76de826a81309d1e900f0c416"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 123}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105068, "scanner": "repobility-supply-chain", "fingerprint": "44d7e4fd3d44bb249aa40c1a7659f8b30755291acfdcd53778900cd1eaa45322", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44d7e4fd3d44bb249aa40c1a7659f8b30755291acfdcd53778900cd1eaa45322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105067, "scanner": "repobility-supply-chain", "fingerprint": "f056073b8c8a5e6047ab585240db8179728cd8c22ecb4192e997e1d52da72a85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f056073b8c8a5e6047ab585240db8179728cd8c22ecb4192e997e1d52da72a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 105066, "scanner": "repobility-supply-chain", "fingerprint": "89c1ec0436ed9c3751a1d09dc5f437962a9314c878a51bc75f4e0da248b27e09", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89c1ec0436ed9c3751a1d09dc5f437962a9314c878a51bc75f4e0da248b27e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105065, "scanner": "repobility-supply-chain", "fingerprint": "f97fa4d13e42a474a765763b33a00e7574ecd2ddbaeb5718d9f2b94f97e4801e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f97fa4d13e42a474a765763b33a00e7574ecd2ddbaeb5718d9f2b94f97e4801e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105064, "scanner": "repobility-supply-chain", "fingerprint": "3ffb3544f7d63cd0b448019d824210b5321df8d1b3c8bc970cd25d9053721186", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3ffb3544f7d63cd0b448019d824210b5321df8d1b3c8bc970cd25d9053721186"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 105063, "scanner": "repobility-supply-chain", "fingerprint": "b2fe3e68591c336f7ddcc30b046ae04e0c7109a751d44831c6c0c47c6be4588b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b2fe3e68591c336f7ddcc30b046ae04e0c7109a751d44831c6c0c47c6be4588b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105062, "scanner": "repobility-supply-chain", "fingerprint": "9f417e7a2b78fc5d3a9cfa9d0a45b613698cdf81edd75a3b98251fb7b1ea103e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9f417e7a2b78fc5d3a9cfa9d0a45b613698cdf81edd75a3b98251fb7b1ea103e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105061, "scanner": "repobility-supply-chain", "fingerprint": "2bde597cc6f6f86ef84c79012dfc3692dd6821b8f94a7386b3ea6b0fa04cfc91", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2bde597cc6f6f86ef84c79012dfc3692dd6821b8f94a7386b3ea6b0fa04cfc91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 105060, "scanner": "repobility-supply-chain", "fingerprint": "9be054cb07053505346a358bde353958e7103ae49ad68fac8edd23b68e9a319f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9be054cb07053505346a358bde353958e7103ae49ad68fac8edd23b68e9a319f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105059, "scanner": "repobility-supply-chain", "fingerprint": "f6b0eb99b99e964155ad56542f6d3fa56b8ca2a1b25eb4eeff4f207152efe9d1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6b0eb99b99e964155ad56542f6d3fa56b8ca2a1b25eb4eeff4f207152efe9d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Swatinem/rust-cache` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 105058, "scanner": "repobility-supply-chain", "fingerprint": "1d9266e4554adb11cdab0530c559f87d12a306c019ab95b4120d7786e2bcceca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1d9266e4554adb11cdab0530c559f87d12a306c019ab95b4120d7786e2bcceca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-c-cpp-libraries.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`"}, "properties": {"repobilityId": 105057, "scanner": "repobility-supply-chain", "fingerprint": "408aecce32c582e566460496e4983b25748baf7ed1a5f481969837cb6e9a7c6b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|408aecce32c582e566460496e4983b25748baf7ed1a5f481969837cb6e9a7c6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-c-cpp-libraries.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105056, "scanner": "repobility-supply-chain", "fingerprint": "78e5cb37b642e18949e6c0b7a21b893b643687c56730f8d4797a8fcf96cae0df", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|78e5cb37b642e18949e6c0b7a21b893b643687c56730f8d4797a8fcf96cae0df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-c-cpp-libraries.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105055, "scanner": "repobility-supply-chain", "fingerprint": "d6a2db6fd4c364c9d7dbdfdea61115bd3e57649af22a33084e94ed0aa9e9c8ec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6a2db6fd4c364c9d7dbdfdea61115bd3e57649af22a33084e94ed0aa9e9c8ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dora-bot-assign.