{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "Pin to a maintained version tag or digest and update it deliberately through dependency automation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC094", "name": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Port", "shortDescription": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "fullDescription": {"text": "Use 0600 for files, 0700 for dirs that should be private."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED033] Go Recover Without Log (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 21 more): Same pattern found in 21 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 120 more): Same pattern found in 120 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 120 more): Same pattern found in 120 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED128", "name": "[MINED128] go.mod replaces `github.com/ethereum/go-ethereum` \u2014 points to a LOCAL path: `replace github.com/ethereum/go-e", "shortDescription": {"text": "[MINED128] go.mod replaces `github.com/ethereum/go-ethereum` \u2014 points to a LOCAL path: `replace github.com/ethereum/go-ethereum => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path repla"}, "fullDescription": {"text": "If the replace is intentional (e.g. waiting on an upstream fix), vendor the dependency into the repo and add a comment explaining the reason. Remove the replace once upstream merges."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "[MINED126] Workflow container/services image `sagemath/sagemath:latest` unpinned: `container/services image: sagemath/sa", "shortDescription": {"text": "[MINED126] Workflow container/services image `sagemath/sagemath:latest` unpinned: `container/services image: sagemath/sagemath:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with "}, "fullDescription": {"text": "Replace with `sagemath/sagemath:latest@sha256:<digest>`. Re-pin via Dependabot Docker scope."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `debian:stable-slim` not pinned by digest: `FROM debian:stable-slim` resolves the tag at buil", "shortDescription": {"text": "[MINED118] Dockerfile FROM `debian:stable-slim` not pinned by digest: `FROM debian:stable-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production"}, "fullDescription": {"text": "Replace with: `FROM debian:stable-slim@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC090", "name": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/k", "shortDescription": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "fullDescription": {"text": "import `crypto/rand` and use `rand.Read(buf)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+2", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see differ"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/951"}, "properties": {"repository": "ethereum/go-ethereum", "repoUrl": "https://github.com/ethereum/go-ethereum", "branch": "master"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 89465, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 89464, "scanner": "repobility-docker", "fingerprint": "36ccc3445fae69d6ce725044c7389855dc3b9768eb4a1a22dcb93ce4f5911649", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|36ccc3445fae69d6ce725044c7389855dc3b9768eb4a1a22dcb93ce4f5911649"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.alltools"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 89463, "scanner": "repobility-docker", "fingerprint": "df9eee245fab7e7e2864c37f0c6d18ef7a3841a06f9a89f4019f046263b79e41", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|df9eee245fab7e7e2864c37f0c6d18ef7a3841a06f9a89f4019f046263b79e41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.alltools"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 89461, "scanner": "repobility-docker", "fingerprint": "8834241eeb4d718f800897a4f5ff17bde22fe63b627eb3d2777a3d72ee8e9a11", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:latest", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8834241eeb4d718f800897a4f5ff17bde22fe63b627eb3d2777a3d72ee8e9a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 89460, "scanner": "repobility-docker", "fingerprint": "4621bcbceb3b6859a28432a48beee89a9d22874de414f36abda373d08042c658", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "alpine:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4621bcbceb3b6859a28432a48beee89a9d22874de414f36abda373d08042c658"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 89421, "scanner": "repobility-threat-engine", "fingerprint": "f0d88d41a30e582670b13a58a003725f4e086d40fe67f1ac39538616cf2fdf51", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|internal/jsre/jsre.go|275|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/jsre/jsre.go"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 89420, "scanner": "repobility-threat-engine", "fingerprint": "a2aaf06d0c58a80ed098a49b60c037450be40f6158161b79bdae9cfe0fe0a958", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|graphql/service.go|108|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphql/service.go"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 89409, "scanner": "repobility-threat-engine", "fingerprint": "e56db5c90d9a7de623692d078b11c2af1a7c865f90872ceae5d86198d038925f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.OpenFile(s.cfg.proofTestFile, os.O_RDONLY, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e56db5c90d9a7de623692d078b11c2af1a7c865f90872ceae5d86198d038925f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/prooftest.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 89408, "scanner": "repobility-threat-engine", "fingerprint": "e3b3110ba18ebb54e49f6a545316ed90f29a92cea8ca3eafb0f50d421e5585a7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.OpenFile(s.cfg.historyTestFile, os.O_RDONLY, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e3b3110ba18ebb54e49f6a545316ed90f29a92cea8ca3eafb0f50d421e5585a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/historytest.