{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `ProcessFile` (list): `def ProcessFile(... = []/{}/set())` \u2014 Python's default val", "shortDescription": {"text": "[MINED109] Mutable default argument in `ProcessFile` (list): `def ProcessFile(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for e"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def ProcessFile(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Publish a package-manager install path or add checksum/signature verification before execution. For docs, show the inspect-then-run flow and pin the downloaded artifact version."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `raw_xxtea` has cognitive complexity 12 (SonarSource scale). Cognitive com", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `raw_xxtea` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 12."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED080", "name": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.", "shortDescription": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 233 more): Same pattern found in 233 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 233 more): Same pattern found in 233 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 25 more): Same pattern found in 25 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC100", "name": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 1 more): Same pattern found in 1 additional files. Review i", "shortDescription": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Allowlist specific origins. For dynamic per-request validation, validate against a known list and echo the origin back. Never combine wildcard origin with credentials."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o` committ", "shortDescription": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o` is a .o bin"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `arduino/actions/libraries/spell-check` pinned to mutable ref `@master`: `uses: arduino/actions/librar", "shortDescription": {"text": "[MINED115] Action `arduino/actions/libraries/spell-check` pinned to mutable ref `@master`: `uses: arduino/actions/libraries/spell-check@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made"}, "fullDescription": {"text": "Replace with: `uses: arduino/actions/libraries/spell-check@<40-char-sha>  # master` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.assert_` used but never assigned in __init__: Method `_GetChildren` of class `GTestXMLTestCase` reads `", "shortDescription": {"text": "[MINED108] `self.assert_` used but never assigned in __init__: Method `_GetChildren` of class `GTestXMLTestCase` reads `self.assert_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the "}, "fullDescription": {"text": "Initialize `self.assert_ = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `io` used but not imported: The file uses `io.something(...)` but never imports `io`. This ra", "shortDescription": {"text": "[MINED107] Missing import: `io` used but not imported: The file uses `io.something(...)` but never imports `io`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import io` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1237"}, "properties": {"repository": "lyusupov/SoftRF", "repoUrl": "https://github.com/lyusupov/SoftRF", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 124465, "scanner": "repobility-ast-engine", "fingerprint": "a8a7aa8cb4e44476ef50c96c821a395a1dc72f4a62b5a4ee2f662b7427b502a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8a7aa8cb4e44476ef50c96c821a395a1dc72f4a62b5a4ee2f662b7427b502a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/TFT_eSPI/Tools/bmp2array4bit/bmp2array4bit.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 124464, "scanner": "repobility-ast-engine", "fingerprint": "2065d11e72bbd6c249b634f77720cfb780f654b9295199768d6e898c5173ba52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2065d11e72bbd6c249b634f77720cfb780f654b9295199768d6e898c5173ba52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/TFT_eSPI/Tools/bmp2array4bit/bmp2array4bit.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessFile` (list): `def ProcessFile(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124463, "scanner": "repobility-ast-engine", "fingerprint": "71377f79af1ba44b36944f66085030ee12971cc0657f917ddea8a6d4c3594833", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|71377f79af1ba44b36944f66085030ee12971cc0657f917ddea8a6d4c3594833"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/extras/cpplint.py"}, "region": {"startLine": 6031}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessFileData` (list): `def ProcessFileData(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124462, "scanner": "repobility-ast-engine", "fingerprint": "f28ada0042ac51a9e80bbf82857b28a51e41f70aea527383b447cc45b6870013", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f28ada0042ac51a9e80bbf82857b28a51e41f70aea527383b447cc45b6870013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/extras/cpplint.py"}, "region": {"startLine": 5895}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessLine` (list): `def ProcessLine(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124461, "scanner": "repobility-ast-engine", "fingerprint": "37d523b3af4fceda19585ebae9efeb7d9b6ed1af5224862f496e054f4a65f85c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37d523b3af4fceda19585ebae9efeb7d9b6ed1af5224862f496e054f4a65f85c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/extras/cpplint.py"}, "region": {"startLine": 5780}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 124459, "scanner": "repobility-ast-engine", "fingerprint": "2720a4804b216d40322ad07801181736ae6ed375cadfc5d1e85efcd57c782119", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2720a4804b216d40322ad07801181736ae6ed375cadfc5d1e85efcd57c782119"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/rpi_ws281x-1.0.0/version.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `msgSXHeartbeat` (list): `def msgSXHeartbeat(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124457, "scanner": "repobility-ast-engine", "fingerprint": "48df8db9a4a2d0488f686ac77f8376cfb8eb72192dd9288d263c0cfdb71a37fb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48df8db9a4a2d0488f686ac77f8376cfb8eb72192dd9288d263c0cfdb71a37fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/GDL90.py"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 124456, "scanner": "repobility-ast-engine", "fingerprint": "439335e8bde295edb075d275742f66ac03b8946a0281b0432d9b974384b729fe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|439335e8bde295edb075d275742f66ac03b8946a0281b0432d9b974384b729fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_test_utils.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessFile` (list): `def ProcessFile(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124436, "scanner": "repobility-ast-engine", "fingerprint": "47cef64ff4e7eb6fea1db9571c6802315be291bf6f1fed3a1a81769d6d9a81a4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|47cef64ff4e7eb6fea1db9571c6802315be291bf6f1fed3a1a81769d6d9a81a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 3220}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessFileData` (list): `def ProcessFileData(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124435, "scanner": "repobility-ast-engine", "fingerprint": "42e9afb76db52ae347d84a2924234329960b0d0cfc67c2cb3531407dd9b87c90", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|42e9afb76db52ae347d84a2924234329960b0d0cfc67c2cb3531407dd9b87c90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 3175}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `ProcessLine` (list): `def ProcessLine(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 124434, "scanner": "repobility-ast-engine", "fingerprint": "fb09a913583c1e8bd9def0c859bced227d89c0de59fa1dafb680374acccd7103", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb09a913583c1e8bd9def0c859bced227d89c0de59fa1dafb680374acccd7103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 3139}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 124425, "scanner": "repobility-agent-runtime", "fingerprint": "7167fbf1a901358db0aea74878c4d5b8bea5b1655db48a05eac4b2a33fad6db6", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7167fbf1a901358db0aea74878c4d5b8bea5b1655db48a05eac4b2a33fad6db6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Pico-PIO-USB/.github/workflows/build_arduino.yml"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124394, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5755d69045f1af9b95d5f558879b0d31ffc057622201e24e49af46a5764c54e6", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|5755d69045f1af9b95d5f558879b0d31ffc057622201e24e49af46a5764c54e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124393, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6da40c02274465e8aa66dcba009bdbf76e425afaad64d795e6bdb6dd3575b456", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6da40c02274465e8aa66dcba009bdbf76e425afaad64d795e6bdb6dd3575b456"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124392, "scanner": "repobility-ai-code-hygiene", "fingerprint": "367d80b4a078eb00ae6b6fb7668528072470cfeead44783741dc368b4e026e75", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|367d80b4a078eb00ae6b6fb7668528072470cfeead44783741dc368b4e026e75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/structs_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124391, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78c1dcb36a2433fd920386b785e9657ed342f0d38dbaf59f105c25f05582566c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|78c1dcb36a2433fd920386b785e9657ed342f0d38dbaf59f105c25f05582566c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124390, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bef89c4555d61a8b15526939d18b5b229092975d17f165eb95ad045efc9bdd7c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|bef89c4555d61a8b15526939d18b5b229092975d17f165eb95ad045efc9bdd7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124389, "scanner": "repobility-ai-code-hygiene", "fingerprint": "26b70bc33bcbde6c78e8437631b87885803ecd197d4dff4ecf6746b1177def27", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|26b70bc33bcbde6c78e8437631b87885803ecd197d4dff4ecf6746b1177def27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124388, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3506103bfa63eab852bb51c70f3e9d7957f5f632d73d908d1793c5609c653030", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3506103bfa63eab852bb51c70f3e9d7957f5f632d73d908d1793c5609c653030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b00f6babfecadb8034f33ce29aa3a732fd0791723bfb5193775fcbafeccaebc", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|3b00f6babfecadb8034f33ce29