{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(f"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 23.1% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 23.1% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Compose service `vercel-blob` image uses the latest tag", "shortDescription": {"text": "Compose service `vercel-blob` image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `google-cloud-storage` image has no explicit tag", "shortDescription": {"text": "Compose service `google-cloud-storage` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Add a database-native healthcheck such as pg_isready, mysqladmin ping, redis-cli ping, or the vendor's readiness command."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "Copy dependency manifests first, install dependencies in a cached layer, then copy the rest of the source tree."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR018", "name": "Database dump or local database file is included in Docker build context", "shortDescription": {"text": "Database dump or local database file is included in Docker build context"}, "fullDescription": {"text": "Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "Give the database a healthcheck and change the dependency to `depends_on: { db: { condition: service_healthy } }`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "DKC013", "name": "Database service has no persistent data volume", "shortDescription": {"text": "Database service has no persistent data volume"}, "fullDescription": {"text": "Mount the database data directory to a named Docker volume or managed persistent disk, and document backup and restore testing."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies the entire context without .dockerignore", "shortDescription": {"text": "Dockerfile copies the entire context without .dockerignore"}, "fullDescription": {"text": "Create .dockerignore before using broad context copies, or copy only the required files and directories."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKC008", "name": "Compose service mounts the Docker socket", "shortDescription": {"text": "Compose service mounts the Docker socket"}, "fullDescription": {"text": "Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.98, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/233"}, "properties": {"repository": "payloadcms/payload", "repoUrl": "https://github.com/payloadcms/payload", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 22507, "scanner": "repobility-threat-engine", "fingerprint": "2b80d4a9d96e4359a42ac3ffaa8a82985737ce49babcc7c3f14c6ddbcb83c0e9", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (error) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2b80d4a9d96e4359a42ac3ffaa8a82985737ce49babcc7c3f14c6ddbcb83c0e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/ecommerce/src/app/(app)/(account)/orders/page.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 7568, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 7567, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7564, "scanner": "repobility-journey-contract", "fingerprint": "a6ddcbec53d6b2df876eb2418938e746d9a863677179eb60039adb455dcef0a1", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/media/file/image.webp", "correlation_key": "fp|a6ddcbec53d6b2df876eb2418938e746d9a863677179eb60039adb455dcef0a1", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/utilities/getMediaUrl.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7563, "scanner": "repobility-journey-contract", "fingerprint": "af0550ff3962c9ad95a60f2652598df925f355d32571cde2e75d3b56e9d7620c", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/seed", "correlation_key": "fp|af0550ff3962c9ad95a60f2652598df925f355d32571cde2e75d3b56e9d7620c", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/endpoints/seed/index.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7562, "scanner": "repobility-journey-contract", "fingerprint": "0e9637df55d9ccbfcf4fa4c6fe60f9d23b157736147bbdec176c90d80b8f8354", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/media/file/image.webp", "correlation_key": "fp|0e9637df55d9ccbfcf4fa4c6fe60f9d23b157736147bbdec176c90d80b8f8354", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/utilities/getMediaUrl.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7561, "scanner": "repobility-journey-contract", "fingerprint": "2773a72af52a0a2f180db064e4182929faece252c5e08cd50b1f7e3ec0b64b49", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/seed", "correlation_key": "fp|2773a72af52a0a2f180db064e4182929faece252c5e08cd50b1f7e3ec0b64b49", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/endpoints/seed/index.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7560, "scanner": "repobility-journey-contract", "fingerprint": "f63e53bde5d38640574d872ccaf0e605265818f197362cf1754031b5b458e399", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/seed", "correlation_key": "fp|f63e53bde5d38640574d872ccaf0e605265818f197362cf1754031b5b458e399", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/ecommerce/src/endpoints/seed/index.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7559, "scanner": "repobility-journey-contract", "fingerprint": "9c1b3967117e02461fb29f98669312beeaccd9fc869706250b77520dc68f7681", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/sse", "correlation_key": "fp|9c1b3967117e02461fb29f98669312beeaccd9fc869706250b77520dc68f7681", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-mcp/src/index.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7558, "scanner": "repobility-journey-contract", "fingerprint": "9fd1f53692fe5f5d5323d6b2bf4dd77a2b459de5f855de4243bb8e357cc33688", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/mcp", "correlation_key": "fp|9fd1f53692fe5f5d5323d6b2bf4dd77a2b459de5f855de4243bb8e357cc33688", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-mcp/src/index.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7557, "scanner": "repobility-journey-contract", "fingerprint": "22116a06fb5ae9292acf5514d944ac03c2a1f4756b34964202c83696fcb3c5a1", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/payments/{param}/initiate", "correlation_key": "fp|22116a06fb5ae9292acf5514d944ac03c2a1f4756b34964202c83696fcb3c5a1", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/types/index.ts"}, "region": {"startLine": 197}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7556, "scanner": "repobility-journey-contract", "fingerprint": "84bed4a3554350e8c372bbdd1b0c9a23a5b2edaf3cab0e8958592c2005ef0160", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/payments/stripe/webhooks", "correlation_key": "fp|84bed4a3554350e8c372bbdd1b0c9a23a5b2edaf3cab0e8958592c2005ef0160", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/types/index.ts"}, "region": {"startLine": 161}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7555, "scanner": "repobility-journey-contract", "fingerprint": "3cd5002061ba29cadc0e0fcb89a976cdcf69aa6614f253d9b6dfb71077d3bb4e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/payments/{param}", "correlation_key": "fp|3cd5002061ba29cadc0e0fcb89a976cdcf69aa6614f253d9b6dfb71077d3bb4e", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/types/index.ts"}, "region": {"startLine": 159}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7554, "scanner": "repobility-journey-contract", "fingerprint": "d54c7f7d8367422d5a61c7c11116aace028cb8cafca20c0b1b57fc3e57f00916", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/payments/{param}/confirm-order", "correlation_key": "fp|d54c7f7d8367422d5a61c7c11116aace028cb8cafca20c0b1b57fc3e57f00916", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/types/index.ts"}, "region": {"startLine": 137}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7553, "scanner": "repobility-journey-contract", "fingerprint": "8d07bddc5d360acab50261af47db82f433f93839b5c27828a2c30bcc6c52f86f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/carts/123/update-item", "correlation_key": "fp|8d07bddc5d360acab50261af47db82f433f93839b5c27828a2c30bcc6c52f86f", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/collections/carts/endpoints/updateItem.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7552, "scanner": "repobility-journey-contract", "fingerprint": "c8ffa59818e90be396655934829ca6ee5dc4da235e0668fe125513e24f3c1bb6", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/carts/123/update-item", "correlation_key": "fp|c8ffa59818e90be396655934829ca6ee5dc4da235e0668fe125513e24f3c1bb6", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/collections/carts/endpoints/updateItem.