{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR017", "name": "Dockerfile installs dependencies after copying the full source tree", "shortDescription": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "fullDescription": {"text": "When dependency installation comes after COPY ., any source change invalidates the dependency layer and makes Docker rebuild much more slowly."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `Vampire/setup-wsl@v6` is 1 major version(s) behind (latest v7.0.0)", "shortDescription": {"text": "GitHub Action `Vampire/setup-wsl@v6` is 1 major version(s) behind (latest v7.0.0)"}, "fullDescription": {"text": "`uses: Vampire/setup-wsl@v6` is 1 major version(s) behind the latest published release v7.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "Package indexes increase image size and can expose stale metadata in the final image layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `semver` is minor version(s) behind (^7.7.3 -> 7.8.2)", "shortDescription": {"text": "npm package `semver` is minor version(s) behind (^7.7.3 -> 7.8.2)"}, "fullDescription": {"text": "`semver` is pinned/resolved at ^7.7.3 but the latest stable release on the npm registry is 7.8.2 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `ljharb/rebase` pinned to mutable ref `@master`", "shortDescription": {"text": "Action `ljharb/rebase` pinned to mutable ref `@master`"}, "fullDescription": {"text": "`uses: ljharb/rebase@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "Dockerfile FROM `ubuntu:22.04` not pinned by digest", "shortDescription": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "fullDescription": {"text": "`FROM ubuntu:22.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/777"}, "properties": {"repository": "nvm-sh/nvm", "repoUrl": "https://github.com/nvm-sh/nvm", "branch": "master"}, "results": [{"ruleId": "DKR017", "level": "warning", "message": {"text": "Dockerfile installs dependencies after copying the full source tree"}, "properties": {"repobilityId": 65473, "scanner": "repobility-docker", "fingerprint": "63865d10a83fbf1984edaafa27d49355bf32756a5d4427d5001acb6df5d89596", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Broad context copy at line 85 appears before dependency installation.", "evidence": {"rule_id": "DKR017", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "broad_copy_line": 85, "correlation_key": "fp|63865d10a83fbf1984edaafa27d49355bf32756a5d4427d5001acb6df5d89596", "dependency_install_line": 106}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 106}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 65472, "scanner": "repobility-docker", "fingerprint": "d75401f2d1ecd4c5423b0b6ab54c75d0828c0146caebee20e4ee8294886dc5bc", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|d75401f2d1ecd4c5423b0b6ab54c75d0828c0146caebee20e4ee8294886dc5bc", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 85}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 65469, "scanner": "repobility-agent-runtime", "fingerprint": "83a8d0e57a7e7fec7882424d055e6c590c6b52216bd08e00cd3a5f13f41e4aa5", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|83a8d0e57a7e7fec7882424d055e6c590c6b52216bd08e00cd3a5f13f41e4aa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows-npm.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 65468, "scanner": "repobility-agent-runtime", "fingerprint": "8960e1c334bcc26162961d9978314999953b269cfe9c173d059c12da87df6dca", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8960e1c334bcc26162961d9978314999953b269cfe9c173d059c12da87df6dca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvm-install-test.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `Vampire/setup-wsl@v6` is 1 major version(s) behind (latest v7.0.0)"}, "properties": {"repobilityId": 65443, "scanner": "repobility-dependency-currency", "fingerprint": "7e68865e2e071672b0d3d4d1bb7d98a44e74f2aed5dbb5e47c5c42c46e071929", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "Vampire/setup-wsl", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.0", "correlation_key": "fp|7e68865e2e071672b0d3d4d1bb7d98a44e74f2aed5dbb5e47c5c42c46e071929", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows-npm.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 65474, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 65471, "scanner": "repobility-docker", "fingerprint": "ccc0d686b931fc7a35c2e609238122cfe81760e4dedb0f29bdae286f93966232", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ccc0d686b931fc7a35c2e609238122cfe81760e4dedb0f29bdae286f93966232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 65470, "scanner": "repobility-docker", "fingerprint": "98268ba78716d8654bd3e6872ba713821754b6a3f5dc30e5cd6e7d8de0491f69", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|98268ba78716d8654bd3e6872ba713821754b6a3f5dc30e5cd6e7d8de0491f69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65467, "scanner": "repobility-dependency-currency", "fingerprint": "0727c6cb117c4576106ac32f59cb23d41a5134af38df4adc920bdf3c6da4c2c6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|0727c6cb117c4576106ac32f59cb23d41a5134af38df4adc920bdf3c6da4c2c6", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-fast.