{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `svenstaro/upload-release-action@v2` is minor version(s) behind (latest 2.11.5)", "shortDescription": {"text": "GitHub Action `svenstaro/upload-release-action@v2` is minor version(s) behind (latest 2.11.5)"}, "fullDescription": {"text": "`uses: svenstaro/upload-release-action@v2` is minor version(s) behind the latest published release 2.11.5. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "low", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC025", "name": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand externa", "shortDescription": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure a"}, "fullDescription": {"text": "Set XmlResolver = null on XmlDocument before Load. On XmlReader, pass XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit, XmlResolver = null }. Prefer XDocument / XElement which don't expand external entities by default."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v7.0.1`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7.0.1`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v7.0.1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `debian:13` unpinned", "shortDescription": {"text": "Workflow container/services image `debian:13` unpinned"}, "fullDescription": {"text": "`container/services image: debian:13` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/755"}, "properties": {"repository": "2dust/v2rayN", "repoUrl": "https://github.com/2dust/v2rayN", "branch": "master"}, "results": [{"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 62930, "scanner": "repobility-threat-engine", "fingerprint": "7ad5a306dfdf3218d8a682712b2400b9c4a1b2c1092680499d4fb64a02fb82df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "}\n        catch (FormatException)\n        {\n            return null;\n        }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7ad5a306dfdf3218d8a682712b2400b9c4a1b2c1092680499d4fb64a02fb82df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/Fmt/ShadowsocksFmt.cs"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 62924, "scanner": "repobility-threat-engine", "fingerprint": "74a8afa3bfc1a1fa0a2b93b6c286d10d6bfc6aa503ac9f9468ce30c0852c2a83", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.5 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Low entropy value (2.5 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|14|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/Fmt/FmtHandlerTests.cs"}, "region": {"startLine": 150}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 62923, "scanner": "repobility-threat-engine", "fingerprint": "cda6ab79e61bc9ddc04be77bd1351c17d9b1b53f789b83ab9711f80026a06e9a", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (1.5 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Password = \"<redacted>\"", "reason": "Low entropy value (1.5 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|12|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/CoreConfig/CoreConfigTestFactory.cs"}, "region": {"startLine": 125}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `svenstaro/upload-release-action@v2` is minor version(s) behind (latest 2.11.5)"}, "properties": {"repobilityId": 62915, "scanner": "repobility-dependency-currency", "fingerprint": "87f4068e1f89c249709024aed1e14adfdc5245a4faef7669f98e89f7e81ed240", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "svenstaro/upload-release-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "2.11.5", "correlation_key": "fp|87f4068e1f89c249709024aed1e14adfdc5245a4faef7669f98e89f7e81ed240", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `svenstaro/upload-release-action@v2` is minor version(s) behind (latest 2.11.5)"}, "properties": {"repobilityId": 62913, "scanner": "repobility-dependency-currency", "fingerprint": "894c90bec65c6e8a03980c4242d3dd502b790bdf3f587f7428c3aa5752b18975", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "svenstaro/upload-release-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "2.11.5", "correlation_key": "fp|894c90bec65c6e8a03980c4242d3dd502b790bdf3f587f7428c3aa5752b18975", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "DEPCUR-GHA", "level": "note", "message": {"text": "GitHub Action `svenstaro/upload-release-action@v2` is minor version(s) behind (latest 2.11.5)"}, "properties": {"repobilityId": 62910, "scanner": "repobility-dependency-currency", "fingerprint": "b036661a019a0bd5ad89ff51a383109154a3e5dc8c96e65e8cb091114051c49a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "svenstaro/upload-release-action", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "2.11.5", "correlation_key": "fp|b036661a019a0bd5ad89ff51a383109154a3e5dc8c96e65e8cb091114051c49a", "current_version": "v2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5ab820d5c6671de91f7b3c5a892a2dc44702d14823bce6e5704c7cd43ebf4a5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/OptionSettingWindow.axaml.cs", "duplicate_line": 