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7551, "scanner": "repobility-journey-contract", "fingerprint": "e0ee959f85f228e9820eb4b3c6f2203691af31974a7a8ca5853589467cbbec1f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/carts/123/update-item", "correlation_key": "fp|e0ee959f85f228e9820eb4b3c6f2203691af31974a7a8ca5853589467cbbec1f", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/plugin-ecommerce/src/collections/carts/endpoints/updateItem.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 7550, "scanner": "repobility-journey-contract", "fingerprint": "425a31453c10f500b9d2b5005b19ca323abd239c8a1127c9df8245a0c903cc70", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/og", "correlation_key": "fp|425a31453c10f500b9d2b5005b19ca323abd239c8a1127c9df8245a0c903cc70", "backend_endpoint_count": 13}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/payload/src/config/types.ts"}, "region": {"startLine": 239}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/(sitemaps)/pages-sitemap.xml."}, "properties": {"repobilityId": 7549, "scanner": "repobility-access-control", "fingerprint": "d09d69091e5da83ecf444b44e7c577c495d422ae88fe7ebf19d26bb5650f7a04", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/(sitemaps)/pages-sitemap.xml", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / frontend / sitemaps /pages-sitemap.xml/route.ts|64|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/(sitemaps)/pages-sitemap.xml/route.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/(sitemaps)/posts-sitemap.xml."}, "properties": {"repobilityId": 7548, "scanner": "repobility-access-control", "fingerprint": "b90d7ae993b318d7fa6285f092250c166495aa1d4b2354466a822fc05e75d87d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/(sitemaps)/posts-sitemap.xml", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / frontend / sitemaps /posts-sitemap.xml/route.ts|51|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/(sitemaps)/posts-sitemap.xml/route.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/next/exit-preview."}, "properties": {"repobilityId": 7547, "scanner": "repobility-access-control", "fingerprint": "b76a8eab08266e478bf8984adba64c2f1a64530f8ac886fd11d49bc7c043943f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/exit-preview", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / frontend /next/exit-preview/route.ts|3|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/next/exit-preview/route.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/next/preview."}, "properties": {"repobilityId": 7546, "scanner": "repobility-access-control", "fingerprint": "11b818e5af039fa7e63c6bf4757496340988e6da03f41fb14f8b9fad323b5d89", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/preview", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / frontend /next/preview/route.ts|15|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /(frontend)/next/seed."}, "properties": {"repobilityId": 7545, "scanner": "repobility-access-control", "fingerprint": "9cfd583c81619a62f82878c29701fc8b013ff958126b38d541dcfa5d0a3a3972", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/seed", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token / frontend /next/seed/route.ts|8|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/next/seed/route.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/(sitemaps)/pages-sitemap.xml."}, "properties": {"repobilityId": 7544, "scanner": "repobility-access-control", "fingerprint": "978a0227054e6f0c89971e6d758b868e5de97258569b94e9f4a5ec44746e20db", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/(sitemaps)/pages-sitemap.xml", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|templates/website/src/app/ frontend / sitemaps /pages-sitemap.xml/route.ts|64|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/(sitemaps)/pages-sitemap.xml/route.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/(sitemaps)/posts-sitemap.xml."}, "properties": {"repobilityId": 7543, "scanner": "repobility-access-control", "fingerprint": "8ffe376548ea8b26b8ae962102e513f8dc16e9bc7c9931044647d2b253775d0f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/(sitemaps)/posts-sitemap.xml", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|templates/website/src/app/ frontend / sitemaps /posts-sitemap.xml/route.ts|51|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/(sitemaps)/posts-sitemap.xml/route.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/next/exit-preview."}, "properties": {"repobilityId": 7542, "scanner": "repobility-access-control", "fingerprint": "33ca7613a5a71b0e529cf64cfc6be60732144f6778bfdcaaf8741d311f7d6796", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/exit-preview", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|templates/website/src/app/ frontend /next/exit-preview/route.ts|3|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/next/exit-preview/route.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /(frontend)/next/preview."}, "properties": {"repobilityId": 7541, "scanner": "repobility-access-control", "fingerprint": "3687ab004869d7e1e79ed0bedad25a34cfd5eb04cb6e8bb6d591b80994cb901b", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/preview", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|templates/website/src/app/ frontend /next/preview/route.ts|15|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/next/preview/route.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /(frontend)/next/seed."}, "properties": {"repobilityId": 7540, "scanner": "repobility-access-control", "fingerprint": "0146912442ba722773b530ed89337e83ea9665d1e648bbd777bf9d6b563075ba", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/(frontend)/next/seed", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|templates/website/src/app/ frontend /next/seed/route.ts|8|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/next/seed/route.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 23.1% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 7539, "scanner": "repobility-access-control", "fingerprint": "25721e1726c6b6eab588613c2400fbc69db7a8eb7073595bab815cd9704eb92f", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 13, "correlation_key": "fp|25721e1726c6b6eab588613c2400fbc69db7a8eb7073595bab815cd9704eb92f", "auth_visible_percent": 23.1}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 7538, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js", "GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `vercel-blob` image uses the latest tag"}, "properties": {"repobilityId": 7535, "scanner": "repobility-docker", "fingerprint": "2beacec4364f5c997e590fce08876c45ef581e13c01f36e3200bec8711f3c980", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/payloadcms/vercel-blob-emulator:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2beacec4364f5c997e590fce08876c45ef581e13c01f36e3200bec8711f3c980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 221}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `google-cloud-storage` image has no explicit tag"}, "properties": {"repobilityId": 7532, "scanner": "repobility-docker", "fingerprint": "87a15dab40e632492d4bd390d5e3f42fd62cbe8b631226c7e2e19c9bfc730d78", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "fsouza/fake-gcs-server", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|87a15dab40e632492d4bd390d5e3f42fd62cbe8b631226c7e2e19c9bfc730d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 198}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `azure-storage` image uses the latest tag"}, "properties": {"repobilityId": 7529, "scanner": "repobility-docker", "fingerprint": "b7be95dd291a9cdc41afd8095d5d9d16a11cbf22935b86d9d4e0e1c3ca7983df", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mcr.microsoft.com/azure-storage/azurite:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b7be95dd291a9cdc41afd8095d5d9d16a11cbf22935b86d9d4e0e1c3ca7983df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 184}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongodb-atlas` image uses the latest tag"}, "properties": {"repobilityId": 7524, "scanner": "repobility-docker", "fingerprint": "553e0d92b2762e930e31cedb60f2827108b3fef48ce30ec9330bd60404e05ee7", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongodb/mongodb-atlas-local:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|553e0d92b2762e930e31cedb60f2827108b3fef48ce30ec9330bd60404e05ee7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongot` image uses the latest tag"}, "properties": {"repobilityId": 7522, "scanner": "repobility-docker", "fingerprint": "a097b7093948baf899b484e73ed80d6c4cd9efef9bb81e909071ced20cdab06d", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongodb/mongodb-community-search:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a097b7093948baf899b484e73ed80d6c4cd9efef9bb81e909071ced20cdab06d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 116}}}]}, {"ruleId": "DKC007", "level": "warning", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 7519, "scanner": "repobility-docker", "fingerprint": "cf1d06e59dd47c2a978b64efaf3a5ce6a12acedd33629ce9042f6d0f485af979", "category": "docker", "severity": "medium", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal, but this Compose file is under a test/example/local path and needs human confirmation before treating it as production exposure.