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 89407, "scanner": "repobility-threat-engine", "fingerprint": "9ff79ba1ed447a05abe3b4f7a5f75ff83712912a6bd807cff172a6999167286e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.OpenFile(s.cfg.filterQueryFile, os.O_RDONLY, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9ff79ba1ed447a05abe3b4f7a5f75ff83712912a6bd807cff172a6999167286e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/filtertest.go"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 89404, "scanner": "repobility-threat-engine", "fingerprint": "792f4d636fea1723aa44e285f3c3b0b2a81c72aac4e78c449011696e72a396c0", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(out, base64.StdEncoding.EncodeToString(dataSig))", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|792f4d636fea1723aa44e285f3c3b0b2a81c72aac4e78c449011696e72a396c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/signify/signify.go"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 89403, "scanner": "repobility-threat-engine", "fingerprint": "810402049c862655ba7971e5c30888198e5a2c36a640e3291452180a2bcfc00e", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(out, ws(depth)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|810402049c862655ba7971e5c30888198e5a2c36a640e3291452180a2bcfc00e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/rlpdump/main.go"}, "region": {"startLine": 147}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 89390, "scanner": "repobility-threat-engine", "fingerprint": "2856c2682901a718e2f2b0baf59c2c984d28f573d24d83c86435f42555860690", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServe(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2856c2682901a718e2f2b0baf59c2c984d28f573d24d83c86435f42555860690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "metrics/exp/exp.go"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 89389, "scanner": "repobility-threat-engine", "fingerprint": "197c80c4fc82239ac909db15c7998146ce71092ea03624f198b1f5fd156247cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServe(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|197c80c4fc82239ac909db15c7998146ce71092ea03624f198b1f5fd156247cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/debug/flags.go"}, "region": {"startLine": 328}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 89388, "scanner": "repobility-threat-engine", "fingerprint": "7b0f12f503b4cb5abd3f24f72145d44daddad2cfc99b24b8e6e20fe8d4a0dc65", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Server{Addr: httpAddr, Handler: http.DefaultServeMux}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b0f12f503b4cb5abd3f24f72145d44daddad2cfc99b24b8e6e20fe8d4a0dc65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/discv4cmd.go"}, "region": {"startLine": 190}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 89462, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", ".git", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89459, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4fc197a87f6f2c70af4dc379886bae3e90358616a23303935bc71425dc07a67d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/types/tx_dynamic_fee.go", "duplicate_line": 39, "correlation_key": "fp|4fc197a87f6f2c70af4dc379886bae3e90358616a23303935bc71425dc07a67d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/types/tx_setcode.go"}, "region": {"startLine": 118}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89458, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dee5b0e6c03c16d1a0789bbcd959d05f22c35dbbdf1b0de8103a2239c87b13b2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/types/tx_blob.go", "duplicate_line": 182, "correlation_key": "fp|dee5b0e6c03c16d1a0789bbcd959d05f22c35dbbdf1b0de8103a2239c87b13b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/types/tx_setcode.go"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89457, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6cabb3c237d5a2c76bb56db883e6ec89ab5321b9a1458a29a41547012850a56", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/types/tx_access_list.go", "duplicate_line": 51, "correlation_key": "fp|f6cabb3c237d5a2c76bb56db883e6ec89ab5321b9a1458a29a41547012850a56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/types/tx_legacy.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89456, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecd2002ceeee968e6dade066b94fa2e133a4d3a40f918eed860ac5b363b88061", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/types/tx_blob.go", "duplicate_line": 182, "correlation_key": "fp|ecd2002ceeee968e6dade066b94fa2e133a4d3a40f918eed860ac5b363b88061"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/types/tx_dynamic_fee.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89455, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b3701107af9eb7b81890fca492994d5342a4eb76ace2c9fa81da975db7a229c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/evm/internal/t8ntool/gen_header.go", "duplicate_line": 142, "correlation_key": "fp|7b3701107af9eb7b81890fca492994d5342a4eb76ace2c9fa81da975db7a229c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/types/gen_header_json.go"}, "region": {"startLine": 150}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89454, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a793aa14cd41a829f2f2f808ee8f543676555312b63b512a8328278256a97f92", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/state/snapshot/conversion.go", "duplicate_line": 47, "correlation_key": "fp|a793aa14cd41a829f2f2f808ee8f543676555312b63b512a8328278256a97f92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/snapshot/snapshot.go"}, "region": {"startLine": 469}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89453, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be20842fa57b507f1e3904e870c3b6c9846cd7d96599a13fd75d843fa2f2aa0e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/state/snapshot/difflayer.go", "duplicate_line": 120, "correlation_key": "fp|be20842fa57b507f1e3904e870c3b6c9846cd7d96599a13fd75d843fa2f2aa0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/snapshot/disklayer.go"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89452, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca1bf94d0c40b534848625872000710aad6945111574937605fac1fcac9a4309", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/state/database_history.go", "duplicate_line": 26, "correlation_key": "fp|ca1bf94d0c40b534848625872000710aad6945111574937605fac1fcac9a4309"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/reader.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89451, "scanner": "repobility-ai-code-hygiene", "fingerprint": "219c695bbf0fce54d6a8acbda884e73910631c0b54f6d4ddbf72f65aed97ec21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "core/state/database_mpt.go", "duplicate_line": 86, "correlation_key": "fp|219c695bbf0fce54d6a8acbda884e73910631c0b54f6d4ddbf72f65aed97ec21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/database_ubt.