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105054, "scanner": "repobility-supply-chain", "fingerprint": "b73bf432625df3ff5168135468ce6cb7aaacb6a7d9093859ee4108029c8123b8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b73bf432625df3ff5168135468ce6cb7aaacb6a7d9093859ee4108029c8123b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/docker-image.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `anthropics/claude-code-action` pinned to mutable ref `@v1`"}, "properties": {"repobilityId": 105053, "scanner": "repobility-supply-chain", "fingerprint": "c53e6ed4d7668cc9bfdc1511705c9b38a9d8afd8461bac31831e06bb2a54d2b5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c53e6ed4d7668cc9bfdc1511705c9b38a9d8afd8461bac31831e06bb2a54d2b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude-code.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105052, "scanner": "repobility-supply-chain", "fingerprint": "b7cea278965b53e9c948383c1003f4a86a772130561385f047d86acd9ebd240a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b7cea278965b53e9c948383c1003f4a86a772130561385f047d86acd9ebd240a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude-code.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `jlumbroso/free-disk-space` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 105051, "scanner": "repobility-supply-chain", "fingerprint": "c0820c2f3b628f39f3e964e914abefbec7a8ae697ec9ad3630d1b75c8b5730fe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c0820c2f3b628f39f3e964e914abefbec7a8ae697ec9ad3630d1b75c8b5730fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-release.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `r7kamura/rust-problem-matchers` pinned to mutable ref `@v1.5.1`"}, "properties": {"repobilityId": 105050, "scanner": "repobility-supply-chain", "fingerprint": "dc2638e94875ee4fc07ae3c55b03252f32a642a3cf32b83aa5a4c469aa7b222a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc2638e94875ee4fc07ae3c55b03252f32a642a3cf32b83aa5a4c469aa7b222a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-release.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 105049, "scanner": "repobility-supply-chain", "fingerprint": "3e00fa64ed7d331272df2f2fb9719755748a0a3066eca16a614676d25402ad31", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3e00fa64ed7d331272df2f2fb9719755748a0a3066eca16a614676d25402ad31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-release.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ros:humble` not pinned by digest"}, "properties": {"repobilityId": 105033, "scanner": "repobility-supply-chain", "fingerprint": "6fb4a264dc07e98bd24541c4cb6c083ea8ad993945c1bdd4ba3ec036cd1152f9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6fb4a264dc07e98bd24541c4cb6c083ea8ad993945c1bdd4ba3ec036cd1152f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/ros2dev/Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `python:3.12-slim` not pinned by digest"}, "properties": {"repobilityId": 105032, "scanner": "repobility-supply-chain", "fingerprint": "60b20b54cb076212cb23e98746a3d4669f281b54c6533a06d140c7df421eec8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60b20b54cb076212cb23e98746a3d4669f281b54c6533a06d140c7df421eec8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/slim/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_queue_size"}, "properties": {"repobilityId": 105031, "scanner": "repobility-ast-engine", "fingerprint": "23d56f8d27888cca139d313c895c3486df1f8c2eb0a2fe7c23b0f9d6ab345e8a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|23d56f8d27888cca139d313c895c3486df1f8c2eb0a2fe7c23b0f9d6ab345e8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/tests/test_builder.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_queue_policy"}, "properties": {"repobilityId": 105030, "scanner": "repobility-ast-engine", "fingerprint": "8f76819ef9f58f7cc65793c95d782ec6855ece04a87c96b7047f6e48b84fc123", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f76819ef9f58f7cc65793c95d782ec6855ece04a87c96b7047f6e48b84fc123"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apis/python/node/tests/test_builder.