{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Store the interval id and return a useEffect cleanup that calls clearInterval. Also clear the interval in explicit stop/end handlers when relevant."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC031", "name": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternati", "shortDescription": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process"}, "fullDescription": {"text": "Three options, pick one:\n  1. Rewrite the pattern to avoid nested quantifiers. E.g. `(a+)+` is      functionally equivalent to `a+` for matching purposes.\n  2. Use Google's re2 (`pip install google-re2`): linear-time, drop-in      replacement for `re` for most use cases.\n  3. Set a hard timeout: `signal.alarm(1)` before regex eval.\nTest patterns against `safe-regex` or `redos-detector` before shipping."}, "properties": {"scanner": "repobility-threat-engine", "category": "redos", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases.", "shortDescription": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.", "shortDescription": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `editors/intellij/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `editors/intellij/", "shortDescription": {"text": "[MINED134] Binary file `editors/intellij/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `editors/intellij/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,966 bytes) committed to a repo that otherwise has 604 source fil"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.", "shortDescription": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1412"}, "properties": {"repository": "ivov/lisette", "repoUrl": "https://github.com/ivov/lisette", "branch": "main"}, "results": [{"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 145186, "scanner": "repobility-agent-runtime", "fingerprint": "4712012a4ba4d16b9d7a50607f65d1418f82f3fe6737825ac5a67c37abd81752", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4712012a4ba4d16b9d7a50607f65d1418f82f3fe6737825ac5a67c37abd81752"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/README.md"}, "region": {"startLine": 82}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 145185, "scanner": "repobility-agent-runtime", "fingerprint": "69a43db3775388f961322918c86446a544bf6d16eca489f5fb9348b0d4cfde19", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|69a43db3775388f961322918c86446a544bf6d16eca489f5fb9348b0d4cfde19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/play/monacoeditorwork/editor.worker.bundle.js"}, "region": {"startLine": 1145}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 145184, "scanner": "repobility-agent-runtime", "fingerprint": "f1fa98de474cc1ef4fe026d3e159ea751fa383a4a32cf860bcc58abdeb934cc5", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f1fa98de474cc1ef4fe026d3e159ea751fa383a4a32cf860bcc58abdeb934cc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/intro/quickstart.md"}, "region": {"startLine": 9}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 145183, "scanner": "repobility-agent-runtime", "fingerprint": "b2a5f9158f15ef8c3e76cd78dbf0b064151763ed62e8a709ffb2f9fd2e23478d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b2a5f9158f15ef8c3e76cd78dbf0b064151763ed62e8a709ffb2f9fd2e23478d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/install.sh"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 145150, "scanner": "repobility-threat-engine", "fingerprint": "423f96d23bd1ab638bf110245ed18b3f34a037da781a9fab105f0ef15b5af609", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new Function(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|214|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/src/runner/wasm-bridge.ts"}, "region": {"startLine": 214}}}]}, {"ruleId": "SEC031", "level": "warning", "message": {"text": "[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process. CWE-1333. Real CVEs: CVE-2017-16129 (minimatch), CVE-2021-3807 (ansi-regex), and dozens more."}, "properties": {"repobilityId": 145148, "scanner": "repobility-threat-engine", "fingerprint": "e7549a9a00c09721f5327d187365dfcfbce73d2f6b050a648ce57be16105216b", "category": "redos", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(\"^((?!\\\\/\\\\/).)*(\\\\{[^}\\\"'`]*|\\\\([^)\\\"'`]*|\\\\[[^\\\\]\\\"'`]*)$\"),decreaseIndentPattern:new R", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC031", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e7549a9a00c09721f5327d187365dfcfbce73d2f6b050a648ce57be16105216b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/play/assets/protobuf-COyEY5Pt.