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres-replica", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "reference_or_local", "correlation_key": "fp|cf1d06e59dd47c2a978b64efaf3a5ce6a12acedd33629ce9042f6d0f485af979", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `postgres-replica` image uses the latest tag"}, "properties": {"repobilityId": 7518, "scanner": "repobility-docker", "fingerprint": "d5b444d827633ce27b8c5c8184778c92b9607975200384e9bef309934637e062", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/payloadcms/postgis-vector:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d5b444d827633ce27b8c5c8184778c92b9607975200384e9bef309934637e062"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKC007", "level": "warning", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 7516, "scanner": "repobility-docker", "fingerprint": "3239ade34e61a97109a8353864b72b5b0f087391707bfede0b1a03f6ab1edc3f", "category": "docker", "severity": "medium", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal, but this Compose file is under a test/example/local path and needs human confirmation before treating it as production exposure.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "reference_or_local", "correlation_key": "fp|3239ade34e61a97109a8353864b72b5b0f087391707bfede0b1a03f6ab1edc3f", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `postgres` image uses the latest tag"}, "properties": {"repobilityId": 7515, "scanner": "repobility-docker", "fingerprint": "e5c1295240eee79f10662ba1e67bcf0cdeddefa48852cd1e2b3d1f71c2c17287", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "ghcr.io/payloadcms/postgis-vector:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e5c1295240eee79f10662ba1e67bcf0cdeddefa48852cd1e2b3d1f71c2c17287"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7514, "scanner": "repobility-docker", "fingerprint": "b86bc1e8de474c5fbfc45bff1c64de9c22cbee93d4233493311f2e0eddf88437", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|b86bc1e8de474c5fbfc45bff1c64de9c22cbee93d4233493311f2e0eddf88437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `postgres` image has no explicit tag"}, "properties": {"repobilityId": 7511, "scanner": "repobility-docker", "fingerprint": "5376d4115bbd2ada7b60912b5603411adca6c1c6015070ef27536b1cd7121e81", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "postgres", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|5376d4115bbd2ada7b60912b5603411adca6c1c6015070ef27536b1cd7121e81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7510, "scanner": "repobility-docker", "fingerprint": "0f56d258a8741a444f38bcf0498483de15b5788f999f71f97fb55d8f15726889", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0f56d258a8741a444f38bcf0498483de15b5788f999f71f97fb55d8f15726889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `postgres` image uses the latest tag"}, "properties": {"repobilityId": 7508, "scanner": "repobility-docker", "fingerprint": "7c887509fddb2c16ebbcebbe2cd9ab850f2d548bfc369fdf923c54aa74f207c8", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "postgres:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|7c887509fddb2c16ebbcebbe2cd9ab850f2d548bfc369fdf923c54aa74f207c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7504, "scanner": "repobility-docker", "fingerprint": "d9b7f36b040ff66f470af76a73afb956350849962ba57878975da3288fddd962", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|d9b7f36b040ff66f470af76a73afb956350849962ba57878975da3288fddd962"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7502, "scanner": "repobility-docker", "fingerprint": "ae74bb201e6040d83c835285d277780abde0bacdf04b0a4d45874c1b373df0df", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ae74bb201e6040d83c835285d277780abde0bacdf04b0a4d45874c1b373df0df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7498, "scanner": "repobility-docker", "fingerprint": "45b2c7f8e0531e90bd8bbcddafa0dde7fc41b414761c58bae68d33a5137ec8c5", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|45b2c7f8e0531e90bd8bbcddafa0dde7fc41b414761c58bae68d33a5137ec8c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `postgres` image uses the latest tag"}, "properties": {"repobilityId": 7495, "scanner": "repobility-docker", "fingerprint": "32119e04318c8817525e8c6c6eb63b38c479361c233c97f1adc50c104ff91173", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "postgres:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|32119e04318c8817525e8c6c6eb63b38c479361c233c97f1adc50c104ff91173"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7491, "scanner": "repobility-docker", "fingerprint": "f42a1c1cc0f2af28eec34208f11b7b395b20d76609200d8479992c723edabf0e", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f42a1c1cc0f2af28eec34208f11b7b395b20d76609200d8479992c723edabf0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7489, "scanner": "repobility-docker", "fingerprint": "1a6f08e2d1209c31d04f05d769394addc0f911d1bb068640ffa86f9d3a770155", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1a6f08e2d1209c31d04f05d769394addc0f911d1bb068640ffa86f9d3a770155"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7485, "scanner": "repobility-docker", "fingerprint": "fcce7e46f3351bf895e46629020d6140903f5c0c06b1f6d62a6eb4635225e214", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|fcce7e46f3351bf895e46629020d6140903f5c0c06b1f6d62a6eb4635225e214"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7483, "scanner": "repobility-docker", "fingerprint": "2604d5e4940e3b94751f43ae6b97624d58326fdbe2f3dce3664b7c07a6f31af4", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|2604d5e4940e3b94751f43ae6b97624d58326fdbe2f3dce3664b7c07a6f31af4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7479, "scanner": "repobility-docker", "fingerprint": "17d5c6f058e43020600edc3fbe201c1dd3041f0957d70d0bc2333e41dc95d7ba", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|17d5c6f058e43020600edc3fbe201c1dd3041f0957d70d0bc2333e41dc95d7ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7477, "scanner": "repobility-docker", "fingerprint": "07ac1db0f963a6704af70c7ce97df2b95a66360087d8026f1210e8f66792a003", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|07ac1db0f963a6704af70c7ce97df2b95a66360087d8026f1210e8f66792a003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7473, "scanner": "repobility-docker", "fingerprint": "914b66b1aa8c77ba2aa31dffd2e651f8583e78679b6784e350b94e701109cbe0", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|914b66b1aa8c77ba2aa31dffd2e651f8583e78679b6784e350b94e701109cbe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7471, "scanner": "repobility-docker", "fingerprint": "18726224e236da534cdf08af70be34649d8b68c6e4e13e580a9549305fc5047f", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|18726224e236da534cdf08af70be34649d8b68c6e4e13e580a9549305fc5047f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7467, "scanner": "repobility-docker", "fingerprint": "36a4a541dfab7d8719ab876749e67d96ed783c035515605e9407624102304c26", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|36a4a541dfab7d8719ab876749e67d96ed783c035515605e9407624102304c26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7465, "scanner": "repobility-docker", "fingerprint": "f9aeff815cd360fe688bf3146a210328f32a9a1b21db6df5eba93e594e3783eb", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|f9aeff815cd360fe688bf3146a210328f32a9a1b21db6df5eba93e594e3783eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC015", "level": "warning", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 7461, "scanner": "repobility-docker", "fingerprint": "daffc1715800cdb7f667ef2b48f64cfc2fbce9d40339cd18d6ca3c7b89ba4e89", "category": "docker", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|daffc1715800cdb7f667ef2b48f64cfc2fbce9d40339cd18d6ca3c7b89ba4e89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Compose