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_alt_below` used but never assigned in __init__"}, "properties": {"repobilityId": 105022, "scanner": "repobility-ast-engine", "fingerprint": "dffea0d8f4924bdf1d33387823ea9ba37ab2a4663ccea21402dee79d8a1972cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dffea0d8f4924bdf1d33387823ea9ba37ab2a4663ccea21402dee79d8a1972cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 515}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105021, "scanner": "repobility-ast-engine", "fingerprint": "0ba849042e967a167b1eea87fc5ae032e51e1e68bda8ec60dcb441bef67f8ec4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0ba849042e967a167b1eea87fc5ae032e51e1e68bda8ec60dcb441bef67f8ec4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 514}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105020, "scanner": "repobility-ast-engine", "fingerprint": "436c10e8154ccabc7cbe381a6102b12fb8d7d7dcc032bddbf59e4cbb8a70064b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|436c10e8154ccabc7cbe381a6102b12fb8d7d7dcc032bddbf59e4cbb8a70064b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 513}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_alt_at_least` used but never assigned in __init__"}, "properties": {"repobilityId": 105019, "scanner": "repobility-ast-engine", "fingerprint": "df2a7dc96fded5c79ba784e38654b7802d5bbdc834c3428ebd6a3065640159a9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df2a7dc96fded5c79ba784e38654b7802d5bbdc834c3428ebd6a3065640159a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 480}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105018, "scanner": "repobility-ast-engine", "fingerprint": "b127565b75d5cf641600adbe968539c60cb3e69a205b6322ae35918a97674e82", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b127565b75d5cf641600adbe968539c60cb3e69a205b6322ae35918a97674e82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 479}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105017, "scanner": "repobility-ast-engine", "fingerprint": "b1abbdea98e283b569409b17e4e0f8cd36395d1c5de3ffb48338684f6374b482", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1abbdea98e283b569409b17e4e0f8cd36395d1c5de3ffb48338684f6374b482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 478}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105016, "scanner": "repobility-ast-engine", "fingerprint": "d93bd5da1fe9d53ffc8152da0b1f45af7678fbf783e87e0cc432eb6c18141b79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d93bd5da1fe9d53ffc8152da0b1f45af7678fbf783e87e0cc432eb6c18141b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105015, "scanner": "repobility-ast-engine", "fingerprint": "d93746cd7a75e18518e14ee976988ba7cb1de302b5f0fa047124f549873f2d3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d93746cd7a75e18518e14ee976988ba7cb1de302b5f0fa047124f549873f2d3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 475}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._wait_for_first_heartbeat` used but never assigned in __init__"}, "properties": {"repobilityId": 105014, "scanner": "repobility-ast-engine", "fingerprint": "72609e6d55183bac1690d7b6948dcc0c2826dad29b59d7c65632d9887bf9c121", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72609e6d55183bac1690d7b6948dcc0c2826dad29b59d7c65632d9887bf9c121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 440}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_reach_latlon` used but never assigned in __init__"}, "properties": {"repobilityId": 105013, "scanner": "repobility-ast-engine", "fingerprint": "a53dacb5c8939ca6341203982deb240e795c95332f38b56b86cec3342e40eb34", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a53dacb5c8939ca6341203982deb240e795c95332f38b56b86cec3342e40eb34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105012, "scanner": "repobility-ast-engine", "fingerprint": "1136c4bcd1856dad12683eea472df59df44b9d263a09fa1f81988e75d774586d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1136c4bcd1856dad12683eea472df59df44b9d263a09fa1f81988e75d774586d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 428}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105011, "scanner": "repobility-ast-engine", "fingerprint": "c873153def8ff51ab86b7807568a2e9d44184b11fb3c0b139366f4246932907c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c873153def8ff51ab86b7807568a2e9d44184b11fb3c0b139366f4246932907c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission_long.py"}, "region": {"startLine": 