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145182, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a8c8e70ed80be0da3d645c3e6d00347adef7fa610155a7ef169fae7470290471", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/_harness/lint.rs", "duplicate_line": 71, "correlation_key": "fp|a8c8e70ed80be0da3d645c3e6d00347adef7fa610155a7ef169fae7470290471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/_harness/pipeline.rs"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145181, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ebac824cc66a25e6c8daa102193dd61ffeaa6962e3cd08039f143bee080b3a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/lsp/src/traversal.rs", "duplicate_line": 73, "correlation_key": "fp|9ebac824cc66a25e6c8daa102193dd61ffeaa6962e3cd08039f143bee080b3a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/wasm/src/lib.rs"}, "region": {"startLine": 271}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145180, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b4fcc531c1e8890ccd8abf6c2725ff0e3f898d152987392fcb08e5e1ee1cb01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/checker/freeze.rs", "duplicate_line": 380, "correlation_key": "fp|6b4fcc531c1e8890ccd8abf6c2725ff0e3f898d152987392fcb08e5e1ee1cb01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/syntax/src/ast_folder.rs"}, "region": {"startLine": 530}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145179, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25ff6eaa272441fa6b91909e080695dc39d625ff865a5f816eef208e9e9da951", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bindgen/internal/cli/generate_std.go", "duplicate_line": 44, "correlation_key": "fp|25ff6eaa272441fa6b91909e080695dc39d625ff865a5f816eef208e9e9da951"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/stdlib/src/go_modules.rs"}, "region": {"startLine": 503}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145178, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d5dacc22cdda4121eb1d4cc95d97cb469faf228268862711ed1613b42dc3d3a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/non_negative_comparison.rs", "duplicate_line": 12, "correlation_key": "fp|5d5dacc22cdda4121eb1d4cc95d97cb469faf228268862711ed1613b42dc3d3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/unsigned_comparison.rs"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145177, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30d6081601954af0fc585eb157298b08ed7b0b33b11ebad6e1be4dee05d6c94e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_is_empty.rs", "duplicate_line": 6, "correlation_key": "fp|30d6081601954af0fc585eb157298b08ed7b0b33b11ebad6e1be4dee05d6c94e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/unsigned_comparison.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145176, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05736c7c96488a1dd378dbed1e53c8fdb4197a24253f6b3f0b6f1bf04005a1d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_is_empty.rs", "duplicate_line": 58, "correlation_key": "fp|05736c7c96488a1dd378dbed1e53c8fdb4197a24253f6b3f0b6f1bf04005a1d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/unnecessary_range_loop.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145175, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5fad525796a8d191aa20de5a58024e31c2599f8fb55477149965b106dbe7e8e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_time_since.rs", "duplicate_line": 46, "correlation_key": "fp|f5fad525796a8d191aa20de5a58024e31c2599f8fb55477149965b106dbe7e8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/unnecessary_range_loop.rs"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145174, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73dddce99741623f73869a7d4204e442e59080b7eb8ca7dc91c690029ae5e177", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_is_empty.rs", "duplicate_line": 6, "correlation_key": "fp|73dddce99741623f73869a7d4204e442e59080b7eb8ca7dc91c690029ae5e177"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/self_comparison.rs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145173, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bd6ff3b75965263266ecf19bd249ae816eab42dcfbff76410692f6823696c10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_unwrap_or.rs", "duplicate_line": 8, "correlation_key": "fp|2bd6ff3b75965263266ecf19bd249ae816eab42dcfbff76410692f6823696c10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/redundant_pattern_matching.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145172, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dffae5cbd82fe4436fe61f39ef7452bb0d55ff5478841f629090ae5a255b3f05", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_map.rs", "duplicate_line": 6, "correlation_key": "fp|dffae5cbd82fe4436fe61f39ef7452bb0d55ff5478841f629090ae5a255b3f05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/redundant_pattern_matching.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145171, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8a3fb7908108c477f56c5857c529d9efa23162f71a3ef77a8549208d9abe4cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_is_empty.rs", "duplicate_line": 6, "correlation_key": "fp|c8a3fb7908108c477f56c5857c529d9efa23162f71a3ef77a8549208d9abe4cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/non_negative_comparison.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145170, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2cc9cf90cf4d934a9c71fe0e796254092280b5aacff6f2fe0d6528f74c3dfcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/manual_map.rs", "duplicate_line": 6, "correlation_key": "fp|d2cc9cf90cf4d934a9c71fe0e796254092280b5aacff6f2fe0d6528f74c3dfcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/manual_unwrap_or.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145169, "scanner": "repobility-ai-code-hygiene", "fingerprint": "814c5d4d8065d24affa8913fc49206ac20ec015c950ec40162785e940c71a81a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/checks/empty_range.rs", "duplicate_line": 15, "correlation_key": "fp|814c5d4d8065d24affa8913fc49206ac20ec015c950ec40162785e940c71a81a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/integer_division_to_zero.