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89450, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9982c14f7bbd2c9f6e8bed6413d905e4a018a6a254fd20ef69c17a4c0c309e6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "consensus/clique/clique.go", "duplicate_line": 431, "correlation_key": "fp|c9982c14f7bbd2c9f6e8bed6413d905e4a018a6a254fd20ef69c17a4c0c309e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "consensus/ethash/consensus.go"}, "region": {"startLine": 341}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89449, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b9f9c53caee9fd4594fd740f40ed786bd946327bd0d79d985d785803358dceb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "common/fdlimit/fdlimit_bsd.go", "duplicate_line": 19, "correlation_key": "fp|9b9f9c53caee9fd4594fd740f40ed786bd946327bd0d79d985d785803358dceb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/fdlimit/fdlimit_unix.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89448, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c3883b8a8365c3cb3768b961ebb643a9ed78bd44f0fd1e6628dbe3a33a07998", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "common/fdlimit/fdlimit_darwin.go", "duplicate_line": 4, "correlation_key": "fp|7c3883b8a8365c3cb3768b961ebb643a9ed78bd44f0fd1e6628dbe3a33a07998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/fdlimit/fdlimit_unix.go"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89447, "scanner": "repobility-ai-code-hygiene", "fingerprint": "390ab8ca395b4775803183c3da14ebab1465d384d29aec993122479c2b8e6b92", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "common/fdlimit/fdlimit_bsd.go", "duplicate_line": 19, "correlation_key": "fp|390ab8ca395b4775803183c3da14ebab1465d384d29aec993122479c2b8e6b92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/fdlimit/fdlimit_darwin.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89446, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5644516a97b33f8129b585fb4517da1941d813fe6fd9312c1c30cb4c48ba210", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/workload/prooftestgen.go", "duplicate_line": 304, "correlation_key": "fp|b5644516a97b33f8129b585fb4517da1941d813fe6fd9312c1c30cb4c48ba210"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/tracetestgen.go"}, "region": {"startLine": 146}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89445, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f50dad20aec47116b197891727239a8fc8d9634d46191576dd7589bf435b644", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/workload/prooftestgen.go", "duplicate_line": 304, "correlation_key": "fp|4f50dad20aec47116b197891727239a8fc8d9634d46191576dd7589bf435b644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/tracetest.go"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89444, "scanner": "repobility-ai-code-hygiene", "fingerprint": "491bc6d46ddc5918ac210d557ac29182447073f6152506bf2c241cff515605d7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/devp2p/main.go", "duplicate_line": 11, "correlation_key": "fp|491bc6d46ddc5918ac210d557ac29182447073f6152506bf2c241cff515605d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/main.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23803ea99b32d34b43b346ebd2d28869a80d3f68dd58a8c4c813807ff8d56248", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/evm/blockrunner.go", "duplicate_line": 39, "correlation_key": "fp|23803ea99b32d34b43b346ebd2d28869a80d3f68dd58a8c4c813807ff8d56248"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/evm/staterunner.go"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89442, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eae40bc5403d58992101d907229f220df07e70c17ab6d2f4908763773b23cfad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/evm/internal/t8ntool/execution.go", "duplicate_line": 37, "correlation_key": "fp|eae40bc5403d58992101d907229f220df07e70c17ab6d2f4908763773b23cfad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/evm/internal/t8ntool/gen_execresult.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89441, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d4e6e64a8025c175a0f690512ee2aad82585c0c15f50ddaf1c996eb3f8d23c5d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cmd/ethkey/changepassword.go", "duplicate_line": 23, "correlation_key": "fp|d4e6e64a8025c175a0f690512ee2aad82585c0c15f50ddaf1c996eb3f8d23c5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/ethkey/inspect.go"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89440, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8459fe9e7bd12e5dfca4dc2d086611bca26b86fec80cb7a829ad5537e2a668a7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/usbwallet/ledger.go", "duplicate_line": 237, "correlation_key": "fp|8459fe9e7bd12e5dfca4dc2d086611bca26b86fec80cb7a829ad5537e2a668a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/usbwallet/trezor.go"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89439, "scanner": "repobility-ai-code-hygiene", "fingerprint": "303b2ea9787d0c88e50d7fc202a0bfcd3d0776e83f1d32bb0f08f5b2b52478f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/scwallet/hub.go", "duplicate_line": 170, "correlation_key": "fp|303b2ea9787d0c88e50d7fc202a0bfcd3d0776e83f1d32bb0f08f5b2b52478f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/usbwallet/hub.go"}, "region": {"startLine": 161}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89438, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ac55f584ee4d06434d2d02793b88f4c1eeb1af14a7a95ce4fcdd8b6b6256491", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/error.go", "duplicate_line": 17, "correlation_key": "fp|9ac55f584ee4d06434d2d02793b88f4c1eeb1af14a7a95ce4fcdd8b6b6256491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/event.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88fce7408c9bd70f85477f1e664cdce36347d9a917060dc7581c133faaa5bbac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/db/bindings.go", "duplicate_line": 2, "correlation_key": "fp|88fce7408c9bd70f85477f1e664cdce36347d9a917060dc7581c133faaa5bbac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/uint256arrayreturn/bindings.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93abc192e640336706928d215d35a5e0ce31cf6b5e7fbd4cee505940fee97183", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/nested_libraries/bindings.go", "duplicate_line": 74, "correlation_key": "fp|93abc192e640336706928d215d35a5e0ce31cf6b5e7fbd4cee505940fee97183"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/solc_errors/bindings.go"}, "region": {"startLine": 102}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06a336a3aef04c2395179489b7b7bce8b1770ca2a275ac9fe7122400c52f7830", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/events/bindings.go", "duplicate_line": 8, "correlation_key": "fp|06a336a3aef04c2395179489b7b7bce8b1770ca2a275ac9fe7122400c52f7830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/solc_errors/bindings.go"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d487d1c1b4d5667f7616bc29b22d3fc59f0a455a26e5d7538c2948cb724fcbf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/db/bindings.go", "duplicate_line": 2, "correlation_key": "fp|4d487d1c1b4d5667f7616bc29b22d3fc59f0a455a26e5d7538c2948cb724fcbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/solc_errors/bindings.