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65465, "scanner": "repobility-dependency-currency", "fingerprint": "8c057cc631d783d45d01c62faedc8d2bbfe4cb4b4bbcf0541a5131f9b48084c5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|8c057cc631d783d45d01c62faedc8d2bbfe4cb4b4bbcf0541a5131f9b48084c5", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/shellcheck.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65463, "scanner": "repobility-dependency-currency", "fingerprint": "332fa7c1f19929c3cb8fbaaa4fd15ffa287725c7d7613512a35bbda5e6a2dbc7", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|332fa7c1f19929c3cb8fbaaa4fd15ffa287725c7d7613512a35bbda5e6a2dbc7", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-installation-node.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 65462, "scanner": "repobility-dependency-currency", "fingerprint": "2267ce986b46ae9d8c98b50affa94c0a3f16adadef25215f6cc66bc6c2ce28dd", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|2267ce986b46ae9d8c98b50affa94c0a3f16adadef25215f6cc66bc6c2ce28dd", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65460, "scanner": "repobility-dependency-currency", "fingerprint": "4520e3a885378cf745458f359fef2c316227fd1e15cc7e4f1bb48f62825de66b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|4520e3a885378cf745458f359fef2c316227fd1e15cc7e4f1bb48f62825de66b", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65458, "scanner": "repobility-dependency-currency", "fingerprint": "51e28d3bc7bd791a52702159724929ca6b4f8bd16c1486d204852a9cef8d6253", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|51e28d3bc7bd791a52702159724929ca6b4f8bd16c1486d204852a9cef8d6253", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65456, "scanner": "repobility-dependency-currency", "fingerprint": "809c6adf9b1e81c1d6f56e9f802457840212d5433d8102eba2c029755f6a74dd", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|809c6adf9b1e81c1d6f56e9f802457840212d5433d8102eba2c029755f6a74dd", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-installation-iojs.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65454, "scanner": "repobility-dependency-currency", "fingerprint": "63da3b4a33bae9739bff8aa7453bd00fef7a6d404cbb321eb2b3a249781914e9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|63da3b4a33bae9739bff8aa7453bd00fef7a6d404cbb321eb2b3a249781914e9", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-xenial.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65452, "scanner": "repobility-dependency-currency", "fingerprint": "eb90f1ff73c96ff5972417308d375adbbcec800407963ddf827e2932099678b9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|eb90f1ff73c96ff5972417308d375adbbcec800407963ddf827e2932099678b9", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/latest-npm.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65449, "scanner": "repobility-dependency-currency", "fingerprint": "fd2afd6530afac633dcdcbbaf6bdce32cfdb19ab5a41117ad38ba3bef3b2822f", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|fd2afd6530afac633dcdcbbaf6bdce32cfdb19ab5a41117ad38ba3bef3b2822f", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `actions/setup-node@v6` is minor version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 65446, "scanner": "repobility-dependency-currency", "fingerprint": "52056241e56618759b7c8aca30bbbc70f0f08c6eb0865e7ed51a7e8ed69e4831", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|52056241e56618759b7c8aca30bbbc70f0f08c6eb0865e7ed51a7e8ed69e4831", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `step-security/harden-runner@v2` is minor version(s) behind (latest v2.19.4)"}, "properties": {"repobilityId": 65444, "scanner": "repobility-dependency-currency", "fingerprint": "27ae8894d6dbdeb34a004702c476359e9cdba4b14b99ffbad5396847ebbc26e5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "step-security/harden-runner", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v2.19.4", "correlation_key": "fp|27ae8894d6dbdeb34a004702c476359e9cdba4b14b99ffbad5396847ebbc26e5", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `semver` is minor version(s) behind (^7.7.3 -> 7.8.2)"}, "properties": {"repobilityId": 65442, "scanner": "repobility-dependency-currency", "fingerprint": "9b9dd243ba9cd42cc9cd42e8aadb7bcc17fba0175fc291ca513cd1bf7af85898", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "semver", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "7.8.2", "correlation_key": "fp|9b9dd243ba9cd42cc9cd42e8aadb7bcc17fba0175fc291ca513cd1bf7af85898", "current_version": "^7.7.3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `doctoc` is minor version(s) behind (^2.2.1 -> 2.4.1)"}, "properties": {"repobilityId": 65441, "scanner": "repobility-dependency-currency", "fingerprint": "9857197b7f5baae4f3fa0553481fe8ec85a9991c11fd4805027c1e48bc48b542", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "doctoc", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.4.1", "correlation_key": "fp|9857197b7f5baae4f3fa0553481fe8ec85a9991c11fd4805027c1e48bc48b542", "current_version": "^2.2.