service `mongo` image uses the latest tag"}, "properties": {"repobilityId": 7459, "scanner": "repobility-docker", "fingerprint": "6fcbaf26c13e34e3634a78ccba9fd36670e7db19059cf8536c1d20e810b3e878", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "mongo:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|6fcbaf26c13e34e3634a78ccba9fd36670e7db19059cf8536c1d20e810b3e878"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 7448, "scanner": "repobility-docker", "fingerprint": "b13587645588c4edf02e6d3d78823f54fd76cd2cf11e6fabda155b611b2b1121", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "base", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|b13587645588c4edf02e6d3d78823f54fd76cd2cf11e6fabda155b611b2b1121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/website/Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 7447, "scanner": "repobility-docker", "fingerprint": "9b5f804a87bd3122560439b7194a6661a305d5d1580fbf565b51794667649fe7", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 9 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 9, "correlation_key": "fp|9b5f804a87bd3122560439b7194a6661a305d5d1580fbf565b51794667649fe7", "dependency_install_line": 17}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/website/Dockerfile"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 7444, "scanner": "repobility-docker", "fingerprint": "829805833368d57ed5f6962e6e4311ee6e2342a87d6039db12ffc5aa116b1193", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "base", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|829805833368d57ed5f6962e6e4311ee6e2342a87d6039db12ffc5aa116b1193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/Dockerfile"}, "region": {"startLine": 12}}}]}, {"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 7443, "scanner": "repobility-docker", "fingerprint": "3f01f63e2cd45efcd9aad2b5786d33031bb56fd57ac29652f53ddb3915b8bbff", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 8 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 8, "correlation_key": "fp|3f01f63e2cd45efcd9aad2b5786d33031bb56fd57ac29652f53ddb3915b8bbff", "dependency_install_line": 9}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 7441, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR018", "level": "warning", "message": {"text": "Database dump or local database file is included in Docker build context"}, "properties": {"repobilityId": 7439, "scanner": "repobility-docker", "fingerprint": "655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like artifacts are reachable from the Docker build context and are not ignored.", "evidence": {"rule_id": "DKR018", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|655485f8d8d660f19955b099504360fbf5ff0f88b2be2fc7d9501b5ab7e7369f", "database_artifacts": [{"path": "payload.db", "size_mb": 0.3}]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22826, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b4f968a58ef0d93e68f960d6390e6bc30335ee5474fa7d979b713f9741b0cd0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/drizzle/src/count.ts", "duplicate_line": 15, "correlation_key": "fp|4b4f968a58ef0d93e68f960d6390e6bc30335ee5474fa7d979b713f9741b0cd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/drizzle/src/countGlobalVersions.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22825, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8695e2033e5cd76ed32912039a951b5c0691095747f24cce1f346d003733b4ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-postgres/src/types.ts", "duplicate_line": 29, "correlation_key": "fp|8695e2033e5cd76ed32912039a951b5c0691095747f24cce1f346d003733b4ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/types.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22824, "scanner": "repobility-ai-code-hygiene", "fingerprint": "051417abda121bb55755a356584bb49f0692bddfddeaa7ea019bb8e952c06315", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-sqlite/src/index.ts", "duplicate_line": 168, "correlation_key": "fp|051417abda121bb55755a356584bb49f0692bddfddeaa7ea019bb8e952c06315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/index.ts"}, "region": {"startLine": 159}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22823, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3fe5d0e0919c362e1a6742d46fda3f56df356d3483ca25b574914d4c46ce6c1e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-postgres/src/index.ts", "duplicate_line": 10, "correlation_key": "fp|3fe5d0e0919c362e1a6742d46fda3f56df356d3483ca25b574914d4c46ce6c1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/index.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22822, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4f91d53b6633f924a0812990c26c50e5efaebdd026ae73f0c2bd723292f215f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/index.ts", "duplicate_line": 2, "correlation_key": "fp|f4f91d53b6633f924a0812990c26c50e5efaebdd026ae73f0c2bd723292f215f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/index.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22821, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e0c83c53dc1ecbd7b2141612f939e4e498ff7d4ad4a337f246ad032ef2da949", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/connect.ts", "duplicate_line": 45, "correlation_key": "fp|1e0c83c53dc1ecbd7b2141612f939e4e498ff7d4ad4a337f246ad032ef2da949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/connect.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22820, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83bd2ec9035b182ac9762f014fa638b7ff041ccad4a0335fd9c9019f41f71eb2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-postgres/src/connect.ts", "duplicate_line": 68, "correlation_key": "fp|83bd2ec9035b182ac9762f014fa638b7ff041ccad4a0335fd9c9019f41f71eb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/src/connect.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22819, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0047be8348b6ea427fd095d54f50d1efa4d46cf3997a2995205417882ad52fc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-postgres/scripts/renamePredefinedMigrations.ts", "duplicate_line": 1, "correlation_key": "fp|0047be8348b6ea427fd095d54f50d1efa4d46cf3997a2995205417882ad52fc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-vercel-postgres/scripts/renamePredefinedMigrations.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22818, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6458bb9e7d99b0ef7cfb1a1b28e3dc57b658f3e16352528160924cd1ab165815", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/types.ts", "duplicate_line": 9, "correlation_key": "fp|6458bb9e7d99b0ef7cfb1a1b28e3dc57b658f3e16352528160924cd1ab165815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/src/types.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22817, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc8e94725feb910ef29ecd6e27cb210258ab35bcc6c024dc7c7755d6d8947daf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-postgres/src/index.ts", "duplicate_line": 10, "correlation_key": "fp|dc8e94725feb910ef29ecd6e27cb210258ab35bcc6c024dc7c7755d6d8947daf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/src/index.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22816, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20392c1c5f08032acee4bc6052257a38bfe401629444028ad065ecee41989a68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/index.ts", "duplicate_line": 1, "correlation_key": "fp|20392c1c5f08032acee4bc6052257a38bfe401629444028ad065ecee41989a68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/src/index.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22815, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f03337f898287ed9e25d1d53415d314a5097584e16a8486f9af06d466a48a388", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/exports/types-deprecated.ts", "duplicate_line": 1, "correlation_key": "fp|f03337f898287ed9e25d1d53415d314a5097584e16a8486f9af06d466a48a388"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/src/exports/types-deprecated.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22814, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2858104acd9f980e61e5a8cb066c94e341f7a76faf9cc160bf49299778988815", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/connect.ts", "duplicate_line": 29, "correlation_key": "fp|2858104acd9f980e61e5a8cb066c94e341f7a76faf9cc160bf49299778988815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/src/connect.