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "411111b2c5e832f54e0c2cc321e8f1d30de81ecd0edfabec8ff4d75211c9123f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/db/bindings.go", "duplicate_line": 2, "correlation_key": "fp|411111b2c5e832f54e0c2cc321e8f1d30de81ecd0edfabec8ff4d75211c9123f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/nested_libraries/bindings.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04aa5e7581406db216e4df933ef090e331103b2b9db79c5532b8080d4539ce16", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/v2/internal/contracts/db/bindings.go", "duplicate_line": 2, "correlation_key": "fp|04aa5e7581406db216e4df933ef090e331103b2b9db79c5532b8080d4539ce16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/internal/contracts/events/bindings.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ebe6a3865b54f720866a4a5e83f99626daf148779fcdaf8a21e46b7a024c9801", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/old.go", "duplicate_line": 145, "correlation_key": "fp|ebe6a3865b54f720866a4a5e83f99626daf148779fcdaf8a21e46b7a024c9801"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/base.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 89430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41db7aee2f87c4fedadda7f5ac90711de4a0111c0fc33456fc678d79bdde3302", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "accounts/abi/bind/old.go", "duplicate_line": 41, "correlation_key": "fp|41db7aee2f87c4fedadda7f5ac90711de4a0111c0fc33456fc678d79bdde3302"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/auth.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 89429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 89417, "scanner": "repobility-threat-engine", "fingerprint": "b904b3e74ba006929c5f2284d195eaa3305217494bcdf9104feac250211aefd6", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"RPC method \" + method + \" crashed: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b904b3e74ba006929c5f2284d195eaa3305217494bcdf9104feac250211aefd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rpc/service.go"}, "region": {"startLine": 204}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 89416, "scanner": "repobility-threat-engine", "fingerprint": "864bcfa597de86d8241b18bfbcca1087fe266c95b82fedc1b9b7d37fd0632584", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"* tcId: \" + str(test_vector['tcId']) + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|864bcfa597de86d8241b18bfbcca1087fe266c95b82fedc1b9b7d37fd0632584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/tools/tests_wycheproof_generate.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 89394, "scanner": "repobility-threat-engine", "fingerprint": "11e64d70178d6d072443f766714c9e9e0407921bc62d9e0ffac3b5f1ee8b7b45", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = http.NewRequest(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|11e64d70178d6d072443f766714c9e9e0407921bc62d9e0ffac3b5f1ee8b7b45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/internal/ethtest/engine.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 89393, "scanner": "repobility-threat-engine", "fingerprint": "b75fee2c71d19aa4842fa13e2a84e335fc3396d9655b86a7d11dfb43c90ca066", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = bal.SetString(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b75fee2c71d19aa4842fa13e2a84e335fc3396d9655b86a7d11dfb43c90ca066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/internal/ethtest/chain.go"}, "region": {"startLine": 197}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 89392, "scanner": "repobility-threat-engine", "fingerprint": "1b7cae931790b24f29b6a7bedbaf09b1f6256ffc645becd6df8027c26a753fa5", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = crypto.GenerateKey(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b7cae931790b24f29b6a7bedbaf09b1f6256ffc645becd6df8027c26a753fa5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/discv4cmd.go"}, "region": {"startLine": 305}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 89371, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED033", "level": "none", "message": {"text": "[MINED033] Go Recover Without Log (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 89427, "scanner": "repobility-threat-engine", "fingerprint": "fbb07e72cc11e3b4572ea89c723fe2134675efa8683fd803c2aec97628259c34", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fbb07e72cc11e3b4572ea89c723fe2134675efa8683fd803c2aec97628259c34", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 89419, "scanner": "repobility-threat-engine", "fingerprint": "d52f61c1c35f8c70648fb04726415aaac59374a5feba989afdca4cb8aefdb4c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d52f61c1c35f8c70648fb04726415aaac59374a5feba989afdca4cb8aefdb4c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "eth/tracers/internal/tracetest/makeTest.js"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 89415, "scanner": "repobility-threat-engine", "fingerprint": "23150d49b09dd5dc95a57e336c25fc32fb43b5b21c8e9be9bc316a851fdbede3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23150d49b09dd5dc95a57e336c25fc32fb43b5b21c8e9be9bc316a851fdbede3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/src/precompute_ecmult.c"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 89414, "scanner": "repobility-threat-engine", "fingerprint": "4e858a56c34b65b0912e3fe629971d6d32fcda68cee02eb1f3bab34175679dd4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4e858a56c34b65b0912e3fe629971d6d32fcda68cee02eb1f3bab34175679dd4"}}}, {"ruleId": "SEC094", "level": "none", "message": {"text": "[SEC094] Go: world-writable file permissions (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 89410, "scanner": "repobility-threat-engine", "fingerprint": "f6969b831adae8fa8794335b69f3f73f55ad132c00eca2f1d0aae022be754b26", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f6969b831adae8fa8794335b69f3f73f55ad132c00eca2f1d0aae022be754b26"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 89402, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 89401, "scanner": "repobility-threat-engine", "fingerprint": "89c38c2c821dfb6eb76d638c640e7d156e52538054cb078b1bcbc37406a4bfcf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|89c38c2c821dfb6eb76d638c640e7d156e52538054cb078b1bcbc37406a4bfcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/download/download.go"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 