aa3a732fd0791723bfb5193775fcbafeccaebc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b8d9c380cf727fc55a733d3a9d9e11711731439aebdc31ffc1c3178b9f5e94a", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|9b8d9c380cf727fc55a733d3a9d9e11711731439aebdc31ffc1c3178b9f5e94a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82c75b9e9225e56395d4c65302ac4f4dd5c4a5c72e9253f35d079aaa0fa6df02", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|82c75b9e9225e56395d4c65302ac4f4dd5c4a5c72e9253f35d079aaa0fa6df02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51f2d5f70603fc93c2bfb250e9f0f97f2ba76c8dd756f84f7ab43e6c2755ac2e", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|51f2d5f70603fc93c2bfb250e9f0f97f2ba76c8dd756f84f7ab43e6c2755ac2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d199142c4a165ff1d231ef5b68c09533565ccadf3fbc74575cc34250b2135f1", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0d199142c4a165ff1d231ef5b68c09533565ccadf3fbc74575cc34250b2135f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124382, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2dc5b3defbd72e430b51c6ab34ba3ee0490b49e0209eebc8a04567e5135f26ba", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2dc5b3defbd72e430b51c6ab34ba3ee0490b49e0209eebc8a04567e5135f26ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124381, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5ccd8242162d849d57737dafab88f58ca7fdc1476b2723e4608ce66363a6195", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d5ccd8242162d849d57737dafab88f58ca7fdc1476b2723e4608ce66363a6195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124380, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0a068649dc701fb217ce817ad86be47eabd1149f5b2942b3c67127ec2bec11c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c0a068649dc701fb217ce817ad86be47eabd1149f5b2942b3c67127ec2bec11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2929e4e59f68b204b38458a06237c859d186b87296aa96335961e1ee8d65ef4c", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2929e4e59f68b204b38458a06237c859d186b87296aa96335961e1ee8d65ef4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "248785faac93d02d368a00f539a44cb8a698995a78095fc0f3d3d4c7cf1d310f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|248785faac93d02d368a00f539a44cb8a698995a78095fc0f3d3d4c7cf1d310f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c047058d53d4404fcf7d18c244e88a8fe3a9b1871a498904ed3694f4bd0e829d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|c047058d53d4404fcf7d18c244e88a8fe3a9b1871a498904ed3694f4bd0e829d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bdde68a060e6f70a7ccff2adf83914380697337078b5bed2f26e188765e78ba", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|2bdde68a060e6f70a7ccff2adf83914380697337078b5bed2f26e188765e78ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eb39d6fdbd45053b9e8cd28cab8c6fe9ae61485b6cc65eb4f6f71f6902cecbe7", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|eb39d6fdbd45053b9e8cd28cab8c6fe9ae61485b6cc65eb4f6f71f6902cecbe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b41ba72def340b7c7eb523f3067d4774a80eebc69f574efa86bd3cfe2bc6e19", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|6b41ba72def340b7c7eb523f3067d4774a80eebc69f574efa86bd3cfe2bc6e19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d18d45fd61725ebec363194e7060146b6de5b70427d4d77139ec536a1e211e24", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d18d45fd61725ebec363194e7060146b6de5b70427d4d77139ec536a1e211e24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65a44be85faddef17fe0cb69c698a9b7c8b11ce64c2f665a683995140338824d", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|65a44be85faddef17fe0cb69c698a9b7c8b11ce64c2f665a683995140338824d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f6370bab10a164fcaa7cb86a5c7fa53b6a09c60e8bf7c669aab373e305ef8cc", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|4f6370bab10a164fcaa7cb86a5c7fa53b6a09c60e8bf7c669aab373e305ef8cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0fed4eb3bf63fcd58d3b33d8260cc6b9a7538549c954eb29d6a7f17d7ea21655", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fix", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|0fed4eb3bf63fcd58d3b33d8260cc6b9a7538549c954eb29d6a7f17d7ea21655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 124369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35eba3c03b61d7740d2e8ccfaaad506e99e75c9f2c23abb014aa57991219b5a9", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "fixed", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|35eba3c03b61d7740d2e8ccfaaad506e99e75c9f2c23abb014aa57991219b5a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/celt/static_modes_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 124340, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 124329, "scanner": "repobility-threat-engine", "fingerprint": "0dfb5eb4da83319914dd156042f228d4afcc21702925bc8ab0ec3b6ede274d28", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0dfb5eb4da83319914dd156042f228d4afcc21702925bc8ab0ec3b6ede274d28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/iLogger/mysettings.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 124327, "scanner": "repobility-threat-engine", "fingerprint": "78d9f7f36e974a62e4df346b49b883397a57b2194dcc7a6ef5a14770345c9af4", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def make_key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|34|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/legacy_protocol.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 124320, "scanner": "repobility-threat-engine", "fingerprint": "1a13a56f08a5671a5444bf9550fd5c0a1302e2016a2f19d5979f18b14ac7e6b8", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.popen(", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|33|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/Linux.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 124319, "scanner": "repobility-threat-engine", "fingerprint": "80ac1976d7737dd3aa3112ff0c0fb44cd422d4eb7a9e487ca5a02fa427a3eacf", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.popen(", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|26|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/Android.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65a1bbbf1180029794992a2fac8a09881ba1182fc1446b2e0e6b2266a37f009f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dated/version1/Demo1_Alert_868/WiFiHelper.cpp", "duplicate_line": 1, "correlation_key": "fp|65a1bbbf1180029794992a2fac8a09881ba1182fc1446b2e0e6b2266a37f009f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo2_RX_868/WiFiHelper.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5207dc1d289b368b134310708b1eff031334dacaf88cd5dbf9fba660ae437bc3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dated/version1/Demo1_Alert_868/WebHelper.cpp", "duplicate_line": 1, "correlation_key": "fp|5207dc1d289b368b134310708b1eff031334dacaf88cd5dbf9fba660ae437bc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo2_RX_868/WebHelper.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d7c6e0bbe10cb9ce9e446110761e4d95b908253e4404eaabb69a6f8224fa41b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dated/version1/Demo1_Alert_868/TimeHelper.cpp", "duplicate_line": 1, "correlation_key": "fp|6d7c6e0bbe10cb9ce9e446110761e4d95b908253e4404eaabb69a6f8224fa41b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo2_RX_868/TimeHelper.cpp"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "efb549bf6bd71d6b96bb60ffa6a03619800dc701f8f1de459dfb8cf3363461f4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dated/version1/Demo1_Alert_868/Demo1_Alert_868.h", "duplicate_line": 1, "correlation_key": "fp|efb549bf6bd71d6b96bb60ffa6a03619800dc701f8f1de459dfb8cf3363461f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo2_RX_868/Demo2_RX_868.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6220cbc413e952945a457da45b5362158bb4fd564d35e1235a5a06f95a292339", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|6220cbc413e952945a457da45b5362158bb4fd564d35e1235a5a06f95a292339"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a9a5e45dc2d0c6b9527b64e22524ecd70365999d46292338793e33395829327", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|2a9a5e45dc2d0c6b9527b64e22524ecd70365999d46292338793e33395829327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33152b998785b9453e0c139cb5a4b34e887f49955be9509b2d8e2d00946c2ccb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|33152b998785b9453e0c139cb5a4b34e887f49955be9509b2d8e2d00946c2ccb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/structs_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f711e02e7a51c795cc0ded5d3535ea3e81a9fa206cd75910f3bdd390a7b8edf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|7f711e02e7a51c795cc0ded5d3535ea3e81a9fa206cd75910f3bdd390a7b8edf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de791e301ce640441f9c53fd6ad5d953641efd25db815ca0f0fafdc7600b7637", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|de791e301ce640441f9c53fd6ad5d953641efd25db815ca0f0fafdc7600b7637"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7327e3cf0ed9fc88c5800bb3d0c371f0ebcffe8400ad3cdfa8d4fc491196cfc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|e7327e3cf0ed9fc88c5800bb3d0c371f0ebcffe8400ad3cdfa8d4fc491196cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f8db2c84ae0e177c91bdef77390cd12cbc59318a1b810077c15cb627914ef9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|8f8db2c84ae0e177c91bdef77390cd12cbc59318a1b810077c15cb627914ef9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bce51bf44a19950b9a4f076032c62e7ce7a64e27cb0915fd25c9afe280f8feae", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|bce51bf44a19950b9a4f076032c62e7ce7a64e27cb0915fd25c9afe280f8feae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "194ccb3314b968c8796510636d14d60d92cdc4405904215bafa4186a1ea65b14", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|194ccb3314b968c8796510636d14d60d92cdc4405904215bafa4186a1ea65b14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2106aaf9ef96238c1d3ab520cee0dc73a1ba3d6d260464663aefba95d762fcdd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|2106aaf9ef96238c1d3ab520cee0dc73a1ba3d6d260464663aefba95d762fcdd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "121f6cbaefa711dbf1b21b1e47792fd018ec650accea2188182fe3229916bde0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|121f6cbaefa711dbf1b21b1e47792fd018ec650accea2188182fe3229916bde0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bebe3707eb1ba5232f0d89145176c08a2a16e4e0d04e35632d95d2bdc91b45f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|bebe3707eb1ba5232f0d89145176c08a2a16e4e0d04e35632d95d2bdc91b45f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/main_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba8464e1b68c02d8f391ff4c4ed4f1e0fa95558264acadff6603b82e4ec06ef1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|ba8464e1b68c02d8f391ff4c4ed4f1e0fa95558264acadff6603b82e4ec06ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f243da2ba1e712d4f02d0c0692c2a45c7c998c9f7b0cb624e3f0b8e6eed4e225", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|f243da2ba1e712d4f02d0c0692c2a45c7c998c9f7b0cb624e3f0b8e6eed4e225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fbc9ca8d43f75db92c756191d0316101821f058fb90b6322f362a0fa3cad705", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|7fbc9ca8d43f75db92c756191d0316101821f058fb90b6322f362a0fa3cad705"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "97ae030081049bc230ac6796d5b164b08e5d02f675c5eb1c83398a5021dc5dc8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|97ae030081049bc230ac6796d5b164b08e5d02f675c5eb1c83398a5021dc5dc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f289cc0865c69aa650dcf2d09c31f6b50e6b9a3f67224c3dfe5c8de252126099", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|f289cc0865c69aa650dcf2d09c31f6b50e6b9a3f67224c3dfe5c8de252126099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2d87a3ced49f2a5baed673f788c85ee973396cd66c1366b064098b814fe06f1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|b2d87a3ced49f2a5baed673f788c85ee973396cd66c1366b064098b814fe06f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df807ceb8ad63541f06d925782792c47d308320cd34823c65e9ba526e213e486", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|df807ceb8ad63541f06d925782792c47d308320cd34823c65e9ba526e213e486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124401, "scanner": "repobility-ai-code-hygiene", "fingerprint": "69ce191048c32c39bfef683cd525b012d49e0b5a26d5f2aa893bb5740432bb6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|69ce191048c32c39bfef683cd525b012d49e0b5a26d5f2aa893bb5740432bb6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a7e7dc22fadf71695456caf715584cc81bcfb4ad1aae0dd7a351874b1e143ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|6a7e7dc22fadf71695456caf715584cc81bcfb4ad1aae0dd7a351874b1e143ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ec20303c9da7cb9204370387e2baef54ea890ec0c42522db55ac326d827bdc00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|ec20303c9da7cb9204370387e2baef54ea890ec0c42522db55ac326d827bdc00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "84e1c1a35454f81064e3aefa9b670568e0bbe86f6e970e4d21d2ebac0724e445", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|84e1c1a35454f81064e3aefa9b670568e0bbe86f6e970e4d21d2ebac0724e445"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a8608503138c43829f245a3663e1c344e50a1dbbabccaf5a893f98f31ed669a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|4a8608503138c43829f245a3663e1c344e50a1dbbabccaf5a893f98f31ed669a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7fcf764e71c6f196c51e658655c5d51131b3f8521ea91a2983f96fb1cb7319c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|a7fcf764e71c6f196c51e658655c5d51131b3f8521ea91a2983f96fb1cb7319c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 124395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d68dd9b43c98a4d73aa5ed1694858a54830ebeb2b5e95807c6930160c91a7fbd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h", "duplicate_line": 1, "correlation_key": "fp|d68dd9b43c98a4d73aa5ed1694858a54830ebeb2b5e95807c6930160c91a7fbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/biquad_alt.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1257958a95a5999d009fa5d730959bc26ea02fdc0c3c8adb0ce671fef23bed29", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|1257958a95a5999d009fa5d730959bc26ea02fdc0c3c8adb0ce671fef23bed29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75af65d48bdf231e7c6412ffe361cacb8df927efd0bb4e62e1f909a5ee2d62a4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|75af65d48bdf231e7c6412ffe361cacb8df927efd0bb4e62e1f909a5ee2d62a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51531f4cf60d4d6fb4ec55121bbd9c989ac3c88a0e142ca11aa1b4e215c1a60f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|51531f4cf60d4d6fb4ec55121bbd9c989ac3c88a0e142ca11aa1b4e215c1a60f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/structs_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124365, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e4083ba61978651eab7805c9fb98184ea4c96459338c0e90d0a304f2ae97dc58", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|e4083ba61978651eab7805c9fb98184ea4c96459338c0e90d0a304f2ae97dc58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124364, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d587e9cf7c90f99741c76ab9cb46498e9ddd2f6209caac4898b98f135557a4af", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d587e9cf7c90f99741c76ab9cb46498e9ddd2f6209caac4898b98f135557a4af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c088d6c29ed8cfc240610af835d1749a0d69f8d31a79c6d3ad4142f3f2ce1c8", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8c088d6c29ed8cfc240610af835d1749a0d69f8d31a79c6d3ad4142f3f2ce1c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4220c3e838cdbb083cd2e959810d86ea6b44531746a2982c7aaef85f13609c0f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4220c3e838cdbb083cd2e959810d86ea6b44531746a2982c7aaef85f13609c0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124361, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd3357bcb232807c163f4b8100441b8972061e2220f1ee1ecf367a46baa10651", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cd3357bcb232807c163f4b8100441b8972061e2220f1ee1ecf367a46baa10651"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ec4d15114aa3caa9936508e849cf9c9a5e9ead4b08e7916adfbd75e2a5f6345", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2ec4d15114aa3caa9936508e849cf9c9a5e9ead4b08e7916adfbd75e2a5f6345"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d37f55bfbb8138a7a05d60a4a94943d280e0333d4f39b443eb1f10d729098e0c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d37f55bfbb8138a7a05d60a4a94943d280e0333d4f39b443eb1f10d729098e0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bd25a2b5938085acf1b18618c5ddeb5e8df19e29c31c4bfb83edeaba251ebf0", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2bd25a2b5938085acf1b18618c5ddeb5e8df19e29c31c4bfb83edeaba251ebf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124357, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04a9bb706d7225f4b3be368d39921d70b71384ddc28651bf5232dd9547550e62", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|04a9bb706d7225f4b3be368d39921d70b71384ddc28651bf5232dd9547550e62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/main_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124356, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62e821f3744a6bccd432c47e418997eb6af809bcf54234680864a99ad49f9776", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|62e821f3744a6bccd432c47e418997eb6af809bcf54234680864a99ad49f9776"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124355, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6aba47f9eb19f1bbebbcc5eda62ab13a46768b0ac74f8aa2c8faa3e1b8de20c", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d6aba47f9eb19f1bbebbcc5eda62ab13a46768b0ac74f8aa2c8faa3e1b8de20c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124354, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f690be1b7976436064b46c25acfc0ee44fe20d5dd8b7babf0be1aafe1b6a942", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4f690be1b7976436064b46c25acfc0ee44fe20d5dd8b7babf0be1aafe1b6a942"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124353, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d318727b511ffb837a5ab0db7332a263e90e885f11774fc24e79c61e791b0f00", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d318727b511ffb837a5ab0db7332a263e90e885f11774fc24e79c61e791b0f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124352, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91ef0f8017767df9302832df8ace5e81e7cf1f2dfdd33191d88046781b047db2", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|91ef0f8017767df9302832df8ace5e81e7cf1f2dfdd33191d88046781b047db2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124351, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9db697aecd7aff5d954380435c6c4a7b61749c6166146c963ed45205e74b3dcd", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9db697aecd7aff5d954380435c6c4a7b61749c6166146c963ed45205e74b3dcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124350, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79b5ebd0bca21dc2b58129800775a108a785d07563abe496cd04dfbe2a5aa58a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|79b5ebd0bca21dc2b58129800775a108a785d07563abe496cd04dfbe2a5aa58a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124349, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ead2c97848c75f2226f4f62a9e0024fee3cf6c79ea0d4b00ff074d05b06ee109", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ead2c97848c75f2226f4f62a9e0024fee3cf6c79ea0d4b00ff074d05b06ee109"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124348, "scanner": "repobility-ai-code-hygiene", "fingerprint": "322ff8da3a5ac76e20eb9533f9db1a71fb08ccfe503151c7dc83e3b452dadd2f", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|322ff8da3a5ac76e20eb9533f9db1a71fb08ccfe503151c7dc83e3b452dadd2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124347, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6bb603789963f06e267296f2ff5b5d9123c02447b3cf262b895a43d3237ab83", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a6bb603789963f06e267296f2ff5b5d9123c02447b3cf262b895a43d3237ab83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124346, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5cec9c8176f82f56709accd84b985d6d7e0113833e3694ab4c65ef981b9258cb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|5cec9c8176f82f56709accd84b985d6d7e0113833e3694ab4c65ef981b9258cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124345, "scanner": "repobility-ai-code-hygiene", "fingerprint": "47ada34d95d07fa342585e440defcbe2d854f8cef8930be1df271828da937180", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|47ada34d95d07fa342585e440defcbe2d854f8cef8930be1df271828da937180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124344, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb07597d55d4d2c776fceb81984a602f43c9bad50bfb45d72e2bcb7855540c97", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|cb07597d55d4d2c776fceb81984a602f43c9bad50bfb45d72e2bcb7855540c97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124343, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f6eee3d106ad3f070e96fc843f6c020d4f0d3c5fe56369df0fb5577aa87113db", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fix", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|f6eee3d106ad3f070e96fc843f6c020d4f0d3c5fe56369df0fb5577aa87113db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/SigProc_FIX.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124342, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4dc2ec2756e1b7c3409c475b5ae37aa818068528d63d63748daf5ea8b417c495", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "alt", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4dc2ec2756e1b7c3409c475b5ae37aa818068528d63d63748daf5ea8b417c495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/biquad_alt.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 124341, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2a89a98949b1dd6272ccf52c0984367ed7f56b0f1c0eed07c46d1b92b4e85d4a", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "fixed", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|2a89a98949b1dd6272ccf52c0984367ed7f56b0f1c0eed07c46d1b92b4e85d4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/celt/static_modes_fixed.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 124339, "scanner": "repobility-threat-engine", "fingerprint": "447404b27cd59726cf6cad7e6646c33cd66ad9b36c4e9607d8eb7f6daa106566", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"static const uint16_t palette[\" + str(colorsUsed[0]) + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|447404b27cd59726cf6cad7e6646c33cd66ad9b36c4e9607d8eb7f6daa106566"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/TFT_eSPI/Tools/bmp2array4bit/bmp2array4bit.py"}, "region": {"startLine": 185}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `raw_xxtea` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, if=1, nested_bonus=6, while=4."}, "properties": {"repobilityId": 124325, "scanner": "repobility-threat-engine", "fingerprint": "8a279f6dbe62e19ec0cdf4a8e6b14d91d7ebad5d276dc5ea156b9d88a03e5f6c", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "raw_xxtea", "breakdown": {"if": 1, "elif": 1, "while": 4, "nested_bonus": 6}, "complexity": 12, "correlation_key": "fp|8a279f6dbe62e19ec0cdf4a8e6b14d91d7ebad5d276dc5ea156b9d88a03e5f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/legacy_protocol.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `export_nmea` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=1, else=1, if=4, nested_bonus=4."}, "properties": {"repobilityId": 124324, "scanner": "repobility-threat-engine", "fingerprint": "0063cd5578295f5298077e40def72e5929b9b83f5975424a0230916627e3f006", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "export_nmea", "breakdown": {"if": 4, "elif": 1, "else": 1, "nested_bonus": 4}, "complexity": 10, "correlation_key": "fp|0063cd5578295f5298077e40def72e5929b9b83f5975424a0230916627e3f006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/NMEA.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_msgType10and20` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=4, else=1, if=5, nested_bonus=1."}, "properties": {"repobilityId": 124323, "scanner": "repobility-threat-engine", "fingerprint": "b4cc21b49ab2244017f1d2233ea0551478e826a015716b529e6f1a29a973e90d", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_msgType10and20", "breakdown": {"if": 5, "elif": 4, "else": 1, "nested_bonus": 1}, "complexity": 11, "correlation_key": "fp|b4cc21b49ab2244017f1d2233ea0551478e826a015716b529e6f1a29a973e90d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/GDL90.py"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 124338, "scanner": "repobility-threat-engine", "fingerprint": "271766594ab2e1b37a4913a8c670463e8c5ba9afffd1d957d1159d0eb9105116", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|271766594ab2e1b37a4913a8c670463e8c5ba9afffd1d957d1159d0eb9105116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SimpleNetwork/src/TCPServer.h"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED080", "level": "none", "message": {"text": "[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace."}, "properties": {"repobilityId": 124337, "scanner": "repobility-threat-engine", "fingerprint": "504e84184229125da6ec87ab941c3a933f38da1ea12bfba77e96c8787faf3b59", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-using-namespace-std", "owasp": null, "cwe_ids": [], "languages": ["cpp", "h", "hpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348123+00:00", "triaged_in_corpus": 12, "observations_count": 3566, "ai_coder_pattern_id": 133}, "scanner": "repobility-threat-engine", "correlation_key": "fp|504e84184229125da6ec87ab941c3a933f38da1ea12bfba77e96c8787faf3b59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SimpleNetwork/src/TCPClient.h"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 124336, "scanner": "repobility-threat-engine", "fingerprint": "4175d0092a04f1943777715b8c316fdf3536af8fb8f8782e8ae147326ce02f2f", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(\"WARNING: NO tools/config.json OR tools/config.ini FOUND, USING DEFAULT VALUES\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|3|print warning: no tools/config.json or tools/config.ini found using default values"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SensorLib/tools/generate_tasks.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 124335, "scanner": "repobility-threat-engine", "fingerprint": "34f1aa9eb4dd3f3166381343c2d7e4d3c95b6b4838ff41ab986b260d7d4e072a", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "password = \"<redacted>\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|7|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/OpenDroneID/src/id_open_esp32.cpp"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 124334, "scanner": "repobility-threat-engine", "fingerprint": "4119d4e7b380a7aedd45d4de90d348d5ccf960774def97137c42c34602d8ace6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4119d4e7b380a7aedd45d4de90d348d5ccf960774def97137c42c34602d8ace6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ArduinoJson/scripts/travis/platformio.sh"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 124333, "scanner": "repobility-threat-engine", "fingerprint": "f6a5cdc84fa92ade1097dce782770828ec652a2cda82b5c18c3e6bb5cbad2fab", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6a5cdc84fa92ade1097dce782770828ec652a2cda82b5c18c3e6bb5cbad2fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ArduinoJson/scripts/travis/coverage.sh"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 124332, "scanner": "repobility-threat-engine", "fingerprint": "a96213ac85d93a413e824064a1c81707e7d997e45233ae7385f8cd717ac9ff65", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a96213ac85d93a413e824064a1c81707e7d997e45233ae7385f8cd717ac9ff65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libhelix-aac/buffers.c"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 124331, "scanner": "repobility-threat-engine", "fingerprint": "7758f761f9b1e92de62ee009c2d38ace4405b5e7c08d7e698788d8bf3c306e5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7758f761f9b1e92de62ee009c2d38ace4405b5e7c08d7e698788d8bf3c306e5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libflac/share/alloc.h"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 124330, "scanner": "repobility-threat-engine", "fingerprint": "b5677c5431a5eb8429a09faf8967545d7add53ea3e5ca0a5e63a036dca1e46b8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5677c5431a5eb8429a09faf8967545d7add53ea3e5ca0a5e63a036dca1e46b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit-GFX-Library/fontconvert/fontconvert.c"}, "region": {"startLine": 96}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 124326, "scanner": "repobility-threat-engine", "fingerprint": "ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "_msgType10and20", "breakdown": {"if": 5, "elif": 4, "else": 1, "nested_bonus": 1}, "aggregated": true, "complexity": 11, "correlation_key": "fp|ffacc44acd0408185fc3827739658544dd0204c83ccb78694e2ced81539c2c58", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 124322, "scanner": "repobility-threat-engine", "fingerprint": "f6ed0a34f0cbcfe905fc4bcf47ca0611d5fc134959af1d7c405de6c4aa03feda", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6ed0a34f0cbcfe905fc4bcf47ca0611d5fc134959af1d7c405de6c4aa03feda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/GDL90.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 124318, "scanner": "repobility-threat-engine", "fingerprint": "628c2e9397549ed3d7e105e388b55342d2b0138f61d2dcf3929f7fec62e868dd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|628c2e9397549ed3d7e105e388b55342d2b0138f61d2dcf3929f7fec62e868dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/TFT_eSPI/Tools/bmp2array4bit/bmp2array4bit.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 124317, "scanner": "repobility-threat-engine", "fingerprint": "c7f61c1d1f126f483e194cc7746235df1fad941f3e8c62ebf998b01cdcfd1a53", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7f61c1d1f126f483e194cc7746235df1fad941f3e8c62ebf998b01cdcfd1a53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/xcode/Scripts/versiongenerate.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 233 more): Same pattern found in 233 additional files. Review if needed."}, "properties": {"repobilityId": 124313, "scanner": "repobility-threat-engine", "fingerprint": "e09442d7054475b8286dd63276179765e2a55fa94113d67884c1c559f23c07cb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 233 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e09442d7054475b8286dd63276179765e2a55fa94113d67884c1c559f23c07cb", "aggregated_count": 233}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 124312, "scanner": "repobility-threat-engine", "fingerprint": "198bea05b72feef480b0085a5cd8d58ed60b01650675fab3617bd950a92d7618", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|198bea05b72feef480b0085a5cd8d58ed60b01650675fab3617bd950a92d7618"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BMP280_Library/Adafruit_BMP280.cpp"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 124311, "scanner": "repobility-threat-engine", "fingerprint": "73fdc4ba4eda6ee1d91fb078a7b67f1a14bb76d0c8c8abf1ad0d758713505f9f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73fdc4ba4eda6ee1d91fb078a7b67f1a14bb76d0c8c8abf1ad0d758713505f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit-BMP085-Library/Adafruit_BMP085.h"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 124310, "scanner": "repobility-threat-engine", "fingerprint": "2d7ea2a144c0e2f0285649455f3483deafdb0b1f40197bfa69ddf2dd66a1e5d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d7ea2a144c0e2f0285649455f3483deafdb0b1f40197bfa69ddf2dd66a1e5d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit-BMP085-Library/Adafruit_BMP085.cpp"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 