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22813, "scanner": "repobility-ai-code-hygiene", "fingerprint": "600ea95aff534f52cb88c8574d5205f2cfe020505521c144832cff7b35d3cdb8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/bundle.js", "duplicate_line": 1, "correlation_key": "fp|600ea95aff534f52cb88c8574d5205f2cfe020505521c144832cff7b35d3cdb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-sqlite/bundle.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22812, "scanner": "repobility-ai-code-hygiene", "fingerprint": "329a7712f7502485260a20613326184465f1251ea71af03d268c86ba6ac0f623", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/src/index.ts", "duplicate_line": 2, "correlation_key": "fp|329a7712f7502485260a20613326184465f1251ea71af03d268c86ba6ac0f623"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-postgres/src/index.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22811, "scanner": "repobility-ai-code-hygiene", "fingerprint": "146aa4ca8b7717b46eaf55319ab01c05d83cd18ec899eb52f64937caaebca9e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-d1-sqlite/bundle.js", "duplicate_line": 8, "correlation_key": "fp|146aa4ca8b7717b46eaf55319ab01c05d83cd18ec899eb52f64937caaebca9e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-postgres/bundle.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22810, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee7dd002a5298898326fda479352ee6f6852bdcb36167d13ae4df8136555923a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/updateGlobalVersion.ts", "duplicate_line": 28, "correlation_key": "fp|ee7dd002a5298898326fda479352ee6f6852bdcb36167d13ae4df8136555923a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/updateVersion.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 22809, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c82e7af489e4c48bb953243c23e32fe1c792977eb78954682e4ca9a99db7a4ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/codemod/src/transforms/migrate-import-export-hooks/non-matching.input.ts", "duplicate_line": 1, "correlation_key": "fp|c82e7af489e4c48bb953243c23e32fe1c792977eb78954682e4ca9a99db7a4ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/codemod/src/transforms/migrate-import-export-hooks/non-matching.output.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 7569, "scanner": "repobility-web-presence", "fingerprint": "73b2c778a2053c7bcd734814344106ca8f7358f9ed2ac11e4ed2c7cf2d97eae9", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|73b2c778a2053c7bcd734814344106ca8f7358f9ed2ac11e4ed2c7cf2d97eae9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/activity/pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 7566, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 7565, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7537, "scanner": "repobility-docker", "fingerprint": "0859c80b10d94307a4eafe11fecb3b81c83f88ecfbf7c0021ade3c530ffccc24", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "vercel-blob", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0859c80b10d94307a4eafe11fecb3b81c83f88ecfbf7c0021ade3c530ffccc24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 221}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7536, "scanner": "repobility-docker", "fingerprint": "0e3941afb7de3f20b0ad3554da97dcb8543aad19c8d4767c1aa339a0e6bff6e4", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "vercel-blob", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0e3941afb7de3f20b0ad3554da97dcb8543aad19c8d4767c1aa339a0e6bff6e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 221}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7534, "scanner": "repobility-docker", "fingerprint": "c90e1a2cc98f0c245dbd258579c729d70483eb80bb78188b9525abe50de984d6", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "google-cloud-storage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c90e1a2cc98f0c245dbd258579c729d70483eb80bb78188b9525abe50de984d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 198}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7533, "scanner": "repobility-docker", "fingerprint": "7ef54d35f1303c865d663f7f179656f0b529886e47ac46238a01da426bbafbd9", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "google-cloud-storage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7ef54d35f1303c865d663f7f179656f0b529886e47ac46238a01da426bbafbd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 198}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7531, "scanner": "repobility-docker", "fingerprint": "7b12134471cd69bf1a2384464422d4e222c72d14d36cfb8d8eed9bc957543ef0", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "azure-storage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7b12134471cd69bf1a2384464422d4e222c72d14d36cfb8d8eed9bc957543ef0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 184}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7530, "scanner": "repobility-docker", "fingerprint": "24a83cebf45bc46c661ce14a06447c19d1089229858f5b54e913bf4d4ef07fde", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "azure-storage", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|24a83cebf45bc46c661ce14a06447c19d1089229858f5b54e913bf4d4ef07fde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 184}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7528, "scanner": "repobility-docker", "fingerprint": "cfbb6337c31cf999c96b8cd617c7761c97764c3b4870c9d2e9d4978d9956e756", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "localstack", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|cfbb6337c31cf999c96b8cd617c7761c97764c3b4870c9d2e9d4978d9956e756"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 167}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7526, "scanner": "repobility-docker", "fingerprint": "4970329225d024fb20290bba0a661126bb31b773e5e7842f932679975fcef415", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "localstack", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4970329225d024fb20290bba0a661126bb31b773e5e7842f932679975fcef415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 167}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7507, "scanner": "repobility-docker", "fingerprint": "0f5ed47ce49c2506e1fb77638429611b71642137e119f6057184845bd15d9939", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|0f5ed47ce49c2506e1fb77638429611b71642137e119f6057184845bd15d9939", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7506, "scanner": "repobility-docker", "fingerprint": "0d1d4704378d88e2729ca91025051ad679325baca18883a00a29fb918132ded3", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0d1d4704378d88e2729ca91025051ad679325baca18883a00a29fb918132ded3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7505, "scanner": "repobility-docker", "fingerprint": "9bbf793ceed162029770bd58065f40023443cafb23d2a586348344f9dbbc0976", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|9bbf793ceed162029770bd58065f40023443cafb23d2a586348344f9dbbc0976"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7501, "scanner": "repobility-docker", "fingerprint": "45111d435c1d9a8d7bb55d4051f1dbf0be89e048ed2d950d34a0dc4b89188326", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|45111d435c1d9a8d7bb55d4051f1dbf0be89e048ed2d950d34a0dc4b89188326", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7500, "scanner": "repobility-docker", "fingerprint": "addc17545e55eff124521abc6845bb0982cfe7dd21a136d7dcb2f89088b471aa", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|addc17545e55eff124521abc6845bb0982cfe7dd21a136d7dcb2f89088b471aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7499, "scanner": "repobility-docker", "fingerprint": "a6edc61ffa8b539501a913cac900361d0f412d31183b69b5f63b37617109915b", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a6edc61ffa8b539501a913cac900361d0f412d31183b69b5f63b37617109915b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7494, "scanner": "repobility-docker", "fingerprint": "3a9e66373fd618df33ae256e3405899fbb234f1a4104f9d86e7cede245f618fe", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|3a9e66373fd618df33ae256e3405899fbb234f1a4104f9d86e7cede245f618fe", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7493, "scanner": "repobility-docker", "fingerprint": "6460d9336ee7422cd8f6a00e3e4f41b5a220a918004777584b6c88a2a4e9567e", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6460d9336ee7422cd8f6a00e3e4f41b5a220a918004777584b6c88a2a4e9567e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7492, "scanner": "repobility-docker", "fingerprint": "23e203087704d8c93da4009e24354008d69b96a4c5406a1d897374c0c8312800", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|23e203087704d8c93da4009e24354008d69b96a4c5406a1d897374c0c8312800"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7488, "scanner": "repobility-docker", "fingerprint": "16a666cbb92392113138425f746976ee91cc3db6d7ef9cb572b930bd9714f330", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|16a666cbb92392113138425f746976ee91cc3db6d7ef9cb572b930bd9714f330", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7487, "scanner": "repobility-docker", "fingerprint": "f36deb8c955b8faba85984ce5ac10bdf6f81228c64704721f7d3da79d7fe8500", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|f36deb8c955b8faba85984ce5ac10bdf6f81228c64704721f7d3da79d7fe8500"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7486, "scanner": "repobility-docker", "fingerprint": "19947266d489822e4fc224052b19850f3621dae3cdbd4ac14e595c4f18e3539b", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|19947266d489822e4fc224052b19850f3621dae3cdbd4ac14e595c4f18e3539b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7482, "scanner": "repobility-docker", "fingerprint": "c3725eae534b7a32068085904535a53818f00c84d65c4a0419d5a24b493ec298", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|c3725eae534b7a32068085904535a53818f00c84d65c4a0419d5a24b493ec298", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7481, "scanner": "repobility-docker", "fingerprint": "6752752f4003d63c3ea69e63ab9db7c6bfccd6a6c8d7e36da461dc6dbdd46913", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|6752752f4003d63c3ea69e63ab9db7c6bfccd6a6c8d7e36da461dc6dbdd46913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7480, "scanner": "repobility-docker", "fingerprint": "1d88bcdea2b6fc7f1632f4ef2b81287cb5555120037e17a472670c5eb1702d0e", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|1d88bcdea2b6fc7f1632f4ef2b81287cb5555120037e17a472670c5eb1702d0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7476, "scanner": "repobility-docker", "fingerprint": "26361e003bfbba9ea7c2791dac9f43b5a92da542b371d2a7e67d5da0edc64686", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|26361e003bfbba9ea7c2791dac9f43b5a92da542b371d2a7e67d5da0edc64686", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7475, "scanner": "repobility-docker", "fingerprint": "77575200596edc692ca8157a6092fe8ee05ae718f85df9a894c1f0233a058afe", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|77575200596edc692ca8157a6092fe8ee05ae718f85df9a894c1f0233a058afe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7474, "scanner": "repobility-docker", "fingerprint": "153314613d32140ad0f2b4e360a970ad1d3814d552442b4d2f3fb3f1b676c61a", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|153314613d32140ad0f2b4e360a970ad1d3814d552442b4d2f3fb3f1b676c61a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7470, "scanner": "repobility-docker", "fingerprint": "f29b40ccb35864933903b7a4def7d7ddbff3f781d51c2a4b0a2f14aeb198af25", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f29b40ccb35864933903b7a4def7d7ddbff3f781d51c2a4b0a2f14aeb198af25", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7469, "scanner": "repobility-docker", "fingerprint": "c26fdbc0cc0478d6bc14ed8724ddb4df07757cf94396f63e2447f8fa089fc635", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|c26fdbc0cc0478d6bc14ed8724ddb4df07757cf94396f63e2447f8fa089fc635"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7468, "scanner": "repobility-docker", "fingerprint": "e32bcd62bbe7f1f42158afbb6533ecd2b05697c9f4957a6a7083a54467363832", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|e32bcd62bbe7f1f42158afbb6533ecd2b05697c9f4957a6a7083a54467363832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7464, "scanner": "repobility-docker", "fingerprint": "b8de3a5e3d0b8ea5cbbed61863225f36d221814fa14192f663abea89ed1811d0", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|b8de3a5e3d0b8ea5cbbed61863225f36d221814fa14192f663abea89ed1811d0", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7463, "scanner": "repobility-docker", "fingerprint": "ff42aaba373cf3d2aa4a625f1d9262f6ed415ab4272d12feb69988cf84d3db63", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ff42aaba373cf3d2aa4a625f1d9262f6ed415ab4272d12feb69988cf84d3db63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7462, "scanner": "repobility-docker", "fingerprint": "4ad2b06fbb59140bda91a93c0006b951272bde76910c4b58e15150881447e274", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|4ad2b06fbb59140bda91a93c0006b951272bde76910c4b58e15150881447e274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC016", "level": "note", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 7458, "scanner": "repobility-docker", "fingerprint": "07a347f5a649702e79b5593bbacc6ba4e6bc4d5969411e44b18c4ba13382fa86", "category": "docker", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "App depends on a database-like service without a health-gated dependency.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "payload", "dependency": "mongo", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|07a347f5a649702e79b5593bbacc6ba4e6bc4d5969411e44b18c4ba13382fa86", "dependency_has_healthcheck": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 7457, "scanner": "repobility-docker", "fingerprint": "a74cf5adbc8e6bbcfcaa366d7ec5cafbd1671ad427e840c1363f0321f1ffc68d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|a74cf5adbc8e6bbcfcaa366d7ec5cafbd1671ad427e840c1363f0321f1ffc68d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 7456, "scanner": "repobility-docker", "fingerprint": "0ec3b5057e9786bdf87b9ec761ed284c5eba84752189688f55d4b19f55820db0", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "payload", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|0ec3b5057e9786bdf87b9ec761ed284c5eba84752189688f55d4b19f55820db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9946d96823af6e94efa84dbcf0ae8e0e85a365eb6f91d80cd00253c1cff7baa8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/updateMany.ts", "duplicate_line": 80, "correlation_key": "fp|9946d96823af6e94efa84dbcf0ae8e0e85a365eb6f91d80cd00253c1cff7baa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/updateOne.ts"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd5f0e0900541bce9e63174b234e65a7b0ded804718568a379c80853d86be3ae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/updateJobs.ts", "duplicate_line": 38, "correlation_key": "fp|fd5f0e0900541bce9e63174b234e65a7b0ded804718568a379c80853d86be3ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/updateOne.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f35c88373e2ff5264b6769fc8e34bfe9bf50e5baac255c15f5399c122afd389", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/updateJobs.ts", "duplicate_line": 39, "correlation_key": "fp|1f35c88373e2ff5264b6769fc8e34bfe9bf50e5baac255c15f5399c122afd389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/updateMany.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29e131f4a77ea8fed45c8462b142961180fda1de2126ff2849efc029a9a3b108", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/findGlobalVersions.ts", "duplicate_line": 65, "correlation_key": "fp|29e131f4a77ea8fed45c8462b142961180fda1de2126ff2849efc029a9a3b108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/queryDrafts.ts"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c78b503a66585cd63e626530505a9cfe7a2753c59bd5cde899e1408002d22e59", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/queries/buildAndOrConditions.ts", "duplicate_line": 4, "correlation_key": "fp|c78b503a66585cd63e626530505a9cfe7a2753c59bd5cde899e1408002d22e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/queries/parseParams.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e8e300c781de13e739126942fa381c721b8953b2b57b368d504954f5fb6d7af2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/find.ts", "duplicate_line": 77, "correlation_key": "fp|e8e300c781de13e739126942fa381c721b8953b2b57b368d504954f5fb6d7af2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/findVersions.ts"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "955e6d351e5ed87f296d6de2d6ff42a8f41e3255f3dc646181ef0968a3defa32", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/findGlobalVersions.ts", "duplicate_line": 46, "correlation_key": "fp|955e6d351e5ed87f296d6de2d6ff42a8f41e3255f3dc646181ef0968a3defa32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/findVersions.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55f8ced8fd809b4e0d2110c8a11a5f897643916ecaddbb32c9261cb7ab7319f3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/find.ts", "duplicate_line": 77, "correlation_key": "fp|55f8ced8fd809b4e0d2110c8a11a5f897643916ecaddbb32c9261cb7ab7319f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/findGlobalVersions.