89400, "scanner": "repobility-threat-engine", "fingerprint": "7118415b842a0c4ae9d7769b3405a73afc01af26aa6fc074babe5ab120465e3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7118415b842a0c4ae9d7769b3405a73afc01af26aa6fc074babe5ab120465e3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/debug/flags.go"}, "region": {"startLine": 326}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 89399, "scanner": "repobility-threat-engine", "fingerprint": "8dffe054d6ad57aec612ed7889d0775690635e43769833319a0bdf5c6db7a21c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8dffe054d6ad57aec612ed7889d0775690635e43769833319a0bdf5c6db7a21c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/geth/misccmd.go"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 89398, "scanner": "repobility-threat-engine", "fingerprint": "0a56d32cf5bf42f4b7a0790c9f7080d9c7fb959f2ff888b7a5fc5d22e574825f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a56d32cf5bf42f4b7a0790c9f7080d9c7fb959f2ff888b7a5fc5d22e574825f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/geth/consolecmd.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 89397, "scanner": "repobility-threat-engine", "fingerprint": "36405791c05b6f4e4121940c8c724fe3c13321ddf3bc20184a5cd9173f0becd5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36405791c05b6f4e4121940c8c724fe3c13321ddf3bc20184a5cd9173f0becd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trie/transitiontrie/transition.go"}, "region": {"startLine": 191}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 89396, "scanner": "repobility-threat-engine", "fingerprint": "6c1fff75a0c59f7ff7a2f341544ced46893f33b9b4917dfc0dccc2a4cab6bac1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6c1fff75a0c59f7ff7a2f341544ced46893f33b9b4917dfc0dccc2a4cab6bac1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/evm/runner.go"}, "region": {"startLine": 210}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 89395, "scanner": "repobility-threat-engine", "fingerprint": "6e40b6343873d3595f7600f6938ec9b4c2657113171b3b084a8e397dd3a7aac6", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6e40b6343873d3595f7600f6938ec9b4c2657113171b3b084a8e397dd3a7aac6"}}}, {"ruleId": "SEC091", "level": "none", "message": {"text": "[SEC091] Go: net/http server without timeouts (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 89391, "scanner": "repobility-threat-engine", "fingerprint": "9386a276b134b82fd7ae753a1ef4dbc2b3a9393ca449b503ead5a3bff4c4c39c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9386a276b134b82fd7ae753a1ef4dbc2b3a9393ca449b503ead5a3bff4c4c39c"}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 89387, "scanner": "repobility-threat-engine", "fingerprint": "cf3801bb4c3835f8b9670332ae3213a6679adb8885ea206b2d757c424883cba0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cf3801bb4c3835f8b9670332ae3213a6679adb8885ea206b2d757c424883cba0", "aggregated_count": 21}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 89383, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 89379, "scanner": "repobility-threat-engine", "fingerprint": "0932b128668cfa71813e5e0027689a545161f67e115adde8f517d6b1ab877df8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0932b128668cfa71813e5e0027689a545161f67e115adde8f517d6b1ab877df8", "aggregated_count": 22}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 89378, "scanner": "repobility-threat-engine", "fingerprint": "0a804207cbc5b6d80191c2b91a4f2327fbbe029ffecd1a4713e898fc78513d02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a804207cbc5b6d80191c2b91a4f2327fbbe029ffecd1a4713e898fc78513d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "beacon/blsync/engineclient.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 89377, "scanner": "repobility-threat-engine", "fingerprint": "cae0b8b7e128b43c10ea89fba749a681a3221536db576c1a394ddb87f0ccfbc1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cae0b8b7e128b43c10ea89fba749a681a3221536db576c1a394ddb87f0ccfbc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/auth.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 89376, "scanner": "repobility-threat-engine", "fingerprint": "1d9187bf48b8ef1d8ff953e0a270f244ec1df7a7f04d3d6fd0ebdbd1e82a1b25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d9187bf48b8ef1d8ff953e0a270f244ec1df7a7f04d3d6fd0ebdbd1e82a1b25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/old.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 120 more): Same pattern found in 120 additional files. Review if needed."}, "properties": {"repobilityId": 89375, "scanner": "repobility-threat-engine", "fingerprint": "caa120c27f8b57299519ddb9f53970f26c138053954706b585be288053d5391c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 120 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|caa120c27f8b57299519ddb9f53970f26c138053954706b585be288053d5391c", "aggregated_count": 120}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 89374, "scanner": "repobility-threat-engine", "fingerprint": "c99df5ae4034e57e3c4545743d8e05ae774aad95feeacbb451944cb994ed55dc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c99df5ae4034e57e3c4545743d8e05ae774aad95feeacbb451944cb994ed55dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/dep_tree.go"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 89373, "scanner": "repobility-threat-engine", "fingerprint": "b4ad1247fe70dc6ad659f321c8d5acdb0f67e1c8e5e42dc2abba92efbc5a57f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b4ad1247fe70dc6ad659f321c8d5acdb0f67e1c8e5e42dc2abba92efbc5a57f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/bind/v2/auth.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 89372, "scanner": "repobility-threat-engine", "fingerprint": "486710742845164aa4724e6f2ee18e57e0ccdf5d01ad1531cabf3a4778dd9fab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|486710742845164aa4724e6f2ee18e57e0ccdf5d01ad1531cabf3a4778dd9fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/abi/abi.go"}, "region": {"startLine": 254}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89497, "scanner": "repobility-supply-chain", "fingerprint": "cf9dc090222e820a7f31b80c108ad26b576c7164e10e79a8b00fb4fef3e590d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cf9dc090222e820a7f31b80c108ad26b576c7164e10e79a8b00fb4fef3e590d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/go.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89496, "scanner": "repobility-supply-chain", "fingerprint": "32ea26259bb802e336bdc35a571c3b40e525603a2fe919c514f133007527307f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32ea26259bb802e336bdc35a571c3b40e525603a2fe919c514f133007527307f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_pr.