17, "correlation_key": "fp|c5ab820d5c6671de91f7b3c5a892a2dc44702d14823bce6e5704c7cd43ebf4a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/OptionSettingWindow.xaml.cs"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a488f95d2c5e089881ce3a5b5cd5e4a73b5f7ae8da481eefc9167e5f8f355bc1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/MainWindow.axaml.cs", "duplicate_line": 53, "correlation_key": "fp|a488f95d2c5e089881ce3a5b5cd5e4a73b5f7ae8da481eefc9167e5f8f355bc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/MainWindow.xaml.cs"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93f2422e2fd147279e0b4ee709cbb66a1919728b7a82bbe886df449bd62981bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/GlobalHotkeySettingWindow.axaml.cs", "duplicate_line": 29, "correlation_key": "fp|93f2422e2fd147279e0b4ee709cbb66a1919728b7a82bbe886df449bd62981bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/GlobalHotkeySettingWindow.xaml.cs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e11ce62ce88da15e410b51422792ec7131295b8aa0473f4ff6f74ea33660807b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN/Views/AddGroupServerWindow.xaml.cs", "duplicate_line": 54, "correlation_key": "fp|e11ce62ce88da15e410b51422792ec7131295b8aa0473f4ff6f74ea33660807b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/FullConfigTemplateWindow.xaml.cs"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "81af920fff8c383145491abf70a33eb41022f28aa0ec85e7e906296256ddfc7e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/FullConfigTemplateWindow.axaml.cs", "duplicate_line": 12, "correlation_key": "fp|81af920fff8c383145491abf70a33eb41022f28aa0ec85e7e906296256ddfc7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/FullConfigTemplateWindow.xaml.cs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d09df2ff754dc19127beb9e9c0f3b03d935d08684feafc9a69d266cac89f6edd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN/Views/AddGroupServerWindow.xaml.cs", "duplicate_line": 55, "correlation_key": "fp|d09df2ff754dc19127beb9e9c0f3b03d935d08684feafc9a69d266cac89f6edd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/DNSSettingWindow.xaml.cs"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b1e55af318a78a65da55dfc7d39e126e0ee4118f2167a0ba8e45c2a4e77bdda", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/DNSSettingWindow.axaml.cs", "duplicate_line": 12, "correlation_key": "fp|8b1e55af318a78a65da55dfc7d39e126e0ee4118f2167a0ba8e45c2a4e77bdda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/DNSSettingWindow.xaml.cs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "77fc2d3f11010925f581be70fae861deb5d4dbe0a01f1b2bd331b371e9501272", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/ClashProxiesView.axaml.cs", "duplicate_line": 10, "correlation_key": "fp|77fc2d3f11010925f581be70fae861deb5d4dbe0a01f1b2bd331b371e9501272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/ClashProxiesView.xaml.cs"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a165702e41ab2bcf29c9c95711d4df1d69e0550af8e9aa62d71b0261d91d948", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/ClashConnectionsView.axaml.cs", "duplicate_line": 3, "correlation_key": "fp|1a165702e41ab2bcf29c9c95711d4df1d69e0550af8e9aa62d71b0261d91d948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/ClashConnectionsView.xaml.cs"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7331e339af7a203ce698ba494429271e19ff132ef2577d3fae6495d0d554250a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/CheckUpdateView.axaml.cs", "duplicate_line": 3, "correlation_key": "fp|7331e339af7a203ce698ba494429271e19ff132ef2577d3fae6495d0d554250a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/CheckUpdateView.xaml.cs"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19a44ca75f0738cbe64e980d050ead4c41a86bb8f2cfca21be4908a6af0d6ecf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/BackupAndRestoreView.axaml.cs", "duplicate_line": 13, "correlation_key": "fp|19a44ca75f0738cbe64e980d050ead4c41a86bb8f2cfca21be4908a6af0d6ecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/BackupAndRestoreView.xaml.cs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4370b4fa81e3f2de7f2723f686c32525b6a24bc1392bb22c72a00406bd7e74e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/AddServerWindow.axaml.cs", "duplicate_line": 22, "correlation_key": "fp|4370b4fa81e3f2de7f2723f686c32525b6a24bc1392bb22c72a00406bd7e74e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/AddServerWindow.xaml.cs"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a80b623e4bbe56a54fd0e3ebe44e9a5b7085417f6dbf9c4a0e198a3265169e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/ProfilesView.axaml.cs", "duplicate_line": 239, "correlation_key": "fp|5a80b623e4bbe56a54fd0e3ebe44e9a5b7085417f6dbf9c4a0e198a3265169e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/AddGroupServerWindow.xaml.cs"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b652562e7e8a27ad4b4d1cf08063346e9bb3ab6079a579bba2d6f1ce8d7f063e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/AddGroupServerWindow.axaml.cs", "duplicate_line": 