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ab51f0bf874fbe145bac41d003a576c2026f4accf141a242899b96280fec8a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/createGlobalVersion.ts", "duplicate_line": 56, "correlation_key": "fp|5ab51f0bf874fbe145bac41d003a576c2026f4accf141a242899b96280fec8a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/createVersion.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ada317554c08e32cbbed0c5a0207d7e40fd8fd858061345941dca82a39c6c2cc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/count.ts", "duplicate_line": 22, "correlation_key": "fp|ada317554c08e32cbbed0c5a0207d7e40fd8fd858061345941dca82a39c6c2cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/countVersions.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef4ef8996304fc66930a0f5b17069382d8f70edce2f173cfddba33b8e4485fd6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/db-mongodb/src/count.ts", "duplicate_line": 22, "correlation_key": "fp|ef4ef8996304fc66930a0f5b17069382d8f70edce2f173cfddba33b8e4485fd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/countGlobalVersions.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 7425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b87cdeb205200768a4de75f852f0993b16aebf2de3b2191ce8e890b37a586a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".github/actions/activity/src/new-issues.ts", "duplicate_line": 12, "correlation_key": "fp|8b87cdeb205200768a4de75f852f0993b16aebf2de3b2191ce8e890b37a586a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/actions/activity/src/popular-issues.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 7424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "959139aba3ef2bb3ec2e23948723b95228bef58a6321476199317dd1c95dac4e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|959139aba3ef2bb3ec2e23948723b95228bef58a6321476199317dd1c95dac4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/predefinedMigrations/migrateVersionsV1_V2.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 7423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "333a792aa37b05a47aa1c24f24e12abf398ef42e35fbfe73327b4bfd0b33018e", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v3", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|333a792aa37b05a47aa1c24f24e12abf398ef42e35fbfe73327b4bfd0b33018e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/db-mongodb/src/predefinedMigrations/migrateRelationshipsV2_V3.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 22506, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 40 more): Same pattern found in 40 additional files. Review if needed."}, "properties": {"repobilityId": 22504, "scanner": "repobility-threat-engine", "fingerprint": "e825738ec7da8cc4c5fc1c7b1e2e5ecd54d2b285aea67b38e8160dd59e9efdd5", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 40 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e825738ec7da8cc4c5fc1c7b1e2e5ecd54d2b285aea67b38e8160dd59e9efdd5"}}}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 22505, "scanner": "repobility-threat-engine", "fingerprint": "c6a9c612ab6671cf99f4dab3adf4bc83af24ce6f32ad43a540450686975c59b8", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "logger.error({ err: error }, 'Error verifying token for live preview')", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|templates/ecommerce/src/app/ app /next/preview/route.ts|4|logger.error err: error error verifying token for live preview"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/ecommerce/src/app/(app)/next/preview/route.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22503, "scanner": "repobility-threat-engine", "fingerprint": "a753cf73c913a3c785c506d8d86150152d5e095b235b8b23a6647b46aaa540f7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a753cf73c913a3c785c506d8d86150152d5e095b235b8b23a6647b46aaa540f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/next.config.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22502, "scanner": "repobility-threat-engine", "fingerprint": "82f449594ad4031490af5b670972ca7a290f84c66ba9db1c06d6db6c6dd61e09", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|82f449594ad4031490af5b670972ca7a290f84c66ba9db1c06d6db6c6dd61e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/next.config.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 22501, "scanner": "repobility-threat-engine", "fingerprint": "bf583a95a553c08430ed74e2053222457a797e9109e7c278c271d6f7886abe2e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bf583a95a553c08430ed74e2053222457a797e9109e7c278c271d6f7886abe2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/ecommerce/next.config.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7525, "scanner": "repobility-docker", "fingerprint": "59e2ecfa9d9a44e407dfc55a633106ffa42d8bc924524fde4c7c477ffbd5db67", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27019:27017", "target": "27017", "host_ip": "", "published": "27019"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongodb-atlas", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|59e2ecfa9d9a44e407dfc55a633106ffa42d8bc924524fde4c7c477ffbd5db67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 145}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 7523, "scanner": "repobility-docker", "fingerprint": "db1e3bdd4a1bcd9226592d5554a51aee8bee9ccf3b8b69d4a4a97021928a9f41", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "mongot", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|db1e3bdd4a1bcd9226592d5554a51aee8bee9ccf3b8b69d4a4a97021928a9f41", "expected_targets": ["/data/configdb", "/data/db"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 116}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7521, "scanner": "repobility-docker", "fingerprint": "609d14a05d98ee5287b1b9889c1e210847f80cd68b21a6f2d1a429f402dd7d07", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27018:27017", "target": "27017", "host_ip": "", "published": "27018"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongodb", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|609d14a05d98ee5287b1b9889c1e210847f80cd68b21a6f2d1a429f402dd7d07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7520, "scanner": "repobility-docker", "fingerprint": "355e792cf54ea87bd02c336b318ce6d600146d4b985839b3c2b939f547d77d01", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5434:5432", "target": "5432", "host_ip": "", "published": "5434"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres-replica", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|355e792cf54ea87bd02c336b318ce6d600146d4b985839b3c2b939f547d77d01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7517, "scanner": "repobility-docker", "fingerprint": "d2a650bc5db5ea1029192b20478cbdb13661dbbcf2f0f12a6992b951bc8a16d9", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5433:5432", "target": "5432", "host_ip": "", "published": "5433"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|d2a650bc5db5ea1029192b20478cbdb13661dbbcf2f0f12a6992b951bc8a16d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 7513, "scanner": "repobility-docker", "fingerprint": "7b1b3a4cc805873c44f15f1a517b8ea35c190b0286acc18857221f1147bbd723", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|7b1b3a4cc805873c44f15f1a517b8ea35c190b0286acc18857221f1147bbd723", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7512, "scanner": "repobility-docker", "fingerprint": "ada8cca6e38f4e3e290406741e3825faff53ef595a26e4fb8a9175e5edff0f16", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "54320:5432", "target": "5432", "host_ip": "", "published": "54320"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|ada8cca6e38f4e3e290406741e3825faff53ef595a26e4fb8a9175e5edff0f16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7509, "scanner": "repobility-docker", "fingerprint": "8ef6c3e5ad7de967f1588901b08e42eca7a8aeec490477beea98dcdc464cb194", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|8ef6c3e5ad7de967f1588901b08e42eca7a8aeec490477beea98dcdc464cb194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7503, "scanner": "repobility-docker", "fingerprint": "2e929d14d439d442bef8cfebae0ea9262edd3dbd2e654d089340de8f0c0b6b7a", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|2e929d14d439d442bef8cfebae0ea9262edd3dbd2e654d089340de8f0c0b6b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC013", "level": "error", "message": {"text": "Database service has no persistent data volume"}, "properties": {"repobilityId": 7497, "scanner": "repobility-docker", "fingerprint": "07c566b964472f8d23bdbf28391fa32b44468a7e04c121b532150c46495a1b9d", "category": "docker", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Database-like service does not mount