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89495, "scanner": "repobility-supply-chain", "fingerprint": "417688b1027b266badaff8a3c1f99ef460982f79843c5cc1927c39100e57282b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|417688b1027b266badaff8a3c1f99ef460982f79843c5cc1927c39100e57282b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_pr.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89494, "scanner": "repobility-supply-chain", "fingerprint": "d89706632fb56a3f6874e84f17dad88249b0097f6195537cfa8d1d99609e2cde", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d89706632fb56a3f6874e84f17dad88249b0097f6195537cfa8d1d99609e2cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/validate_pr.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `vmactions/freebsd-vm` pinned to mutable ref `@v1`: `uses: vmactions/freebsd-vm@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89493, "scanner": "repobility-supply-chain", "fingerprint": "4cc1c354f9d7d9bc5b7b855a76518da2022ec841a0aced9f6b494b55d7b08ddb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4cc1c354f9d7d9bc5b7b855a76518da2022ec841a0aced9f6b494b55d7b08ddb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/freebsd.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89492, "scanner": "repobility-supply-chain", "fingerprint": "8185f51438725d2a3e89c3da008e346371854869d85194c33004cc72f2d85543", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8185f51438725d2a3e89c3da008e346371854869d85194c33004cc72f2d85543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/freebsd.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED128", "level": "error", "message": {"text": "[MINED128] go.mod replaces `github.com/ethereum/go-ethereum` \u2014 points to a LOCAL path: `replace github.com/ethereum/go-ethereum => ../../` overrides the canonical dependency with a different source (points to a LOCAL path). Local-path replaces are fine for monorepos but in published modules they can hide malicious forks from anyone who only audits the require lines."}, "properties": {"repobilityId": 89491, "scanner": "repobility-supply-chain", "fingerprint": "35882a76b41290ffbdfc666f476758d0df9ae90d47f860b4ef9ca8caa545c1bf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gomod-replace-local", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["go"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35882a76b41290ffbdfc666f476758d0df9ae90d47f860b4ef9ca8caa545c1bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/keeper/go.mod"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "[MINED126] Workflow container/services image `sagemath/sagemath:latest` unpinned: `container/services image: sagemath/sagemath:latest` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"repobilityId": 89490, "scanner": "repobility-supply-chain", "fingerprint": "b210788159641c571715ae93a7bb8cd91b48febe76f323b263bc4c63a4814163", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b210788159641c571715ae93a7bb8cd91b48febe76f323b263bc4c63a4814163"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 856}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89489, "scanner": "repobility-supply-chain", "fingerprint": "c2aa8a580492076e39e1e6a25bc3835c62a994d1b1dc577ff9036ca0f9e29603", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c2aa8a580492076e39e1e6a25bc3835c62a994d1b1dc577ff9036ca0f9e29603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 873}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89488, "scanner": "repobility-supply-chain", "fingerprint": "7d102b55cebf30c8edcdcb61d351773354872d11c7439d824b9d12b6948b6cc7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d102b55cebf30c8edcdcb61d351773354872d11c7439d824b9d12b6948b6cc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 861}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89487, "scanner": "repobility-supply-chain", "fingerprint": "27490144067887f99fe1cfb78d3920c09ce3cb7f05a65b9fd8020a861914cb6d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|27490144067887f99fe1cfb78d3920c09ce3cb7f05a65b9fd8020a861914cb6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 841}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89486, "scanner": "repobility-supply-chain", "fingerprint": "412ad4d0b4923a9ebbb21f27c87782df630f599684a4662a9ba30c744d91b50b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|412ad4d0b4923a9ebbb21f27c87782df630f599684a4662a9ba30c744d91b50b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 808}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ilammy/msvc-dev-cmd` pinned to mutable ref `@v1`: `uses: ilammy/msvc-dev-cmd@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89485, "scanner": "repobility-supply-chain", "fingerprint": "8832745de007715e8055d8f18e85d8c5ef17755a3d20511f15a2100ac52ab438", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8832745de007715e8055d8f18e85d8c5ef17755a3d20511f15a2100ac52ab438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 783}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89484, "scanner": "repobility-supply-chain", "fingerprint": "c96b7327eefd3df33c4baa735007e868dcf1348f44f268d14974c9fd6958414e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c96b7327eefd3df33c4baa735007e868dcf1348f44f268d14974c9fd6958414e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 780}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89483, "scanner": "repobility-supply-chain", "fingerprint": "33f157e70c3b776cc5f598369f66e15ddf7e22fcf0a902b65ae6182a32c05e98", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|33f157e70c3b776cc5f598369f66e15ddf7e22fcf0a902b65ae6182a32c05e98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 752}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89482, "scanner": "repobility-supply-chain", "fingerprint": "deccf0757ae5485d6f1eaaf0fc3d7839cfb61770805c5f482ccc6fd32ba384aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|deccf0757ae5485d6f1eaaf0fc3d7839cfb61770805c5f482ccc6fd32ba384aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 700}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89481, "scanner": "repobility-supply-chain", "fingerprint": "8392d77fb1516e814564fae1e0e72d650bc56bcdae15d1e763f83d789cd6e5e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8392d77fb1516e814564fae1e0e72d650bc56bcdae15d1e763f83d789cd6e5e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 641}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89480, "scanner": "repobility-supply-chain", "fingerprint": "6280811f8551aaeb990744794e83756d0eb72310d729fef0f5961e5db9ad9172", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6280811f8551aaeb990744794e83756d0eb72310d729fef0f5961e5db9ad9172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 