417}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105010, "scanner": "repobility-ast-engine", "fingerprint": "fb94e449a2becfd4bf6a1264a0a35b6648295611031459a0220040390c87edb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb94e449a2becfd4bf6a1264a0a35b6648295611031459a0220040390c87edb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 263}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105009, "scanner": "repobility-ast-engine", "fingerprint": "f0112e1f7bf883a5b92c92a760873c78fcd14a57a9503867aec7fbeec032c7ef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0112e1f7bf883a5b92c92a760873c78fcd14a57a9503867aec7fbeec032c7ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 262}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_alt_below` used but never assigned in __init__"}, "properties": {"repobilityId": 105008, "scanner": "repobility-ast-engine", "fingerprint": "3d6015b2ec0d47889b3fe4860d94117a7cbc2dd7249c24d0d3036780a9303847", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d6015b2ec0d47889b3fe4860d94117a7cbc2dd7249c24d0d3036780a9303847"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105007, "scanner": "repobility-ast-engine", "fingerprint": "004b3a0caaa35f18d2ff5f8d7aa0e91028f3a91d05064abd6f020f2e516dd946", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|004b3a0caaa35f18d2ff5f8d7aa0e91028f3a91d05064abd6f020f2e516dd946"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 259}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105006, "scanner": "repobility-ast-engine", "fingerprint": "c2b5e8525a972aaac52e4eb540517aed4a5fe7f37a5445ab4268a8a6f917e22b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c2b5e8525a972aaac52e4eb540517aed4a5fe7f37a5445ab4268a8a6f917e22b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 258}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_alt_at_least` used but never assigned in __init__"}, "properties": {"repobilityId": 105005, "scanner": "repobility-ast-engine", "fingerprint": "9cc1279bce652c0a53fdd93adee0b96444f5c1ad28e2f3c861ce2e829bb0c009", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9cc1279bce652c0a53fdd93adee0b96444f5c1ad28e2f3c861ce2e829bb0c009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105004, "scanner": "repobility-ast-engine", "fingerprint": "a7d0d846fb4d1c2011ff3c1b3e09aa320d8a815b351e24dac0a7d4d690592346", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7d0d846fb4d1c2011ff3c1b3e09aa320d8a815b351e24dac0a7d4d690592346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105003, "scanner": "repobility-ast-engine", "fingerprint": "39063726b921ff17fe016efae40d8f87762bf09adeb00fd7e222dcf69e03cf04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|39063726b921ff17fe016efae40d8f87762bf09adeb00fd7e222dcf69e03cf04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105002, "scanner": "repobility-ast-engine", "fingerprint": "dbeac789a9309a51a7ea87edde4fa7e2dbcef1511e3d0a864f04657e246cce81", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbeac789a9309a51a7ea87edde4fa7e2dbcef1511e3d0a864f04657e246cce81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 105001, "scanner": "repobility-ast-engine", "fingerprint": "bc7eee42b2dc7541934b7cdb64d141bdf8382bd205ca36c9fb6670256def9240", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc7eee42b2dc7541934b7cdb64d141bdf8382bd205ca36c9fb6670256def9240"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._await_ack` used but never assigned in __init__"}, "properties": {"repobilityId": 105000, "scanner": "repobility-ast-engine", "fingerprint": "a84c4849576751a3baab57e434458f41f361179b7d38639172d0695120339044", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a84c4849576751a3baab57e434458f41f361179b7d38639172d0695120339044"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._send` used but never assigned in __init__"}, "properties": {"repobilityId": 104999, "scanner": "repobility-ast-engine", "fingerprint": "a69b7f554a4f96f8b1d8d6ad8480aa81d464bb38ffaed58613b3b37283884809", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a69b7f554a4f96f8b1d8d6ad8480aa81d464bb38ffaed58613b3b37283884809"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._wait_for_first_heartbeat` used but never assigned in __init__"}, "properties": {"repobilityId": 104998, "scanner": "repobility-ast-engine", "fingerprint": "efe016250590dabd3140ea8d27f179a25fd5786791a829bf5bad5f1353b9ab85", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efe016250590dabd3140ea8d27f179a25fd5786791a829bf5bad5f1353b9ab85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/mavlink2-bridge-sitl-mission/mission.