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145168, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed6c3c6b0401646b5c1c87f644ec60ca35ee66ad6fc7a4914b18fa608b6fba3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/checks/index_out_of_bounds.rs", "duplicate_line": 61, "correlation_key": "fp|ed6c3c6b0401646b5c1c87f644ec60ca35ee66ad6fc7a4914b18fa608b6fba3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/helpers.rs"}, "region": {"startLine": 135}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145167, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c93c2c9ded47427f7b8e2bbe70c64f7ae5a17a2be46339e36fce9ac8c7528787", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/checks/repeated_if_condition.rs", "duplicate_line": 23, "correlation_key": "fp|c93c2c9ded47427f7b8e2bbe70c64f7ae5a17a2be46339e36fce9ac8c7528787"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/helpers.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145166, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a8d0be6733f3c1a468d6b6d0536f3109e53ce8689a1d484f9fca9efc3de37d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/lints/ast_walk/checks/dup_arg.rs", "duplicate_line": 21, "correlation_key": "fp|2a8d0be6733f3c1a468d6b6d0536f3109e53ce8689a1d484f9fca9efc3de37d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/lints/ast_walk/checks/duplicate_cutset.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145165, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b043049250ca75594fe2a3fd9bc2b93f2d5d416131ede7951e94341377c1d27", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/passes/checks/index_out_of_bounds.rs", "duplicate_line": 61, "correlation_key": "fp|3b043049250ca75594fe2a3fd9bc2b93f2d5d416131ede7951e94341377c1d27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/passes/checks/repeated_if_condition.rs"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145164, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f2b0c05aa36335826c24e88fc258949ad48ed78a99ba41a99ce925974e088037", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/emit/src/control_flow/select.rs", "duplicate_line": 649, "correlation_key": "fp|f2b0c05aa36335826c24e88fc258949ad48ed78a99ba41a99ce925974e088037"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/checker/infer/expressions/select.rs"}, "region": {"startLine": 349}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145163, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23e7ef1333b3b9fb4a5e140bdb8d6315a231d5fca03177a4021af209d7332727", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/semantics/src/cache/go_stdlib.rs", "duplicate_line": 80, "correlation_key": "fp|23e7ef1333b3b9fb4a5e140bdb8d6315a231d5fca03177a4021af209d7332727"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/cache/prelude.rs"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145162, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35c56768c7babd641db97e254b976fb5d97ea9e5ca460ba2e65c9fa7df851b42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/lsp/src/definition.rs", "duplicate_line": 187, "correlation_key": "fp|35c56768c7babd641db97e254b976fb5d97ea9e5ca460ba2e65c9fa7df851b42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/lsp/src/hover.rs"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145161, "scanner": "repobility-ai-code-hygiene", "fingerprint": "565bbac27cad5b26149ecefc4cfa9718872c2e31b78654cc6cd7b2374bd4c908", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/emit/src/calls/dispatch.rs", "duplicate_line": 509, "correlation_key": "fp|565bbac27cad5b26149ecefc4cfa9718872c2e31b78654cc6cd7b2374bd4c908"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/emit/src/expressions/access/dot_access.rs"}, "region": {"startLine": 298}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145160, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcc18fcc5bd0862a45ea7891ad7529471fc257d8603f312e589743c5fd4fb4e3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/emit/src/analyze/constraint_collector.rs", "duplicate_line": 473, "correlation_key": "fp|fcc18fcc5bd0862a45ea7891ad7529471fc257d8603f312e589743c5fd4fb4e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/emit/src/definitions/interfaces.rs"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145159, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa37b3e08d0049ce973a33e90737174950b37332b246b9f682ccfa9120b9d583", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/cli/src/output.rs", "duplicate_line": 33, "correlation_key": "fp|fa37b3e08d0049ce973a33e90737174950b37332b246b9f682ccfa9120b9d583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/diagnostics/src/diagnostic.rs"}, "region": {"startLine": 127}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145158, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd3d72bf6841566247ab36f362bebe5e15c97bbe959d42db19028e955fc5dc16", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/cli/src/handlers/build.rs", "duplicate_line": 134, "correlation_key": "fp|dd3d72bf6841566247ab36f362bebe5e15c97bbe959d42db19028e955fc5dc16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/handlers/run.rs"}, "region": {"startLine": 