124309, "scanner": "repobility-threat-engine", "fingerprint": "31c5784842573c712e038423433459b83b18c444ec62838442110834c9676ef0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|31c5784842573c712e038423433459b83b18c444ec62838442110834c9676ef0", "aggregated_count": 16}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 124308, "scanner": "repobility-threat-engine", "fingerprint": "e7df480ebe42157a52c5b87a394dfef2bee5bb810f07440dea74fd2d4458a72b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e7df480ebe42157a52c5b87a394dfef2bee5bb810f07440dea74fd2d4458a72b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/samples/sample7_unittest.cc"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 124307, "scanner": "repobility-threat-engine", "fingerprint": "f161ff9005eb944812e3d401af8584cbade0012f5a503a1ebdbc671882f10d62", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f161ff9005eb944812e3d401af8584cbade0012f5a503a1ebdbc671882f10d62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/samples/sample6_unittest.cc"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 124306, "scanner": "repobility-threat-engine", "fingerprint": "00ceb63ece8c1444ace1fa2627285db56a2fa48577850f6253cf03be2acb4336", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|00ceb63ece8c1444ace1fa2627285db56a2fa48577850f6253cf03be2acb4336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/samples/sample3-inl.h"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 124305, "scanner": "repobility-threat-engine", "fingerprint": "5bdef02efe39249d010beb8c091d10ecf1957636587e948f2eac3dc59e90bcf8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5bdef02efe39249d010beb8c091d10ecf1957636587e948f2eac3dc59e90bcf8", "aggregated_count": 25}}}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 124301, "scanner": "repobility-threat-engine", "fingerprint": "3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3d94e880c2e8a0bb4b06b2e51a89f1e2b3c179247361f3b31060096e31f982c7", "aggregated_count": 3}}}, {"ruleId": "SEC100", "level": "none", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: * (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 124297, "scanner": "repobility-threat-engine", "fingerprint": "3888f3c97e91453967cfccb92eafef6441d6b43a8e3292bee1c79ed7ba8271b8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3888f3c97e91453967cfccb92eafef6441d6b43a8e3292bee1c79ed7ba8271b8"}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o` is a .o binary (10,680 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124514, "scanner": "repobility-supply-chain", "fingerprint": "6b0059cb39aa38042120cea76e320b27510b5eb7035f611290569dc724d6fa38", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b0059cb39aa38042120cea76e320b27510b5eb7035f611290569dc724d6fa38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/vector_ops_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.o` is a .o binary (20,696 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124513, "scanner": "repobility-supply-chain", "fingerprint": "ce9ba4415614d0d1a46251daa6d3061c0377bbd0d24bc462807ab55246bb859a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce9ba4415614d0d1a46251daa6d3061c0377bbd0d24bc462807ab55246bb859a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_scale_ctrl_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.o` is a .o binary (25,216 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124512, "scanner": "repobility-supply-chain", "fingerprint": "ee97acbee90b020bdab7fed4a2f15e04cafbbf8aac66c2f57d41d2b9dc2dbd5c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee97acbee90b020bdab7fed4a2f15e04cafbbf8aac66c2f57d41d2b9dc2dbd5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LPC_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.o` is a .o binary (15,936 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by bu"}, "properties": {"repobilityId": 124511, "scanner": "repobility-supply-chain", "fingerprint": "0f19b54f26304f227c686f2bdb96f5b9933a6626fb84584f528651b48c4cd39e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0f19b54f26304f227c686f2bdb96f5b9933a6626fb84584f528651b48c4cd39e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/warped_autocorrelation_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.o` is a .o binary (59,144 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build sc"}, "properties": {"repobilityId": 124510, "scanner": "repobility-supply-chain", "fingerprint": "0b09f95655bb42fe305a200076987bc8c02f503b2d6a24688475e9345952cd65", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0b09f95655bb42fe305a200076987bc8c02f503b2d6a24688475e9345952cd65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/pitch_analysis_core_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.o` is a .o binary (28,664 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124509, "scanner": "repobility-supply-chain", "fingerprint": "6e33f239034ac88a5ab3c99b9053243872d798e596ae6cf7227da9ee2bba4fc8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e33f239034ac88a5ab3c99b9053243872d798e596ae6cf7227da9ee2bba4fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/process_gains_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.o` is a .o binary (13,896 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build sc"}, "properties": {"repobilityId": 124508, "scanner": "repobility-supply-chain", "fingerprint": "45929013a42ce663ed00a562f70d287506c4f70e48fca79850b800497c28e4e4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45929013a42ce663ed00a562f70d287506c4f70e48fca79850b800497c28e4e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/LTP_analysis_filter_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.o` is a .o binary (33,464 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124507, "scanner": "repobility-supply-chain", "fingerprint": "3c1aeba967b22052b646d16a0429d6503e37d141628aefb929d47c1430035a84", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3c1aeba967b22052b646d16a0429d6503e37d141628aefb929d47c1430035a84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pred_coefs_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.o` is a .o binary (7,632 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124506, "scanner": "repobility-supply-chain", "fingerprint": "d33e2bda824cc8b173ea12f43fc44337275ffcd8dc039dee3f41d714ffea877b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d33e2bda824cc8b173ea12f43fc44337275ffcd8dc039dee3f41d714ffea877b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.o` is a .o binary (8,024 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124505, "scanner": "repobility-supply-chain", "fingerprint": "cdc84691d457920e36fc7ec7f01954e61641eb16d835dd99ac4a463835a6d6b7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cdc84691d457920e36fc7ec7f01954e61641eb16d835dd99ac4a463835a6d6b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/autocorr_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.o` is a .o binary (51,152 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124504, "scanner": "repobility-supply-chain", "fingerprint": "6ec7bf0dc91688d584b657f4b12908a09d03fb8e0a7b2a6f746e0f14fb40b216", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ec7bf0dc91688d584b657f4b12908a09d03fb8e0a7b2a6f746e0f14fb40b216"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/encode_frame_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.o` is a .o binary (30,744 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124503, "scanner": "repobility-supply-chain", "fingerprint": "c0289982e234a4ec94ba27dd36327f61596ab699d8db1fcdfeaffd081e3cdbdf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c0289982e234a4ec94ba27dd36327f61596ab699d8db1fcdfeaffd081e3cdbdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_pitch_lags_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.o` is a .o binary (30,592 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124502, "scanner": "repobility-supply-chain", "fingerprint": "500df538afd1d02890bfd83af39989d26d15acb72ee44f0c36e522971df3a225", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|500df538afd1d02890bfd83af39989d26d15acb72ee44f0c36e522971df3a225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/burg_modified_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.o` is a .o binary (10,528 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124501, "scanner": "repobility-supply-chain", "fingerprint": "7068bd385115ce11221290cd00ccb572218bd3e71194b1b0dbe8701b49a467fb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7068bd385115ce11221290cd00ccb572218bd3e71194b1b0dbe8701b49a467fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.o` is a .o binary (18,976 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build script"}, "properties": {"repobilityId": 124500, "scanner": "repobility-supply-chain", "fingerprint": "bf8c92e7bd243027a0b1a965d1f450c55a437b934201d950ae5496a025d9949e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bf8c92e7bd243027a0b1a965d1f450c55a437b934201d950ae5496a025d9949e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy16_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.o` is a .o binary (57,392 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build "}, "properties": {"repobilityId": 124499, "scanner": "repobility-supply-chain", "fingerprint": "10769a7eb5f69884c4f7c8228db2c52a1686c4e80e8256fcabce7c8d6e3c9652", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|10769a7eb5f69884c4f7c8228db2c52a1686c4e80e8256fcabce7c8d6e3c9652"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/noise_shape_analysis_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.o` is a .o binary (17,184 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124498, "scanner": "repobility-supply-chain", "fingerprint": "6f65ce38a19ef13f2e910cb9797d62f79b9add2b3a063fa4321d99724fc1b2e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f65ce38a19ef13f2e910cb9797d62f79b9add2b3a063fa4321d99724fc1b2e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/corrMatrix_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.o` is a .o binary (10,688 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build script"}, "properties": {"repobilityId": 124497, "scanner": "repobility-supply-chain", "fingerprint": "f87340e1f470dd3499e7a563d20451c884c259d0d1c7bd1681678eb43f3a1670", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f87340e1f470dd3499e7a563d20451c884c259d0d1c7bd1681678eb43f3a1670"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/apply_sine_window_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.o` is a .o binary (15,008 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124496, "scanner": "repobility-supply-chain", "fingerprint": "81a35195c3aecc0ad3d5c682b83747fcc00999d17dc67893cf646279c5781ca0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|81a35195c3aecc0ad3d5c682b83747fcc00999d17dc67893cf646279c5781ca0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/find_LTP_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.o` is