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65466, "scanner": "repobility-dependency-currency", "fingerprint": "0e08891a0fd4efd3c1fc9f4df02245da408a7c0ead9eb01293f796c78fdec06d", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|0e08891a0fd4efd3c1fc9f4df02245da408a7c0ead9eb01293f796c78fdec06d", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/shellcheck.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65464, "scanner": "repobility-dependency-currency", "fingerprint": "cbd0b94dd5dd03f15dfb1a75849bb22c94630217e99ae672ded43423353186dd", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|cbd0b94dd5dd03f15dfb1a75849bb22c94630217e99ae672ded43423353186dd", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-installation-node.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65461, "scanner": "repobility-dependency-currency", "fingerprint": "b82fed1133a1fd49c9867362286098d8c4b6615690097f123d3c3d31c94b7f58", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|b82fed1133a1fd49c9867362286098d8c4b6615690097f123d3c3d31c94b7f58", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65459, "scanner": "repobility-dependency-currency", "fingerprint": "18daf1e3ee46ace7fcda4af9fed7250f364193cec3a5b0caf879ed55384b7ea0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|18daf1e3ee46ace7fcda4af9fed7250f364193cec3a5b0caf879ed55384b7ea0", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65457, "scanner": "repobility-dependency-currency", "fingerprint": "cdc0fd420031484c23521528b78e8c2d3ebf6ef7faab52e7e2018f3d287dbc75", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|cdc0fd420031484c23521528b78e8c2d3ebf6ef7faab52e7e2018f3d287dbc75", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-installation-iojs.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65455, "scanner": "repobility-dependency-currency", "fingerprint": "eefbe5b64e19c021f12eb21ddaab89341270078e1c51aa52c921a343e491a30e", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|eefbe5b64e19c021f12eb21ddaab89341270078e1c51aa52c921a343e491a30e", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests-xenial.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65453, "scanner": "repobility-dependency-currency", "fingerprint": "252b42ef03121ce1460eef41c51a4ca54151dae63e12368ed63edbb0b45d8f10", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|252b42ef03121ce1460eef41c51a4ca54151dae63e12368ed63edbb0b45d8f10", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/latest-npm.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65451, "scanner": "repobility-dependency-currency", "fingerprint": "c05b68aea07b4ee31ea1eff87d063c52fece4288f8fe6b7959e5de55974b32bc", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|c05b68aea07b4ee31ea1eff87d063c52fece4288f8fe6b7959e5de55974b32bc", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rebase.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65450, "scanner": "repobility-dependency-currency", "fingerprint": "115e2b88fa15a6f537c4ae3e8eab5331f9615dafadd81787f0d23122b60d2c89", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|115e2b88fa15a6f537c4ae3e8eab5331f9615dafadd81787f0d23122b60d2c89", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65448, "scanner": "repobility-dependency-currency", "fingerprint": "2534b631b7bd82c13629d3a478f8146a879ec7a5b7e9b53177d0de291c408b82", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|2534b631b7bd82c13629d3a478f8146a879ec7a5b7e9b53177d0de291c408b82", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65447, "scanner": "repobility-dependency-currency", "fingerprint": "20b422ce3eb5ea05ef8906533751cc91b6d0e902fd17aa11058ba8b2b84456ad", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|20b422ce3eb5ea05ef8906533751cc91b6d0e902fd17aa11058ba8b2b84456ad", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvm-install-test.