228}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145157, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d7697c86ccf51409fcc96991e71f173c03d1e1e4989bfe37b040293fc5f1511", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/cli/src/handlers/learn.rs", "duplicate_line": 72, "correlation_key": "fp|6d7697c86ccf51409fcc96991e71f173c03d1e1e4989bfe37b040293fc5f1511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/handlers/new.rs"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 145134, "scanner": "repobility-threat-engine", "fingerprint": "9333de9267fffb50f4f088259d661478fa1a77c965be61f1df5760bc34d031e0", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = errorObj.Type(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9333de9267fffb50f4f088259d661478fa1a77c965be61f1df5760bc34d031e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bindgen/internal/convert/returns.go"}, "region": {"startLine": 313}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 145133, "scanner": "repobility-threat-engine", "fingerprint": "8a87ef4617febad5d0d06873f9bb101b4f96b79ffa56e2c79eb0bfc699b11fd2", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = fs.Parse(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a87ef4617febad5d0d06873f9bb101b4f96b79ffa56e2c79eb0bfc699b11fd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bindgen/internal/cli/generate_pkgs.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 145132, "scanner": "repobility-threat-engine", "fingerprint": "66c10bf179e5f9791ccc1849116e2a22ff5bed0245a5740be62ebadb5a50595b", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = fs.Parse(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|66c10bf179e5f9791ccc1849116e2a22ff5bed0245a5740be62ebadb5a50595b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bindgen/internal/cli/cli.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 145156, "scanner": "repobility-threat-engine", "fingerprint": "70c54bf275f4fd211ab37a505180fcc45cf82d937091a02a5c29984506f259d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70c54bf275f4fd211ab37a505180fcc45cf82d937091a02a5c29984506f259d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "prelude/string.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 145155, "scanner": "repobility-threat-engine", "fingerprint": "f14a7639da430908540e11143d9e5ed30efef32e9c3007490c203d9531f523a0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f14a7639da430908540e11143d9e5ed30efef32e9c3007490c203d9531f523a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "prelude/channel.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 145152, "scanner": "repobility-threat-engine", "fingerprint": "9b3fc136bb6e16693432f088afd66627b814dcd41db56c6875ca22f032e13a92", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9b3fc136bb6e16693432f088afd66627b814dcd41db56c6875ca22f032e13a92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/src/runner/wasm-bridge.ts"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 145149, "scanner": "repobility-threat-engine", "fingerprint": "899a48d43b348ca8b75009d7fef31f7cc3fc1d5f27452172a1327b68c46941f2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|899a48d43b348ca8b75009d7fef31f7cc3fc1d5f27452172a1327b68c46941f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/src/editor/index.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED012", "level": "none", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 145147, "scanner": "repobility-threat-engine", "fingerprint": "ac791e9cdad3599d783f5d3ce9e3dc8377a8662e0bc30504ae7c2930d9d00e85", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac791e9cdad3599d783f5d3ce9e3dc8377a8662e0bc30504ae7c2930d9d00e85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/install.sh"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 145146, "scanner": "repobility-threat-engine", "fingerprint": "98f4e92288437ce202fc197ffb9fc99ee1e5da0306924039734f7677a4455e5f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98f4e92288437ce202fc197ffb9fc99ee1e5da0306924039734f7677a4455e5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/syntax/src/parse/strings.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 145144, "scanner": "repobility-threat-engine", "fingerprint": "3012c4be4d3ae7d219e416ab795cd9a9ed2956e5ca74f9f6c59987f6c53537fb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3012c4be4d3ae7d219e416ab795cd9a9ed2956e5ca74f9f6c59987f6c53537fb", "aggregated_count": 22}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 145143, "scanner": "repobility-threat-engine", "fingerprint": "d4bd08af322941191ab21e7729df0e08f58fa0edb43d9c7ec08787b89b55efa7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d4bd08af322941191ab21e7729df0e08f58fa0edb43d9c7ec08787b89b55efa7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/pipeline.rs"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 145142, "scanner": "repobility-threat-engine", "fingerprint": "66d9145f0338790e35cba32fae45f46a25b6256c5e32c37eaa2d6d3f41b6a24a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66d9145f0338790e35cba32fae45f46a25b6256c5e32c37eaa2d6d3f41b6a24a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/src/handlers/lsp.rs"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 