587}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89479, "scanner": "repobility-supply-chain", "fingerprint": "ff10db33daa130757058cda646ee23d8ee45a1d638e8efb69499f0cc7b0e2cf3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ff10db33daa130757058cda646ee23d8ee45a1d638e8efb69499f0cc7b0e2cf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 531}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89478, "scanner": "repobility-supply-chain", "fingerprint": "2363410d321120813a1a6f5af6b98829d6d49230b5eb66dd23849ec2611a398e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2363410d321120813a1a6f5af6b98829d6d49230b5eb66dd23849ec2611a398e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 467}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89477, "scanner": "repobility-supply-chain", "fingerprint": "aa9055f00c0222790935b838c807d6baced7341a8585b07a38bd79dc2e67f42d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa9055f00c0222790935b838c807d6baced7341a8585b07a38bd79dc2e67f42d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 410}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89476, "scanner": "repobility-supply-chain", "fingerprint": "471f00552eba450696e8bb34cddf7f2ce57d373bb5eebb2cc462430298b617d4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|471f00552eba450696e8bb34cddf7f2ce57d373bb5eebb2cc462430298b617d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89475, "scanner": "repobility-supply-chain", "fingerprint": "05d425333a03138ec7944a353faa0aef56d73e9e204a7f2eeacdc31e2b58e40a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|05d425333a03138ec7944a353faa0aef56d73e9e204a7f2eeacdc31e2b58e40a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 308}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89474, "scanner": "repobility-supply-chain", "fingerprint": "ab2a0dfb0d793fa4697dec3c941ee965ba55973bdc29374e2dc9832331ef7910", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab2a0dfb0d793fa4697dec3c941ee965ba55973bdc29374e2dc9832331ef7910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 251}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89473, "scanner": "repobility-supply-chain", "fingerprint": "15e547198710116618dc490bb92eeb9063a8a0517bd4bdb3febf39988f565442", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15e547198710116618dc490bb92eeb9063a8a0517bd4bdb3febf39988f565442"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89472, "scanner": "repobility-supply-chain", "fingerprint": "49bd4f4abcc97ca17c169bc36112b8dbff2bf4993bc623956621c17437fd07a5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49bd4f4abcc97ca17c169bc36112b8dbff2bf4993bc623956621c17437fd07a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 89471, "scanner": "repobility-supply-chain", "fingerprint": "98b83e5a1bc69c5a53fca53172eb50a859947597c3c494d76c3e7d398fe3cb72", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98b83e5a1bc69c5a53fca53172eb50a859947597c3c494d76c3e7d398fe3cb72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/.github/workflows/ci.yml"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `debian:stable-slim` not pinned by digest: `FROM debian:stable-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 89470, "scanner": "repobility-supply-chain", "fingerprint": "48fdbf96c38f1a7effd7db7b276c4772f06329328b8b5d2697e1df93d30c120d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48fdbf96c38f1a7effd7db7b276c4772f06329328b8b5d2697e1df93d30c120d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/ci/linux-debian.Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:latest` not pinned by digest: `FROM alpine:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 89469, "scanner": "repobility-supply-chain", "fingerprint": "ab9bae69c15b56c76de07491991f7c782d0874419035ab4f68ede1d03ad6702d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab9bae69c15b56c76de07491991f7c782d0874419035ab4f68ede1d03ad6702d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `golang:1.26-alpine` not pinned by digest: `FROM golang:1.26-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 89468, "scanner": "repobility-supply-chain", "fingerprint": "ed43822c33db4ef35e58fa543dff63bf8ebbca8ffa4d8d2d6dc45bfbcbdd028f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ed43822c33db4ef35e58fa543dff63bf8ebbca8ffa4d8d2d6dc45bfbcbdd028f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `alpine:latest` not pinned by digest: `FROM alpine:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 89467, "scanner": "repobility-supply-chain", "fingerprint": "864ef0f1cb437b788ef8e086a2f4b36861de437a110b19a5a1d1c90a4e080726", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|864ef0f1cb437b788ef8e086a2f4b36861de437a110b19a5a1d1c90a4e080726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.alltools"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `golang:1.26-alpine` not pinned by digest: `FROM golang:1.26-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 89466, "scanner": "repobility-supply-chain", "fingerprint": "2045c3d5e82911f215cb459fafd05936fa736704fc4b5dc0fdeb262406c26a1c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2045c3d5e82911f215cb459fafd05936fa736704fc4b5dc0fdeb262406c26a1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile.alltools"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 89428, "scanner": "repobility-threat-engine", "fingerprint": "d3c4b8b44062209db0328693a49a1275189e069ad62873ed38cf2f3bcaa4ddef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"time\"\n\n\t\"github.com/ethereum/go-ethereum/common/mclock\"\n\t\"github.com/ethereum/go-ethere", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3c4b8b44062209db0328693a49a1275189e069ad62873ed38cf2f3bcaa4ddef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "p2p/dnsdisc/sync.go"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 89426, "scanner": "repobility-threat-engine", "fingerprint": "fb7b484ad93f2eab6c79bc87d2e7409af67efa78aed79741c1a3ca590fb01f82", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fb7b484ad93f2eab6c79bc87d2e7409af67efa78aed79741c1a3ca590fb01f82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "log/format.go"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 89425, "scanner": "repobility-threat-engine", "fingerprint": "622bd2691caaa92ad5f647b27b9deeea1bc863d56f2e8fbbe851288f9b453ab9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|622bd2691caaa92ad5f647b27b9deeea1bc863d56f2e8fbbe851288f9b453ab9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/utesting/utesting.go"}, "region": {"startLine": 