{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/615"}, "properties": {"repository": "ITSSOUMIT/findbug", "repoUrl": "https://github.com/ITSSOUMIT/findbug", "branch": "main"}, "results": [{"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 43936, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43942, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d53f4caa0c5c68c76c519420b4738acdba48b02b281c7ee5f0ece78917084811", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/findbug/capture/exception_handler.rb", "duplicate_line": 30, "correlation_key": "fp|d53f4caa0c5c68c76c519420b4738acdba48b02b281c7ee5f0ece78917084811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/findbug/capture/middleware.rb"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43941, "scanner": "repobility-ai-code-hygiene", "fingerprint": "154dd01bb7ead5dae460ddf45d20354a3212f32e908d3f72efa128c64dc00c62", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/findbug/capture/exception_handler.rb", "duplicate_line": 69, "correlation_key": "fp|154dd01bb7ead5dae460ddf45d20354a3212f32e908d3f72efa128c64dc00c62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/findbug/capture/message_handler.rb"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43940, "scanner": "repobility-ai-code-hygiene", "fingerprint": "277c4134bd87b33940f0f0683a7652e99bc4a0536d135c9ffcb745b334364a7a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/findbug/capture/exception_handler.rb", "duplicate_line": 62, "correlation_key": "fp|277c4134bd87b33940f0f0683a7652e99bc4a0536d135c9ffcb745b334364a7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/findbug/capture/exception_subscriber.rb"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43939, "scanner": "repobility-ai-code-hygiene", "fingerprint": "40b91d0720fae2e59bdffa6f5ae30310167687c5de46e7d585f45c951de8b8dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/findbug/alerts/channels/discord.rb", "duplicate_line": 82, "correlation_key": "fp|40b91d0720fae2e59bdffa6f5ae30310167687c5de46e7d585f45c951de8b8dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/findbug/alerts/channels/slack.rb"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43938, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75e2e8f8ead67e96a77be6732c9a4bd88b7e60169aec4e3072808b869655044b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/models/findbug/error_event.rb", "duplicate_line": 21, "correlation_key": "fp|75e2e8f8ead67e96a77be6732c9a4bd88b7e60169aec4e3072808b869655044b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/models/findbug/performance_event.rb"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 43937, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e0a5557fa907e80cdd2cc98db4a07f854a64a5cf57162427850dda87c962c9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/controllers/findbug/errors_controller.rb", "duplicate_line": 67, "correlation_key": "fp|9e0a5557fa907e80cdd2cc98db4a07f854a64a5cf57162427850dda87c962c9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/controllers/findbug/performance_controller.rb"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 43943, "scanner": "repobility-threat-engine", "fingerprint": "217a4bfc8790d43d43a0f4685d892c99d552429efe8482a192fb015fd695daa3", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|217a4bfc8790d43d43a0f4685d892c99d552429efe8482a192fb015fd695daa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/models/findbug/alert_channel.rb"}, "region": {"startLine": 109}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 43935, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}