a .o binary (7,592 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124495, "scanner": "repobility-supply-chain", "fingerprint": "49f8e9eb2e97f898735b3a3bb9dfb80291c7be141d9120eb34c4b9344030a211", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49f8e9eb2e97f898735b3a3bb9dfb80291c7be141d9120eb34c4b9344030a211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/k2a_Q16_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.o` is a .o binary (13,272 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124494, "scanner": "repobility-supply-chain", "fingerprint": "49b0f3a66c1c91cac028f407b7a9a311b6437b45ecf408bad939922a966ba131", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49b0f3a66c1c91cac028f407b7a9a311b6437b45ecf408bad939922a966ba131"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/schur64_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.o` is a .o binary (16,904 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124493, "scanner": "repobility-supply-chain", "fingerprint": "8e30cc9fbdc4450cb616ae1bee7b660cdb8402e1d34992643b91a1a53807a60d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e30cc9fbdc4450cb616ae1bee7b660cdb8402e1d34992643b91a1a53807a60d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/residual_energy_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.o` committed in source repo: `software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.o` is a .o binary (11,384 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by "}, "properties": {"repobilityId": 124492, "scanner": "repobility-supply-chain", "fingerprint": "f82ab954ca4327dcb62c66b8e373fa2ac10ef51270a2f0287c53ddb5f52b819e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f82ab954ca4327dcb62c66b8e373fa2ac10ef51270a2f0287c53ddb5f52b819e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libopus/silk/fixed/regularize_correlations_FIX.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `software/firmware/binaries/ESP32/misc/libbt.a` committed in source repo: `software/firmware/binaries/ESP32/misc/libbt.a` is a .a binary (10,051,914 bytes) committed to a repo that otherwise has 3633 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 124491, "scanner": "repobility-supply-chain", "fingerprint": "4b7a1e073338c554932fc3e7844d10ae71d680e369a80fe72889694f76377206", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4b7a1e073338c554932fc3e7844d10ae71d680e369a80fe72889694f76377206"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/binaries/ESP32/misc/libbt.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `arduino/actions/libraries/spell-check` pinned to mutable ref `@master`: `uses: arduino/actions/libraries/spell-check@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124490, "scanner": "repobility-supply-chain", "fingerprint": "965876d0cfe855f671f45b910d29f6ed34046852f179e0a7faf6e73dd92af0d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|965876d0cfe855f671f45b910d29f6ed34046852f179e0a7faf6e73dd92af0d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/STM32RTC/.github/workflows/Continuous-Integration.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@main`: `uses: actions/checkout@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124489, "scanner": "repobility-supply-chain", "fingerprint": "27083b2a23dc94f8f352835553ece60f4455f62860a4b8c79f91c94d602b3470", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|27083b2a23dc94f8f352835553ece60f4455f62860a4b8c79f91c94d602b3470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/STM32RTC/.github/workflows/Continuous-Integration.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `stm32duino/actions/astyle-check` pinned to mutable ref `@main`: `uses: stm32duino/actions/astyle-check@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124488, "scanner": "repobility-supply-chain", "fingerprint": "6cea8fb95745ce051fa68a6c69577c36f6c7dd3490280b26c5469d922f0e15ca", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cea8fb95745ce051fa68a6c69577c36f6c7dd3490280b26c5469d922f0e15ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/STM32RTC/.github/workflows/Continuous-Integration.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@main`: `uses: actions/checkout@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124487, "scanner": "repobility-supply-chain", "fingerprint": "66864fa6dadf0ac4dec4860166a8ec280bb9f20110b8eec4dbc93d7c998359e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66864fa6dadf0ac4dec4860166a8ec280bb9f20110b8eec4dbc93d7c998359e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/STM32RTC/.github/workflows/Continuous-Integration.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124486, "scanner": "repobility-supply-chain", "fingerprint": "112301c36bcafdf2e000d3a7d068d70c2d653642f9a2c20440d8e357c5d55b79", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|112301c36bcafdf2e000d3a7d068d70c2d653642f9a2c20440d8e357c5d55b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BusIO/.github/workflows/githubci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124485, "scanner": "repobility-supply-chain", "fingerprint": "d588e6bb16ad32ac2ce98503598b55c82975131c7d80200eff7928c14fdf6eb7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d588e6bb16ad32ac2ce98503598b55c82975131c7d80200eff7928c14fdf6eb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BusIO/.github/workflows/githubci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124484, "scanner": "repobility-supply-chain", "fingerprint": "49879d0bab89198a7f8a0aba3e713e1a06ac5e841d074cff3f704d30ffcfcfa4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49879d0bab89198a7f8a0aba3e713e1a06ac5e841d074cff3f704d30ffcfcfa4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BusIO/.github/workflows/githubci.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `arduino/arduino-lint-action` pinned to mutable ref `@v1`: `uses: arduino/arduino-lint-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124483, "scanner": "repobility-supply-chain", "fingerprint": "c498ae69e42ad7922a7c9225debd42ae608ba700cfa277c8e5757e8c809f9f55", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c498ae69e42ad7922a7c9225debd42ae608ba700cfa277c8e5757e8c809f9f55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/uCDB/.github/workflows/arduino-lint.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124482, "scanner": "repobility-supply-chain", "fingerprint": "ee6f682e84aeee912ed8968902f2d1df9e7cdf563f6ef747c16c42627e81bffa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee6f682e84aeee912ed8968902f2d1df9e7cdf563f6ef747c16c42627e81bffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/uCDB/.github/workflows/arduino-lint.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124481, "scanner": "repobility-supply-chain", "fingerprint": "a9322f745c45597e668ade686f0421a1d211f250f10aca3a48a5c5a4dc93b8b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a9322f745c45597e668ade686f0421a1d211f250f10aca3a48a5c5a4dc93b8b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BME680/.github/workflows/githubci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124480, "scanner": "repobility-supply-chain", "fingerprint": "721cacbeaf8ce5937a67d4009c0d7f4c67d17ebb913c05a71a5f14567434b378", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|721cacbeaf8ce5937a67d4009c0d7f4c67d17ebb913c05a71a5f14567434b378"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BME680/.github/workflows/githubci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124479, "scanner": "repobility-supply-chain", "fingerprint": "45c9bc70b6ec895175a30f0c5a01fb6742d7c47f56a47bdeb8e1b1b101abf884", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|45c9bc70b6ec895175a30f0c5a01fb6742d7c47f56a47bdeb8e1b1b101abf884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_BME680/.github/workflows/githubci.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124478, "scanner": "repobility-supply-chain", "fingerprint": "8d86438eab7c103505ab99875b343d7ef16a76cb3973cda77c4e5d781e39b5a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d86438eab7c103505ab99875b343d7ef16a76cb3973cda77c4e5d781e39b5a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/.github/workflows/githubci.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124477, "scanner": "repobility-supply-chain", "fingerprint": "44837512398d0bc0b02dca7fcd153a78face14c33f19d27550368261d890aff3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44837512398d0bc0b02dca7fcd153a78face14c33f19d27550368261d890aff3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/.github/workflows/githubci.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v3`: `uses: actions/setup-python@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124476, "scanner": "repobility-supply-chain", "fingerprint": "1324ceeba5720f97d8a200d7d1edc53e1109de59cf8d95d05e5e0ca5d692cd22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1324ceeba5720f97d8a200d7d1edc53e1109de59cf8d95d05e5e0ca5d692cd22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/.github/workflows/githubci.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124475, "scanner": "repobility-supply-chain", "fingerprint": "8e072bafd8da2a81ad3f7d1d15589689e62e8113620ea9e5fc70a8cc69c4a40d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8e072bafd8da2a81ad3f7d1d15589689e62e8113620ea9e5fc70a8cc69c4a40d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_INA219/.github/workflows/githubci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124474, "scanner": "repobility-supply-chain", "fingerprint": "f08f7617dd175063f396778ad6831bb83c9c1e75bca4d83f320c4372ea1fd872", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f08f7617dd175063f396778ad6831bb83c9c1e75bca4d83f320c4372ea1fd872"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_INA219/.github/workflows/githubci.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124473, "scanner": "repobility-supply-chain", "fingerprint": "6bd374fb03d600dbe642473c757fd09a9fc9be97c4f7996b224c11c7cb3d938a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6bd374fb03d600dbe642473c757fd09a9fc9be97c4f7996b224c11c7cb3d938a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/Adafruit_INA219/.github/workflows/githubci.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `codespell-project/actions-codespell` pinned to mutable ref `@master`: `uses: codespell-project/actions-codespell@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124472, "scanner": "repobility-supply-chain", "fingerprint": "bedaee966224cba94cbbd2995acb6c9b3051a809fc94b62f81d1d12ef09beabf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bedaee966224cba94cbbd2995acb6c9b3051a809fc94b62f81d1d12ef09beabf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/spell-check.