{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 40."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1088"}, "properties": {"repository": "tasmota/install", "repoUrl": "https://github.com/tasmota/install", "branch": "main"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 106702, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 106693, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75aca6f7830314de7a754762d2262350f2469e2595a12cb41e86fe12ec4cdc40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "genManifest.py", "duplicate_line": 10, "correlation_key": "fp|75aca6f7830314de7a754762d2262350f2469e2595a12cb41e86fe12ec4cdc40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestWithFeatureas.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 106703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "94e3e45cae4cf80c0d5502c67831422f23596949aabdc541105ba6bdd884dea1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "genManifest.py", "duplicate_line": 97, "correlation_key": "fp|94e3e45cae4cf80c0d5502c67831422f23596949aabdc541105ba6bdd884dea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestRelease.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 106701, "scanner": "repobility-threat-engine", "fingerprint": "dccab8f9141fda7a16f36e0e10e58602d6901900f18b43330b1d9dfde0139c78", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dccab8f9141fda7a16f36e0e10e58602d6901900f18b43330b1d9dfde0139c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "js/tasmota_gh_helper.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 106700, "scanner": "repobility-threat-engine", "fingerprint": "374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 10, "for": 3, "elif": 3, "else": 2, "continue": 9, "nested_bonus": 13}, "aggregated": true, "complexity": 40, "correlation_key": "fp|374b2f9ca97c941ea8799534a3f6a7246c4a413e5ec69c34d7f4988e5034f739", "aggregated_count": 2}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 106696, "scanner": "repobility-threat-engine", "fingerprint": "37490dc8085fc52bf192f6007424348073dbd125d72e4de931649b74602de02f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37490dc8085fc52bf192f6007424348073dbd125d72e4de931649b74602de02f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestWithFeatureas.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 106695, "scanner": "repobility-threat-engine", "fingerprint": "93ce8d7f1d48aa7d479550080947cf0062ddc0f72e676f7489a04d42f4c5ddd7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93ce8d7f1d48aa7d479550080947cf0062ddc0f72e676f7489a04d42f4c5ddd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestRelease.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 106694, "scanner": "repobility-threat-engine", "fingerprint": "ca0e7faff987ddd1fd42a9b462fd0dc4a54d79ff0b1c1862685283e92d0c3772", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca0e7faff987ddd1fd42a9b462fd0dc4a54d79ff0b1c1862685283e92d0c3772"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifest.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 40 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=9, elif=3, else=2, for=3, if=10, nested_bonus=13."}, "properties": {"repobilityId": 106699, "scanner": "repobility-threat-engine", "fingerprint": "a65e7fae47df1ca0406b16adcd3a8114fb925150c1392a6fb69375bec3046600", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 40 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 10, "for": 3, "elif": 3, "else": 2, "continue": 9, "nested_bonus": 13}, "complexity": 40, "correlation_key": "fp|a65e7fae47df1ca0406b16adcd3a8114fb925150c1392a6fb69375bec3046600"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestWithFeatureas.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 42 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=10, elif=2, else=3, for=3, if=11, nested_bonus=13."}, "properties": {"repobilityId": 106698, "scanner": "repobility-threat-engine", "fingerprint": "90a2ec533a5a4b28bd0f0840f55cdd957f4f69f3f76b73f81f0ad7d4f3289e34", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 42 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 11, "for": 3, "elif": 2, "else": 3, "continue": 10, "nested_bonus": 13}, "complexity": 42, "correlation_key": "fp|90a2ec533a5a4b28bd0f0840f55cdd957f4f69f3f76b73f81f0ad7d4f3289e34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifestRelease.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 40 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=9, elif=3, else=2, for=3, if=10, nested_bonus=13."}, "properties": {"repobilityId": 106697, "scanner": "repobility-threat-engine", "fingerprint": "e2c1158555c28e3eb9e64a09b4077c2d1271cefca92e6576dba7c521a3c457fb", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 40 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 10, "for": 3, "elif": 3, "else": 2, "continue": 9, "nested_bonus": 13}, "complexity": 40, "correlation_key": "fp|e2c1158555c28e3eb9e64a09b4077c2d1271cefca92e6576dba7c521a3c457fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "genManifest.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 106692, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}