145141, "scanner": "repobility-threat-engine", "fingerprint": "be68e48f1521cbbc46bdcd999bed105196a5e3b3ae2fbce1ac235125135df2b9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|be68e48f1521cbbc46bdcd999bed105196a5e3b3ae2fbce1ac235125135df2b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/build.rs"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 145140, "scanner": "repobility-threat-engine", "fingerprint": "cdc56ab86c553a355afdc4fdcca2f4ff84c6211f1ff908b717bcec97e2dc6955", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cdc56ab86c553a355afdc4fdcca2f4ff84c6211f1ff908b717bcec97e2dc6955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/semantics/src/checker/registration/builtins.rs"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 145139, "scanner": "repobility-threat-engine", "fingerprint": "408ae5b4d0f6747daa8ce6c8425d0c7fa6cacf7fee058e865f9da9acdb65f7ab", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'fixture' detected on same line", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|408ae5b4d0f6747daa8ce6c8425d0c7fa6cacf7fee058e865f9da9acdb65f7ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/benchmark/src/lib.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 145138, "scanner": "repobility-threat-engine", "fingerprint": "247d4b5c497c24aebfcd582ebf8a04333cfcef2c5c733ec53244cdcd6622209f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|247d4b5c497c24aebfcd582ebf8a04333cfcef2c5c733ec53244cdcd6622209f", "aggregated_count": 12}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 145131, "scanner": "repobility-threat-engine", "fingerprint": "5a1bdd19a2a0d6287bca106676915d9e3f126e42c502b9438887f1f4cb34c51b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5a1bdd19a2a0d6287bca106676915d9e3f126e42c502b9438887f1f4cb34c51b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bindgen/internal/cli/cli.go"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `editors/intellij/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `editors/intellij/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,966 bytes) committed to a repo that otherwise has 604 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 145204, "scanner": "repobility-supply-chain", "fingerprint": "a92cbe04837feb7e9f09f395a3e1817e7402a915f0f38377ae7d7f1b0d663d7b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a92cbe04837feb7e9f09f395a3e1817e7402a915f0f38377ae7d7f1b0d663d7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "editors/intellij/gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145203, "scanner": "repobility-supply-chain", "fingerprint": "ff48b8f5a102c59a634c2722693759c96992d5acbe69ea140910f259523c1c3b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff48b8f5a102c59a634c2722693759c96992d5acbe69ea140910f259523c1c3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145202, "scanner": "repobility-supply-chain", "fingerprint": "e6fb0932a0a2770590f73cf6209a8a87d5219745843f92de69992b8ebc8501b2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e6fb0932a0a2770590f73cf6209a8a87d5219745843f92de69992b8ebc8501b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145201, "scanner": "repobility-supply-chain", "fingerprint": "6ca8276aed5e8769d560fa2128876fb26b509ad5ec15b3028003a0d6cbe3b034", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ca8276aed5e8769d560fa2128876fb26b509ad5ec15b3028003a0d6cbe3b034"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145200, "scanner": "repobility-supply-chain", "fingerprint": "b27b87f508c516cfc805c425ea2c9894b64347d9f6a73b008d4f10508cea1796", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b27b87f508c516cfc805c425ea2c9894b64347d9f6a73b008d4f10508cea1796"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 247}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145199, "scanner": "repobility-supply-chain", "fingerprint": "33e209ad9ac40a7864378a2058e42756addef16f1f540cb1ed64cb0d7e1e343f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33e209ad9ac40a7864378a2058e42756addef16f1f540cb1ed64cb0d7e1e343f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145198, "scanner": "repobility-supply-chain", "fingerprint": "588db7380713e5d7e510ad1b218c43c98fc9f82ed2ad9d7dbd2c280965101a15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|588db7380713e5d7e510ad1b218c43c98fc9f82ed2ad9d7dbd2c280965101a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145197, "scanner": "repobility-supply-chain", "fingerprint": "fcb51ece7bb5d037a97605158a033c15dc02b6bcb916d8c289acfb221037521a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fcb51ece7bb5d037a97605158a033c15dc02b6bcb916d8c289acfb221037521a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145196, "scanner": "repobility-supply-chain", "fingerprint": "1eabf0997fefdd56c6665a5e17fc97224bf70f6608df37ed8a45d95045edd6eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1eabf0997fefdd56c6665a5e17fc97224bf70f6608df37ed8a45d95045edd6eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145195, "scanner": "repobility-supply-chain", "fingerprint": "752e0cb4b1e9ccc18e2f7539905b52b20ca9839cc3128a4b32a41220c775ecec", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|752e0cb4b1e9ccc18e2f7539905b52b20ca9839cc3128a4b32a41220c775ecec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 