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124471, "scanner": "repobility-supply-chain", "fingerprint": "43c5f70b2019cd848c51bfc901c80d0ab4739d21deb4089041cd792c72b49286", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|43c5f70b2019cd848c51bfc901c80d0ab4739d21deb4089041cd792c72b49286"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/spell-check.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `arduino/report-size-deltas` pinned to mutable ref `@v1`: `uses: arduino/report-size-deltas@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124470, "scanner": "repobility-supply-chain", "fingerprint": "f1a0e7602004e8f2cee7526a3c5f837f7ca7803aa9f1f627979d89f209f6e0f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f1a0e7602004e8f2cee7526a3c5f837f7ca7803aa9f1f627979d89f209f6e0f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/report-size-deltas.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v3`: `uses: actions/setup-node@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124469, "scanner": "repobility-supply-chain", "fingerprint": "32c7b08a8898e2c0321567a6e701db19210af5d1ba4690b3c39ba2e761e4dd00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|32c7b08a8898e2c0321567a6e701db19210af5d1ba4690b3c39ba2e761e4dd00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/auto-github-actions.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124468, "scanner": "repobility-supply-chain", "fingerprint": "2a0e95370331ed607ee63cc14d22ab3d4d0d88f4686c962b33e8c7a873cd3a8d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a0e95370331ed607ee63cc14d22ab3d4d0d88f4686c962b33e8c7a873cd3a8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/auto-github-actions.yml"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `arduino/arduino-lint-action` pinned to mutable ref `@v1`: `uses: arduino/arduino-lint-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124467, "scanner": "repobility-supply-chain", "fingerprint": "6d5caa8c0c6a3ff3885b476cbe476eecc4f59ba5dd7d110ac213ef3e8b0856c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6d5caa8c0c6a3ff3885b476cbe476eecc4f59ba5dd7d110ac213ef3e8b0856c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/check-arduino.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3`: `uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 124466, "scanner": "repobility-supply-chain", "fingerprint": "31a6fea2d488cd37e50400caf1923e61da6d453436bc068770f3eb05cb68babd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|31a6fea2d488cd37e50400caf1923e61da6d453436bc068770f3eb05cb68babd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/WiFiWebServer/.github/workflows/check-arduino.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_` used but never assigned in __init__: Method `_GetChildren` of class `GTestXMLTestCase` reads `self.assert_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124455, "scanner": "repobility-ast-engine", "fingerprint": "4ceb9f173dd48782fd5ec2c241ee0c233b69d9c88384a130f474360bbdecb663", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ceb9f173dd48782fd5ec2c241ee0c233b69d9c88384a130f474360bbdecb663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_` used but never assigned in __init__: Method `_GetChildren` of class `GTestXMLTestCase` reads `self.assert_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124454, "scanner": "repobility-ast-engine", "fingerprint": "46a0fd0f83804177bb6007e01f1e36c4f001145c6d97435f6913c8964019ffba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46a0fd0f83804177bb6007e01f1e36c4f001145c6d97435f6913c8964019ffba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.AssertEquivalentNodes` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.AssertEquivalentNodes`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124453, "scanner": "repobility-ast-engine", "fingerprint": "0e308e8d4bb0030e5fc3063877a93b9a46b834e2fa693f4cb5d168110e6a4af6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0e308e8d4bb0030e5fc3063877a93b9a46b834e2fa693f4cb5d168110e6a4af6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assert_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124452, "scanner": "repobility-ast-engine", "fingerprint": "75fcb645b5817430b5c8b4c0982e695fbd208ba14a0d110cb0bd468d63e0552c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|75fcb645b5817430b5c8b4c0982e695fbd208ba14a0d110cb0bd468d63e0552c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124451, "scanner": "repobility-ast-engine", "fingerprint": "e564f1d500d627fc420008a7e4dfac0952e9f29005fe5d94bb912a47f4bdd744", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e564f1d500d627fc420008a7e4dfac0952e9f29005fe5d94bb912a47f4bdd744"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assert_` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assert_`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124450, "scanner": "repobility-ast-engine", "fingerprint": "e95ed31e9736a85629e19f811e0221a137a8925082350be52b10c41d544b33ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e95ed31e9736a85629e19f811e0221a137a8925082350be52b10c41d544b33ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124449, "scanner": "repobility-ast-engine", "fingerprint": "d6ac719b46aafac051109c6ded1bdecbed902f89766aca197980c63676e88642", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6ac719b46aafac051109c6ded1bdecbed902f89766aca197980c63676e88642"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124448, "scanner": "repobility-ast-engine", "fingerprint": "f32b66b7e59d6bae25d465d20cfc0fc66203d10e756283cb1777bee1326d4391", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f32b66b7e59d6bae25d465d20cfc0fc66203d10e756283cb1777bee1326d4391"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124447, "scanner": "repobility-ast-engine", "fingerprint": "271767f65b5ec226666ad6467239d4a71dea53c259beaf5c08211fecb1d2f444", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|271767f65b5ec226666ad6467239d4a71dea53c259beaf5c08211fecb1d2f444"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._GetChildren` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self._GetChildren`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124446, "scanner": "repobility-ast-engine", "fingerprint": "fc183771b4df978c7fc0b75ccf65131837fdcc2a307ff4cb7b533ca6b264aa62", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc183771b4df978c7fc0b75ccf65131837fdcc2a307ff4cb7b533ca6b264aa62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._GetChildren` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self._GetChildren`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124445, "scanner": "repobility-ast-engine", "fingerprint": "8cc9a6587945caa6d142a5a3e1078b3e6967c5fd9c0f84b062410c353d1cb71f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8cc9a6587945caa6d142a5a3e1078b3e6967c5fd9c0f84b062410c353d1cb71f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124444, "scanner": "repobility-ast-engine", "fingerprint": "a33d0f52a82ce0dfe143ca4d8a31283bbc39259eacd98b1b4784ebeecd85eb67", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a33d0f52a82ce0dfe143ca4d8a31283bbc39259eacd98b1b4784ebeecd85eb67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124443, "scanner": "repobility-ast-engine", "fingerprint": "aba03b1aa578c19e24f3faa34f83bda4243e3d440192e8030f5181b12a85fdcf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aba03b1aa578c19e24f3faa34f83bda4243e3d440192e8030f5181b12a85fdcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124442, "scanner": "repobility-ast-engine", "fingerprint": "c7ad3627931a31c26fddaa39c471b30fcf1724dc4f49ece07ec135e85299300a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7ad3627931a31c26fddaa39c471b30fcf1724dc4f49ece07ec135e85299300a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEquals` used but never assigned in __init__: Method `AssertEquivalentNodes` of class `GTestXMLTestCase` reads `self.assertEquals`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124441, "scanner": "repobility-ast-engine", "fingerprint": "af28d074842a94e594b7a9fa28b011d325b0a34ff20dc63f40bb673934b9f673", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af28d074842a94e594b7a9fa28b011d325b0a34ff20dc63f40bb673934b9f673"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.RemoveUnsupportedTests` used but never assigned in __init__: Method `testOutput` of class `GTestOutputTest` reads `self.RemoveUnsupportedTests`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124439, "scanner": "repobility-ast-engine", "fingerprint": "287a16442f309ecb7de6c3fd3668078467f789ea6fe63b4b59fc27f7e6d926f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|287a16442f309ecb7de6c3fd3668078467f789ea6fe63b4b59fc27f7e6d926f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_output_test.py"}, "region": {"startLine": 302}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testOutput` of class `GTestOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124438, "scanner": "repobility-ast-engine", "fingerprint": "040b02f7616315e017b0716a4e67684e88b754b0cc7b866e5d1293824455471c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|040b02f7616315e017b0716a4e67684e88b754b0cc7b866e5d1293824455471c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_output_test.py"}, "region": {"startLine": 315}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.assertEqual` used but never assigned in __init__: Method `testOutput` of class `GTestOutputTest` reads `self.assertEqual`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124437, "scanner": "repobility-ast-engine", "fingerprint": "9fddfe2d136c3a928d0ba363910a418910b1ead2425d750770fe0356da3b63a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9fddfe2d136c3a928d0ba363910a418910b1ead2425d750770fe0356da3b63a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_output_test.py"}, "region": {"startLine": 297}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.Extension` used but never assigned in __init__: Method `IsSource` of class `FileInfo` reads `self.Extension`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124433, "scanner": "repobility-ast-engine", "fingerprint": "b4233d544221053753f1f51aa37290e36fb2423cd9aae662c8b6a9b331040a07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4233d544221053753f1f51aa37290e36fb2423cd9aae662c8b6a9b331040a07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 781}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.Split` used but never assigned in __init__: Method `NoExtension` of class `FileInfo` reads `self.Split`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124432, "scanner": "repobility-ast-engine", "fingerprint": "371a7ee0e1c4e06412716089ae323e04903eadc706c8fa3248414633c803f05f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|371a7ee0e1c4e06412716089ae323e04903eadc706c8fa3248414633c803f05f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 