253}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 89424, "scanner": "repobility-threat-engine", "fingerprint": "371395a3b9e4dcce99d44fee39225de789e954bc31bf48303d550f906071ea3d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|371395a3b9e4dcce99d44fee39225de789e954bc31bf48303d550f906071ea3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/jsre/pretty.go"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 89423, "scanner": "repobility-threat-engine", "fingerprint": "42a2ee2f57dbf861a9476dd20a0b0ed64fe716818a65668f0e91f53b38122df7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(file", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42a2ee2f57dbf861a9476dd20a0b0ed64fe716818a65668f0e91f53b38122df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/jsre/jsre.go"}, "region": {"startLine": 275}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 89422, "scanner": "repobility-threat-engine", "fingerprint": "82c8c66c3bb3d7b8064eff446b8e712237217e158c968b36568b4af3353585af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(ctx", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|82c8c66c3bb3d7b8064eff446b8e712237217e158c968b36568b4af3353585af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphql/service.go"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 89418, "scanner": "repobility-threat-engine", "fingerprint": "a9a924aa20439dd0a76755c9c8c419402efea8043b815388873450108a385682", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.Command(signify,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a9a924aa20439dd0a76755c9c8c419402efea8043b815388873450108a385682"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/signify/signify_fuzz.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 89413, "scanner": "repobility-threat-engine", "fingerprint": "303cbc0862b00925a3c5fc5783ba95bef56915866610ac93b0b98525b0fe4688", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "t.Update(leaf.key[:], leaf.value)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|303cbc0862b00925a3c5fc5783ba95bef56915866610ac93b0b98525b0fe4688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/snapshot/conversion.go"}, "region": {"startLine": 359}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 89412, "scanner": "repobility-threat-engine", "fingerprint": "fe8db8b1c915ed9e71f7f3cdc0dd99842f3f908b08a34b2aea74f4b639523144", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ctx.batch.Delete(key)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fe8db8b1c915ed9e71f7f3cdc0dd99842f3f908b08a34b2aea74f4b639523144"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/state/snapshot/context.go"}, "region": {"startLine": 180}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 89411, "scanner": "repobility-threat-engine", "fingerprint": "8a6cbaa9f00ec1f15e99e93ecb39b6f95c400bb25f8598781f151983620c9038", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "accountReadTimer.Update(s.AccountReads)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8a6cbaa9f00ec1f15e99e93ecb39b6f95c400bb25f8598781f151983620c9038"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "core/blockchain_stats.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 89406, "scanner": "repobility-threat-engine", "fingerprint": "9871f688bed10d257e2a66eb654252bf1d4016a1ac7d1a82d252c74fe52ce4c0", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(filename_input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|14|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crypto/secp256k1/libsecp256k1/tools/tests_wycheproof_generate.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 89405, "scanner": "repobility-threat-engine", "fingerprint": "6f067e042652f2ecd556497192dbfad5e68d2380bd090498d89ed47ed1b990ab", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(s.cfg.filterQuery", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|cmd/workload/filtertest.go|155|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/workload/filtertest.go"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 89386, "scanner": "repobility-threat-engine", "fingerprint": "819657486323038690b40aadef8d7d9bf93c2ea9ff0eeca06a2bb4e9dceeb7cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|819657486323038690b40aadef8d7d9bf93c2ea9ff0eeca06a2bb4e9dceeb7cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/dns_cloudflare.go"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 89385, "scanner": "repobility-threat-engine", "fingerprint": "12d8d3d5a0ba6253147638deb0c2d4cf3ccef87ec4b0d96a0a14def651428232", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12d8d3d5a0ba6253147638deb0c2d4cf3ccef87ec4b0d96a0a14def651428232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cmd/devp2p/discv5cmd.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 89384, "scanner": "repobility-threat-engine", "fingerprint": "469cbb589e6400b087f0a93203e942d01ce2393d358e84a92867f69650aad68b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|469cbb589e6400b087f0a93203e942d01ce2393d358e84a92867f69650aad68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/scwallet/hub.go"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 89382, "scanner": "repobility-threat-engine", "fingerprint": "3e6ec039a01157ed6a266be59c29222b0f3ca37709f449952897c67036a3bb26", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e6ec039a01157ed6a266be59c29222b0f3ca37709f449952897c67036a3bb26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/scwallet/hub.go"}, "region": {"startLine": 185}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 89381, "scanner": "repobility-threat-engine", "fingerprint": "7475a758dc527527757be7107920d27ef2a4c4e3872f2b58811d69db9b5da369", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7475a758dc527527757be7107920d27ef2a4c4e3872f2b58811d69db9b5da369"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/manager.go"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 89380, "scanner": "repobility-threat-engine", "fingerprint": "b91e42fc945d6d8f85b16033afaa3f631916150ab3fae3a850e0e49fa548c1db", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b91e42fc945d6d8f85b16033afaa3f631916150ab3fae3a850e0e49fa548c1db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "accounts/keystore/account_cache.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 2 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 89498, "scanner": "repobility-supply-chain", "fingerprint": "9a38bff21f7691aefb979b5c8b4724edeb4a5078e85dffba7a945aedb26f1da7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "graphql/internal/graphiql/graphiql.min.js"}, "region": {"startLine": 2}}}]}]}]}