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_import_main"}, "properties": {"repobilityId": 104997, "scanner": "repobility-ast-engine", "fingerprint": "d42b6fd5bcb3d322c09eca01ecf9508b41cd2d46ba6ddbf8e5e892375697da0b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d42b6fd5bcb3d322c09eca01ecf9508b41cd2d46ba6ddbf8e5e892375697da0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "binaries/cli/src/template/python/__node-name__/tests/test___node_name__.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "GHSA-8q59-q68h-6hv4", "level": "error", "message": {"text": "pyyaml: GHSA-8q59-q68h-6hv4"}, "properties": {"repobilityId": 105166, "scanner": "osv-scanner", "fingerprint": "e21cdf930f25c44f65c0cc02b35a2cb60b24197c0eede6c35cde07d5d0ac9cc0", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["CVE-2020-14343", "PYSEC-2021-142"], "package": "pyyaml", "rule_id": "GHSA-8q59-q68h-6hv4", "scanner": "osv-scanner", "correlation_key": "vuln|pyyaml|CVE-2020-14343|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8q59-q68h-6hv4", "PYSEC-2021-142"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["4526a5d8698242c08788a9e378870d75c6b86b30c6743966515d5ed68a411c3f", "e21cdf930f25c44f65c0cc02b35a2cb60b24197c0eede6c35cde07d5d0ac9cc0"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-57h3-9rgr-c24m", "level": "error", "message": {"text": "pillow: GHSA-57h3-9rgr-c24m"}, "properties": {"repobilityId": 105163, "scanner": "osv-scanner", "fingerprint": "c720e5a09631f3a9d54145e97895a77a95e699532e891e88dfde15dbd9a4359b", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-25289", "CVE-2021-25289", "PYSEC-2021-35"], "package": "pillow", "rule_id": "GHSA-57h3-9rgr-c24m", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-25289|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3f63-hfp8-52jq", "level": "error", "message": {"text": "pillow: GHSA-3f63-hfp8-52jq"}, "properties": {"repobilityId": 105160, "scanner": "osv-scanner", "fingerprint": "d81f46ed709fe4bc39faf19439fb5c4d53844df2bf0454053967ad484742e489", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["BIT-pillow-2023-50447", "CVE-2023-50447"], "package": "pillow", "rule_id": "GHSA-3f63-hfp8-52jq", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2023-50447|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-8vj2-vxx3-667w", "level": "error", "message": {"text": "pillow: GHSA-8vj2-vxx3-667w"}, "properties": {"repobilityId": 105152, "scanner": "osv-scanner", "fingerprint": "8b58bb37674a3dbbbb11f99e8f5756ac162078ee903016cffdc7af1b1744c290", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2022-22817", "CVE-2022-22817", "PYSEC-2022-10"], "package": "pillow", "rule_id": "GHSA-8vj2-vxx3-667w", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2022-22817|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-8vj2-vxx3-667w", "PYSEC-2022-10"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["8b58bb37674a3dbbbb11f99e8f5756ac162078ee903016cffdc7af1b1744c290", "a71adfe5529010d711739c4d22bac9329e2bc79509ff133f49b56d4fe60a7a82"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-7534-mm45-c74v", "level": "error", "message": {"text": "pillow: GHSA-7534-mm45-c74v"}, "properties": {"repobilityId": 105138, "scanner": "osv-scanner", "fingerprint": "60877d60d1daa0a3358825bf596d93cba43ce794ce3a0da4aed71a7affbc17e1", "category": "dependency", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "", "aliases": ["BIT-pillow-2021-34552", "CVE-2021-34552", "PYSEC-2021-331"], "package": "pillow", "rule_id": "GHSA-7534-mm45-c74v", "scanner": "osv-scanner", "correlation_key": "vuln|pillow|CVE-2021-34552|token", "duplicate_count": 1, "duplicate_rule_ids": ["GHSA-7534-mm45-c74v", "PYSEC-2021-331"], "duplicate_scanners": ["osv-scanner"], "duplicate_fingerprints": ["1a6d2bb77448a1c5927e6e9b4d634ccbc2d6b055f6d35800a727800efcb242fd", "60877d60d1daa0a3358825bf596d93cba43ce794ce3a0da4aed71a7affbc17e1"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/python-operator-dataflow/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 105109, "scanner": "repobility-threat-engine", "fingerprint": "20b1ad43a27406b3c22c097fbdb48b7db3f6843ae9fdf14ceae8ecf183d918ca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|20b1ad43a27406b3c22c097fbdb48b7db3f6843ae9fdf14ceae8ecf183d918ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/c-dataflow/node.c"}, "region": {"startLine": 47}}}]}]}]}