777}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.Split` used but never assigned in __init__: Method `Extension` of class `FileInfo` reads `self.Split`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124431, "scanner": "repobility-ast-engine", "fingerprint": "9a901feadf75c77e3cee818bf24f1c36526c3f784da7e83b4de3acc8794756cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a901feadf75c77e3cee818bf24f1c36526c3f784da7e83b4de3acc8794756cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 773}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.Split` used but never assigned in __init__: Method `BaseName` of class `FileInfo` reads `self.Split`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124430, "scanner": "repobility-ast-engine", "fingerprint": "ebe0d1b41f13fd551de441b30f294c2f3ca7a4f4ea8437ecf9cebbc09133d8dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebe0d1b41f13fd551de441b30f294c2f3ca7a4f4ea8437ecf9cebbc09133d8dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 769}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.RepositoryName` used but never assigned in __init__: Method `Split` of class `FileInfo` reads `self.RepositoryName`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124429, "scanner": "repobility-ast-engine", "fingerprint": "0df3d18138be1451fcb2fbc3f5bc55454d26bad6c20c21796f8170f032150493", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0df3d18138be1451fcb2fbc3f5bc55454d26bad6c20c21796f8170f032150493"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 763}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.FullName` used but never assigned in __init__: Method `RepositoryName` of class `FileInfo` reads `self.FullName`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124428, "scanner": "repobility-ast-engine", "fingerprint": "62aa2562eb378b76b1b8a253fdf5953906401cddbff084c17d173911692359fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|62aa2562eb378b76b1b8a253fdf5953906401cddbff084c17d173911692359fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 718}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.CanonicalizeAlphabeticalOrder` used but never assigned in __init__: Method `IsInAlphabeticalOrder` of class `_IncludeState` reads `self.CanonicalizeAlphabeticalOrder`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 124427, "scanner": "repobility-ast-engine", "fingerprint": "db6405131ab61e043279696ac0499f98641437c556d192bcb73d4854488b9de8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db6405131ab61e043279696ac0499f98641437c556d192bcb73d4854488b9de8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 450}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 124328, "scanner": "repobility-threat-engine", "fingerprint": "0d8c8a01e15bdf9961858e79132b841e0a5244564309dff3ab757cd6e7229b6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "controller.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d8c8a01e15bdf9961858e79132b841e0a5244564309dff3ab757cd6e7229b6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/SoftRF/src/driver/radio/nicerf.cpp"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 124321, "scanner": "repobility-threat-engine", "fingerprint": "23ba3afeed2a4ceeba8e3af67a6ac7f85fe9d10d7794ea919984baa5d5559939", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23ba3afeed2a4ceeba8e3af67a6ac7f85fe9d10d7794ea919984baa5d5559939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/Emulator.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 124316, "scanner": "repobility-threat-engine", "fingerprint": "9af47e30d1166613ba6399345b0bbae463488b43d2d3366cfd15e7f972fc19ef", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(args.input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|61|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/TFT_eSPI/Tools/bmp2array4bit/bmp2array4bit.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 124315, "scanner": "repobility-threat-engine", "fingerprint": "c81267b29f669ace407d93e056640afbfa8b2d3c319c9d46a00185c022608bc7", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(input_file_path, \"rb\") as input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|15|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SensorLib/tools/fw2h/fw2h.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 124314, "scanner": "repobility-threat-engine", "fingerprint": "dc8a6f111bd5088fafc77143c195348a7af6904bc68be523c3f1ab80d16412f5", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"%s/configure.ac\" % input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|64|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/xcode/Scripts/versiongenerate.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 124300, "scanner": "repobility-threat-engine", "fingerprint": "2346197a547931f679240ae08b64d8ff3285f5ae89b0d3dd1d69b2a1b702956f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2346197a547931f679240ae08b64d8ff3285f5ae89b0d3dd1d69b2a1b702956f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/ESP8266Audio/src/libflac/protected/stream_decoder.h"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 124299, "scanner": "repobility-threat-engine", "fingerprint": "49a0cc00f6c92902b8ad8247acff9b2d039a2f732a4299512c616e364abf836a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49a0cc00f6c92902b8ad8247acff9b2d039a2f732a4299512c616e364abf836a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/app/Emulator/Android.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 124298, "scanner": "repobility-threat-engine", "fingerprint": "994ae11f3b883d4cf34badfe30c543d6e456ef88a548979b601497bf2aeaf860", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|994ae11f3b883d4cf34badfe30c543d6e456ef88a548979b601497bf2aeaf860"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/scripts/run-tests.sh"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 124296, "scanner": "repobility-threat-engine", "fingerprint": "79241859ec54d65c628be0a29f4b15947d3ba1cfc76967e3b8ad26b334066b7b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\", \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|79241859ec54d65c628be0a29f4b15947d3ba1cfc76967e3b8ad26b334066b7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo3_TX_868/WebHelper.cpp"}, "region": {"startLine": 323}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 124295, "scanner": "repobility-threat-engine", "fingerprint": "a8b5c80484c759c34b939dbd5ec3199ac9f1e6d75cb92481b0bec92467c185be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\", \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a8b5c80484c759c34b939dbd5ec3199ac9f1e6d75cb92481b0bec92467c185be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo2_RX_868/WebHelper.cpp"}, "region": {"startLine": 323}}}]}, {"ruleId": "SEC100", "level": "error", "message": {"text": "[SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` origin) allows any website to make authenticated cross-origin requests. Especially dangerous when combined with `Access-Control-Allow-Credentials: true`."}, "properties": {"repobilityId": 124294, "scanner": "repobility-threat-engine", "fingerprint": "109a242b8acc3c3a2b2819a2e65d851e2a23dac75df9d722fa95d9844ab1c2ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Access-Control-Allow-Origin\", \"*\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC100", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|109a242b8acc3c3a2b2819a2e65d851e2a23dac75df9d722fa95d9844ab1c2ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/Demo1_Alert_868/WebHelper.cpp"}, "region": {"startLine": 323}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `io` used but not imported: The file uses `io.something(...)` but never imports `io`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 124460, "scanner": "repobility-ast-engine", "fingerprint": "8c2c8efc7ef94b727ef7d0727c721dd3304bd65f137c73a420559b7c9b864c60", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c2c8efc7ef94b727ef7d0727c721dd3304bd65f137c73a420559b7c9b864c60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/libraries/SdFat/extras/cpplint.py"}, "region": {"startLine": 5484}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 124458, "scanner": "repobility-ast-engine", "fingerprint": "b2bea298adc54e0934e85c71322a89212bd542f6f771a75c039384202c788af4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b2bea298adc54e0934e85c71322a89212bd542f6f771a75c039384202c788af4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/iLogger/lib/aerofiles/igc/writer.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `time` used but not imported: The file uses `time.something(...)` but never imports `time`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 124440, "scanner": "repobility-ast-engine", "fingerprint": "05562e59ee5ee106a05753b0b3888b924480318bacf8ce47c2c8c9ba7d2f7cde", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|05562e59ee5ee106a05753b0b3888b924480318bacf8ce47c2c8c9ba7d2f7cde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/gtest-1.7.0/test/gtest_xml_test_utils.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `io` used but not imported: The file uses `io.something(...)` but never imports `io`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 124426, "scanner": "repobility-ast-engine", "fingerprint": "fa61b9200fc27a17f4499fca75b9c6b8916582eed0fa42e6a423955dddb3e064", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa61b9200fc27a17f4499fca75b9c6b8916582eed0fa42e6a423955dddb3e064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/third-party/cpplint/cpplint.py"}, "region": {"startLine": 3005}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 124304, "scanner": "repobility-threat-engine", "fingerprint": "595ef46933386312d09473d62114df8adadf9da8a42abb80b5a22e94408e2f11", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|595ef46933386312d09473d62114df8adadf9da8a42abb80b5a22e94408e2f11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "software/firmware/source/SkyView/EEPROMHelper.cpp"}, "region": {"startLine": 106}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 124303, "scanner": "repobility-threat-engine", "fingerprint": "090baba5d411e19b9d36c647c0a5cfe5124623c7339da350a7efe36f93563d99", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|090baba5d411e19b9d36c647c0a5cfe5124623c7339da350a7efe36f93563d99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/src/Arduino/String.cpp"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 124302, "scanner": "repobility-threat-engine", "fingerprint": "1a704e6ad3eea0fa814cb9c28387639f87fbbe0f1dfe47ad06eef664115af7ec", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1a704e6ad3eea0fa814cb9c28387639f87fbbe0f1dfe47ad06eef664115af7ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dated/version1/libraries/ArduinoJson/src/Arduino/Print.cpp"}, "region": {"startLine": 48}}}]}]}]}