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 65445, "scanner": "repobility-dependency-currency", "fingerprint": "7bbd9a4bdc6403446cf5c99e4bf05381c02ff2ab43043a6e6d2fd65e9f23b5f6", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|7bbd9a4bdc6403446cf5c99e4bf05381c02ff2ab43043a6e6d2fd65e9f23b5f6", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ljharb/rebase` pinned to mutable ref `@master`"}, "properties": {"repobilityId": 65440, "scanner": "repobility-supply-chain", "fingerprint": "f69dc03b30a08ab519eebbaf06cf7d0469d650aad4d428c6bb26f9b91d6348e7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f69dc03b30a08ab519eebbaf06cf7d0469d650aad4d428c6bb26f9b91d6348e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rebase.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65439, "scanner": "repobility-supply-chain", "fingerprint": "2d9146cf573fdefee365bf164b13de4d4b61137399602600434fa2978fa1fa89", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d9146cf573fdefee365bf164b13de4d4b61137399602600434fa2978fa1fa89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rebase.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65438, "scanner": "repobility-supply-chain", "fingerprint": "16bb34f97bf41ce6eb94e7ef58fc44dae01b5b0305299452caf5d9f183862b70", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|16bb34f97bf41ce6eb94e7ef58fc44dae01b5b0305299452caf5d9f183862b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `step-security/harden-runner` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 65437, "scanner": "repobility-supply-chain", "fingerprint": "434c2769c1c808ecf0a619e0d7b489315f464b1ffd1c9037ec6104ee05da99e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|434c2769c1c808ecf0a619e0d7b489315f464b1ffd1c9037ec6104ee05da99e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ljharb/actions/node/install` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 65436, "scanner": "repobility-supply-chain", "fingerprint": "d3a2757fd0a31a0d058a158696a75f4a0d62da9d153f7d5a364bc70a882f49e9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d3a2757fd0a31a0d058a158696a75f4a0d62da9d153f7d5a364bc70a882f49e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65435, "scanner": "repobility-supply-chain", "fingerprint": "ab1aa0276c58edb3bda7a0165b913aab50006521e6cf7ae53541bf96ff1af36a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab1aa0276c58edb3bda7a0165b913aab50006521e6cf7ae53541bf96ff1af36a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `step-security/harden-runner` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 65434, "scanner": "repobility-supply-chain", "fingerprint": "8c1cb1ad0bd5993f06a436bccf8fc68139b4eef9369886fb74e1612535af6030", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8c1cb1ad0bd5993f06a436bccf8fc68139b4eef9369886fb74e1612535af6030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ljharb/actions/node/install` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 65433, "scanner": "repobility-supply-chain", "fingerprint": "4669aa8e3a00734066d5e68cfbac2b2161a08a2deabf2da94ad6ef70fcce95b6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4669aa8e3a00734066d5e68cfbac2b2161a08a2deabf2da94ad6ef70fcce95b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65432, "scanner": "repobility-supply-chain", "fingerprint": "45cbcb50a543f66880469a14a8137f1c9289f70a867a1d2d3213a17ef48aa055", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45cbcb50a543f66880469a14a8137f1c9289f70a867a1d2d3213a17ef48aa055"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `step-security/harden-runner` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 65431, "scanner": "repobility-supply-chain", "fingerprint": "aa916f0888a7e2ef93d573dcec53f2129ee64fcaffec64d06211646315052e92", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa916f0888a7e2ef93d573dcec53f2129ee64fcaffec64d06211646315052e92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `ljharb/actions/node/install` pinned to mutable ref `@main`"}, "properties": {"repobilityId": 65430, "scanner": "repobility-supply-chain", "fingerprint": "7f13a78d534b1cb439253aead64059adb803762bca5f56913c2f42399d35b942", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f13a78d534b1cb439253aead64059adb803762bca5f56913c2f42399d35b942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65429, "scanner": "repobility-supply-chain", "fingerprint": "27aba5edc18d21ad90a5acd6124856e0ebfe6d4895ab62eeb807c6a911c37cad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|27aba5edc18d21ad90a5acd6124856e0ebfe6d4895ab62eeb807c6a911c37cad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `step-security/harden-runner` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 65428, "scanner": "repobility-supply-chain", "fingerprint": "a7bf582fbef5e96987a9d0450876c8bf3cedbca234e5a9a0c5276d85acd9563a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a7bf582fbef5e96987a9d0450876c8bf3cedbca234e5a9a0c5276d85acd9563a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/lint.