a known data directory.", "evidence": {"rule_id": "DKC013", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/engine/storage/volumes/"], "correlation_key": "fp|07c566b964472f8d23bdbf28391fa32b44468a7e04c121b532150c46495a1b9d", "expected_targets": ["/var/lib/postgresql/data"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7496, "scanner": "repobility-docker", "fingerprint": "21028346a8a0063fb4f91437a241981d51212d95f044214b07225c1b922eef5d", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|21028346a8a0063fb4f91437a241981d51212d95f044214b07225c1b922eef5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7490, "scanner": "repobility-docker", "fingerprint": "7324f7d43a489b6c91be08a157a2b861ae3395c1656234672bbb3851f7778956", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|7324f7d43a489b6c91be08a157a2b861ae3395c1656234672bbb3851f7778956"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7484, "scanner": "repobility-docker", "fingerprint": "2febc05315a9cd3c7a3023daa9f4213e53ad85823f6f0c93b62d5a2b5e8a7327", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|2febc05315a9cd3c7a3023daa9f4213e53ad85823f6f0c93b62d5a2b5e8a7327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7478, "scanner": "repobility-docker", "fingerprint": "cb0ba67b82384838af4603cf5bbb5d928be519d45ba191cc609eafe049d43532", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|cb0ba67b82384838af4603cf5bbb5d928be519d45ba191cc609eafe049d43532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7472, "scanner": "repobility-docker", "fingerprint": "c69b57e1015dfbf157f7a7a1e26cd0967d8cdd4384bf82f53e64263892af72ec", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|c69b57e1015dfbf157f7a7a1e26cd0967d8cdd4384bf82f53e64263892af72ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7466, "scanner": "repobility-docker", "fingerprint": "8cbf7394f07fa1037964bbdfd7733934a0f5cda6047ee3168e23a4dbe2897ed5", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|8cbf7394f07fa1037964bbdfd7733934a0f5cda6047ee3168e23a4dbe2897ed5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/docker-compose.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 7460, "scanner": "repobility-docker", "fingerprint": "3b1895c2d6638be8a3e6109dac858b056d398370246602446e0e323d55845daa", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "27017:27017", "target": "27017", "host_ip": "", "published": "27017"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "mongo", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|3b1895c2d6638be8a3e6109dac858b056d398370246602446e0e323d55845daa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/docker-compose.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7455, "scanner": "repobility-docker", "fingerprint": "54762ee53abdd06669bff85243d8bc5f97f5fa9bc553e7a0ef16ac32f247aa81", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|54762ee53abdd06669bff85243d8bc5f97f5fa9bc553e7a0ef16ac32f247aa81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7454, "scanner": "repobility-docker", "fingerprint": "d25ebdaaacd759405b0e81c98ff88c6e85eb129d19091e87f189ff83582d55f0", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d25ebdaaacd759405b0e81c98ff88c6e85eb129d19091e87f189ff83582d55f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-postgres/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7453, "scanner": "repobility-docker", "fingerprint": "11ad346ebf742195ac7ba8f899918ec80de69907356a2ef5d86677c4727cc602", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|11ad346ebf742195ac7ba8f899918ec80de69907356a2ef5d86677c4727cc602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-mongodb/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7452, "scanner": "repobility-docker", "fingerprint": "a925c39536efac2453f1a4059311d571cf1de7eef6b29c27ff022254efcfa03d", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a925c39536efac2453f1a4059311d571cf1de7eef6b29c27ff022254efcfa03d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-postgres/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7451, "scanner": "repobility-docker", "fingerprint": "b36cc7680a16d63a5837dd69e6f076f057ce82b65bb28f70a40ce969a4494828", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b36cc7680a16d63a5837dd69e6f076f057ce82b65bb28f70a40ce969a4494828"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7450, "scanner": "repobility-docker", "fingerprint": "b9864c3fe6697deade8f28d4493d72ae531c08c059155d074229de33cc84749d", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|b9864c3fe6697deade8f28d4493d72ae531c08c059155d074229de33cc84749d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/blank/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7449, "scanner": "repobility-docker", "fingerprint": "cfd5d9eb8a1098d0fb982d771a2645ba33162e1a3b21dab382232f224402ff6c", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|cfd5d9eb8a1098d0fb982d771a2645ba33162e1a3b21dab382232f224402ff6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/_template/Dockerfile"}, "region": {"startLine": 26}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7446, "scanner": "repobility-docker", "fingerprint": "889dbf4cad73964f65911837b2c487d62dd4f72fc11cad40bf95ffb6adf6fbe6", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|889dbf4cad73964f65911837b2c487d62dd4f72fc11cad40bf95ffb6adf6fbe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/website/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7445, "scanner": "repobility-docker", "fingerprint": "a22b2ed8abb1c2807c7ed430cb47fbdab193bb824b8b52b61e38399409273013", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a22b2ed8abb1c2807c7ed430cb47fbdab193bb824b8b52b61e38399409273013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/remix/payload/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7442, "scanner": "repobility-docker", "fingerprint": "e6be6aee02f60a5afe1b52bcedb23bc9763a4860249f9afe3ab3c7e50f8e098b", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e6be6aee02f60a5afe1b52bcedb23bc9763a4860249f9afe3ab3c7e50f8e098b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/localization/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR014", "level": "error", "message": {"text": "Dockerfile copies the entire context without .dockerignore"}, "properties": {"repobilityId": 7440, "scanner": "repobility-docker", "fingerprint": "5537e0402217cb5d847fe21eaa002f324c000c65b730dfd6e86cfacad1fcd7da", "category": "docker", "severity": "high", "confidence": 0.92, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy and missing .dockerignore were found together.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5537e0402217cb5d847fe21eaa002f324c000c65b730dfd6e86cfacad1fcd7da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/astro/payload/Dockerfile"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 7438, "scanner": "repobility-threat-engine", "fingerprint": "bc49941aa2e45abdfe9d2cf472b14cc7637e11ef803cf6e6d7b9d49ab4eb10c0", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "logger.error({ err: error }, 'Error verifying token for live preview')", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token / frontend /next/preview/route.ts|4|logger.error err: error error verifying token for live preview"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 7437, "scanner": "repobility-threat-engine", "fingerprint": "341da8a9ef9c9b54461ec861380c51cb51ae3326ed238101531817db34296818", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "logger.error({ err: error }, 'Error verifying token for live preview')", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|templates/website/src/app/ frontend /next/preview/route.ts|4|logger.error err: error error verifying token for live preview"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "templates/website/src/app/(frontend)/next/preview/route.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKC008", "level": "error", "message": {"text": "Compose service mounts the Docker socket"}, "properties": {"repobilityId": 7527, "scanner": "repobility-docker", "fingerprint": "3900c1a61b050f687132e61534ffee7727779c888c153734a4247e55be60cf1d", "category": "docker", "severity": "critical", "confidence": 0.98, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Volume mount references /var/run/docker.sock.", "evidence": {"rule_id": "DKC008", "scanner": "repobility-docker", "service": "localstack", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|3900c1a61b050f687132e61534ffee7727779c888c153734a4247e55be60cf1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/docker-compose.yml"}, "region": {"startLine": 167}}}]}]}]}