190}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145194, "scanner": "repobility-supply-chain", "fingerprint": "f2f1f190281a00df461fe97ec04a8e3419399018e09462feb93ed8ac4bbd0a95", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2f1f190281a00df461fe97ec04a8e3419399018e09462feb93ed8ac4bbd0a95"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 185}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145193, "scanner": "repobility-supply-chain", "fingerprint": "96003501596cf551f91a1e0ffad5f2b738d8182c77bd44df15a1fe0b6c83f9e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96003501596cf551f91a1e0ffad5f2b738d8182c77bd44df15a1fe0b6c83f9e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/attest-build-provenance` pinned to mutable ref `@v3`: `uses: actions/attest-build-provenance@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145192, "scanner": "repobility-supply-chain", "fingerprint": "95fa8dfe4d0302c9cb1c8b87b56cbf37cd83e89d9310a10cceece8cc1e1b68ea", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|95fa8dfe4d0302c9cb1c8b87b56cbf37cd83e89d9310a10cceece8cc1e1b68ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145191, "scanner": "repobility-supply-chain", "fingerprint": "15fcf3d819a03d2b1cd4ad9b0296e90eee6d2e95e766d4c649a78352e66435e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15fcf3d819a03d2b1cd4ad9b0296e90eee6d2e95e766d4c649a78352e66435e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145190, "scanner": "repobility-supply-chain", "fingerprint": "e641573dfce5ee159213acebf56e8a393f17a38248d111de592c4f0f10b8b74d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e641573dfce5ee159213acebf56e8a393f17a38248d111de592c4f0f10b8b74d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145189, "scanner": "repobility-supply-chain", "fingerprint": "257b2528cf6f893c461adb72ea90b849cd60db5a3609f513b860a308bd231469", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|257b2528cf6f893c461adb72ea90b849cd60db5a3609f513b860a308bd231469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145188, "scanner": "repobility-supply-chain", "fingerprint": "13ba472fd285e9fd5f41de38260a974b43ef74261ae4b98120c625b210f25129", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|13ba472fd285e9fd5f41de38260a974b43ef74261ae4b98120c625b210f25129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 145187, "scanner": "repobility-supply-chain", "fingerprint": "cffd4b317b99f453ba12e4883baf5fcbf8056429a22ec07f2fc4a5835d904fc4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cffd4b317b99f453ba12e4883baf5fcbf8056429a22ec07f2fc4a5835d904fc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 145154, "scanner": "repobility-threat-engine", "fingerprint": "7a2900168bb34accf30e446db19d4ecadbd330f5b193e160ccb85dcd1d6c1952", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a2900168bb34accf30e446db19d4ecadbd330f5b193e160ccb85dcd1d6c1952"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "prelude/panic.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 145153, "scanner": "repobility-threat-engine", "fingerprint": "1d67124ecf467ea98461e74f55c07fc3df347cbf2b7a4291e2b3b8cc1365dc53", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d67124ecf467ea98461e74f55c07fc3df347cbf2b7a4291e2b3b8cc1365dc53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "prelude/channel.go"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 145145, "scanner": "repobility-threat-engine", "fingerprint": "3bf1be31e0417d0ff27c0d8b2e435f588a6dd5b8d2dc164b1aefa1a9c6ce9bc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "self.bindings.save();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3bf1be31e0417d0ff27c0d8b2e435f588a6dd5b8d2dc164b1aefa1a9c6ce9bc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/emit/src/state/scope.rs"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 145137, "scanner": "repobility-threat-engine", "fingerprint": "94415f9ec718f47813dd7b11746de91f8a8c9cd3c9aa517d3508bdcea4ec4a32", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|94415f9ec718f47813dd7b11746de91f8a8c9cd3c9aa517d3508bdcea4ec4a32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/cli/build.rs"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 145136, "scanner": "repobility-threat-engine", "fingerprint": "8b4e6eae23562aadf33634d7fdb933622efb0d56e654dada2464d1316423f039", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b4e6eae23562aadf33634d7fdb933622efb0d56e654dada2464d1316423f039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/benchmark/src/lib.rs"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 145135, "scanner": "repobility-threat-engine", "fingerprint": "6273e8746006f93bfde6cd2219c481dffa9fd7952d07dfa6ad7c46e711d3562e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6273e8746006f93bfde6cd2219c481dffa9fd7952d07dfa6ad7c46e711d3562e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/benchmark/benches/parse.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 145151, "scanner": "repobility-threat-engine", "fingerprint": "8b0a811d5d005889617a9af57be2996fb16dbb80e022f15f3cd0bd5e4a99887d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b0a811d5d005889617a9af57be2996fb16dbb80e022f15f3cd0bd5e4a99887d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "playground/src/runner/wasm-bridge.ts"}, "region": {"startLine": 214}}}]}]}]}