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/analyze` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 65427, "scanner": "repobility-supply-chain", "fingerprint": "7e53dac7b3762bb8bba3b61259bbe1b2058eadc80c3ed3c43762d0744289abb0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e53dac7b3762bb8bba3b61259bbe1b2058eadc80c3ed3c43762d0744289abb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/autobuild` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 65426, "scanner": "repobility-supply-chain", "fingerprint": "fcaced688ab30e2071957cc344fdf34399f8be9a65910b2116d1ea744013c284", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fcaced688ab30e2071957cc344fdf34399f8be9a65910b2116d1ea744013c284"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `github/codeql-action/init` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 65425, "scanner": "repobility-supply-chain", "fingerprint": "bc9c7dca6598216e0d2d997414636e0fa4e684878a8dd17a8e434a860072c67b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc9c7dca6598216e0d2d997414636e0fa4e684878a8dd17a8e434a860072c67b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65424, "scanner": "repobility-supply-chain", "fingerprint": "43c6fb5a95fa556cef92094eac501896b49f7709a603028cadd11268ce186764", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43c6fb5a95fa556cef92094eac501896b49f7709a603028cadd11268ce186764"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql-analysis.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65423, "scanner": "repobility-supply-chain", "fingerprint": "5cdaa3b0a36e4df6ee74b282e07c0517210ff40cb5aa7f526c1beb50574d4a92", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5cdaa3b0a36e4df6ee74b282e07c0517210ff40cb5aa7f526c1beb50574d4a92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvm-install-test.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65422, "scanner": "repobility-supply-chain", "fingerprint": "6df9e413929fa82299470efa301cb9e85efd5eaf93ecc6610e4cff38ba715d1e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6df9e413929fa82299470efa301cb9e85efd5eaf93ecc6610e4cff38ba715d1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nvm-install-test.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65421, "scanner": "repobility-supply-chain", "fingerprint": "bf8b9545e1e478de94a999252c4e35c57cf6e5a4be48a6d33b295aafc8be3c1b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bf8b9545e1e478de94a999252c4e35c57cf6e5a4be48a6d33b295aafc8be3c1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65420, "scanner": "repobility-supply-chain", "fingerprint": "993a14b99467fa3ce3284e11a0fc33a12310147dedc4e2b8f858a25e96b77d1f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|993a14b99467fa3ce3284e11a0fc33a12310147dedc4e2b8f858a25e96b77d1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `step-security/harden-runner` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 65419, "scanner": "repobility-supply-chain", "fingerprint": "dc5b2e92b12a35e03c3dace10ca34903f2627085ce39f02a399ff99124070fb8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dc5b2e92b12a35e03c3dace10ca34903f2627085ce39f02a399ff99124070fb8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/toc.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Vampire/setup-wsl` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65418, "scanner": "repobility-supply-chain", "fingerprint": "bb6c66dfb74b5e9cc0bc047b43ccac42586e7d24ce619dba406f9816cec8704f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bb6c66dfb74b5e9cc0bc047b43ccac42586e7d24ce619dba406f9816cec8704f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows-npm.yml"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Vampire/setup-wsl` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65417, "scanner": "repobility-supply-chain", "fingerprint": "883eec390b2e1b611a6f94709e270bd395cabd824566aff22e88027fcb7130c5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|883eec390b2e1b611a6f94709e270bd395cabd824566aff22e88027fcb7130c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows-npm.yml"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `Vampire/setup-wsl` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 65416, "scanner": "repobility-supply-chain", "fingerprint": "7bc6993af40444ecb5c7a92e46b83c5c76b67d8ab31ade9d6f76955f8aa20df1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7bc6993af40444ecb5c7a92e46b83c5c76b67d8ab31ade9d6f76955f8aa20df1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/windows-npm.yml"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "Dockerfile FROM `ubuntu:22.04` not pinned by digest"}, "properties": {"repobilityId": 65415, "scanner": "repobility-supply-chain", "fingerprint": "694a69da8e8bdd8f4f56bf78bde6ffa6a61d70160f0216606669fa09ebafc31c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|694a69da8e8bdd8f4f56bf78bde6ffa6a61d70160f0216606669fa09ebafc31c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 8}}}]}]}]}