15, "correlation_key": "fp|b652562e7e8a27ad4b4d1cf08063346e9bb3ab6079a579bba2d6f1ce8d7f063e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Views/AddGroupServerWindow.xaml.cs"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27a0153e2ec42feb9ba6674cfc3b5be060ba211d528042e201e0b3142f00e56d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/ViewModels/ThemeSettingViewModel.cs", "duplicate_line": 44, "correlation_key": "fp|27a0153e2ec42feb9ba6674cfc3b5be060ba211d528042e201e0b3142f00e56d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/ViewModels/ThemeSettingViewModel.cs"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0b820065eaab90d4c6ccd9daa712d70dce92caae1d5e27770790b6665f5554f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/AmazTool/Resx/Resource.Designer.cs", "duplicate_line": 18, "correlation_key": "fp|b0b820065eaab90d4c6ccd9daa712d70dce92caae1d5e27770790b6665f5554f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/Properties/Resources.Designer.cs"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e30c6bee941550f7d7b2ed16abb3330446599aa2c623c8d3c5636c9d7320b3ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/GlobalUsings.cs", "duplicate_line": 26, "correlation_key": "fp|e30c6bee941550f7d7b2ed16abb3330446599aa2c623c8d3c5636c9d7320b3ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN/GlobalUsings.cs"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c8692c044366abc997ad3d06ced8f9f771a4ec88e7e181edd29ab39fe49a8b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/FullConfigTemplateWindow.axaml.cs", "duplicate_line": 25, "correlation_key": "fp|7c8692c044366abc997ad3d06ced8f9f771a4ec88e7e181edd29ab39fe49a8b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN.Desktop/Views/SubEditWindow.axaml.cs"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9031fd18aa636e140a7cc47fd8ee590681fe5810fbf993ae9b475f35f48be1dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/v2rayN.Desktop/Views/FullConfigTemplateWindow.axaml.cs", "duplicate_line": 25, "correlation_key": "fp|9031fd18aa636e140a7cc47fd8ee590681fe5810fbf993ae9b475f35f48be1dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN.Desktop/Views/RoutingRuleDetailsWindow.axaml.cs"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad28d56789fe9280bcc7ed741ac099290c9647663c90f66899142ff537cf108a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/ViewModels/ProfilesSelectViewModel.cs", "duplicate_line": 125, "correlation_key": "fp|ad28d56789fe9280bcc7ed741ac099290c9647663c90f66899142ff537cf108a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/ViewModels/ProfilesViewModel.cs"}, "region": {"startLine": 312}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62865, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4a93093bea84f28ee045bdaa5438bbb03ee91020bf0e8060db7653f02da34b41", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/ViewModels/AddGroupServerViewModel.cs", "duplicate_line": 37, "correlation_key": "fp|4a93093bea84f28ee045bdaa5438bbb03ee91020bf0e8060db7653f02da34b41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/ViewModels/ProfilesViewModel.cs"}, "region": {"startLine": 99}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62864, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8da5f11f11b906d6edb8d43eb735b20dc33287affc59fc881e88e8206c157d3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Services/CoreConfig/Singbox/SingboxRoutingService.cs", "duplicate_line": 224, "correlation_key": "fp|8da5f11f11b906d6edb8d43eb735b20dc33287affc59fc881e88e8206c157d3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Services/CoreConfig/V2ray/V2rayRoutingService.cs"}, "region": {"startLine": 220}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62863, "scanner": "repobility-ai-code-hygiene", "fingerprint": "035d0ecf190308252992bac723c58235e4433e8de76fe80e252015d83d541c52", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Services/CoreConfig/Singbox/SingboxConfigTemplateService.cs", "duplicate_line": 6, "correlation_key": "fp|035d0ecf190308252992bac723c58235e4433e8de76fe80e252015d83d541c52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Services/CoreConfig/V2ray/V2rayConfigTemplateService.cs"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62862, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b72193d7a0c2f71bd52f360c3a1f49e150ea1ca4845ea55940e64c6c6b99285", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Services/CoreConfig/Singbox/CoreConfigSingboxService.cs", "duplicate_line": 46, "correlation_key": "fp|2b72193d7a0c2f71bd52f360c3a1f49e150ea1ca4845ea55940e64c6c6b99285"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Services/CoreConfig/V2ray/CoreConfigV2rayService.cs"}, "region": {"startLine": 54}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62861, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d19f36ef00795d15543e1bae58c9ecc35f839790ebd1e47e563a1493c42e163f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Handler/Fmt/ShadowsocksFmt.cs", "duplicate_line": 53, "correlation_key": "fp|d19f36ef00795d15543e1bae58c9ecc35f839790ebd1e47e563a1493c42e163f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Services/CoreConfig/Singbox/SingboxOutboundService.cs"}, "region": {"startLine": 128}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62860, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e77504413c7c41fd9eca632e6a9e4b8689c8e417e4d6d753974fe72372afadc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Handler/Fmt/VLESSFmt.cs", "duplicate_line": 10, "correlation_key": "fp|4e77504413c7c41fd9eca632e6a9e4b8689c8e417e4d6d753974fe72372afadc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/Fmt/WireguardFmt.cs"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62859, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a55506df2a16076b4140dfa2da829b811e2b7f5fad4ebc3040604a1ecf55f90", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Handler/Fmt/SingboxFmt.cs", "duplicate_line": 4, "correlation_key": "fp|1a55506df2a16076b4140dfa2da829b811e2b7f5fad4ebc3040604a1ecf55f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/Fmt/V2rayFmt.cs"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62858, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d061790dbc02b11abf325b651f495b60e945dd0c53b4d2cf8fee68dda952c88e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib/Handler/Fmt/ShadowsocksFmt.cs", "duplicate_line": 118, "correlation_key": "fp|d061790dbc02b11abf325b651f495b60e945dd0c53b4d2cf8fee68dda952c88e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/Fmt/SocksFmt.cs"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62857, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3848bc00557b6b58b2db15adb1953bb92dca1c9424f411fe48132a4d0e9322be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib.Tests/GlobalUsings.cs", "duplicate_line": 11, "correlation_key": "fp|3848bc00557b6b58b2db15adb1953bb92dca1c9424f411fe48132a4d0e9322be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/GlobalUsings.cs"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 62856, "scanner": "repobility-ai-code-hygiene", "fingerprint": "580a9e497b73dd444e966442c9a68d9600c0d9600b57b618b3e4a056d4387709", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "v2rayN/ServiceLib.Tests/CoreConfig/Singbox/CoreConfigSingboxServiceTests.cs", "duplicate_line": 174, "correlation_key": "fp|580a9e497b73dd444e966442c9a68d9600c0d9600b57b618b3e4a056d4387709"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/CoreConfig/V2ray/CoreConfigV2rayServiceTests.cs"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 62928, "scanner": "repobility-threat-engine", "fingerprint": "f9fc2a223db2834daab3006a3efb2fac31ea1f1326067fd7b257c3903e6b9c60", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f9fc2a223db2834daab3006a3efb2fac31ea1f1326067fd7b257c3903e6b9c60", "aggregated_count": 1}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 62927, "scanner": "repobility-threat-engine", "fingerprint": "7b088c34c560c8f8d52c6b2ba47346bfdceff59fb0cac2b45b45f7e650f09b4c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b088c34c560c8f8d52c6b2ba47346bfdceff59fb0cac2b45b45f7e650f09b4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/Fmt/WireguardFmtTests.cs"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 62926, "scanner": "repobility-threat-engine", "fingerprint": "1cb7e7c31470879e56ae7fa23d97894062bd607ac1517207b9fc0323167e09d7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1cb7e7c31470879e56ae7fa23d97894062bd607ac1517207b9fc0323167e09d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/Fmt/InnerFmtTests.cs"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 62925, "scanner": "repobility-threat-engine", "fingerprint": "1d68f9669e8da12699d8048f78b574d8cd5ccca4a07432930547a8f8a132790b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d68f9669e8da12699d8048f78b574d8cd5ccca4a07432930547a8f8a132790b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib.Tests/Fmt/FmtHandlerTests.cs"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 62922, "scanner": "repobility-threat-engine", "fingerprint": "384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|384b13d01eca021cad8caa867cbe69ee4fc1353f389030e2ca3b6fe8412f11af"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 62918, "scanner": "repobility-threat-engine", "fingerprint": "dffd4250687a0a880d91e10e42a47a1cd1a5251ad4551c6b952a8e8eb7bd5d7e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dffd4250687a0a880d91e10e42a47a1cd1a5251ad4551c6b952a8e8eb7bd5d7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/AutoStartupHandler.cs"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 62917, "scanner": "repobility-threat-engine", "fingerprint": "b9277647effe0e050a446395600658de145520b317bde7da63ac661bf80b2735", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b9277647effe0e050a446395600658de145520b317bde7da63ac661bf80b2735"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-osx.sh"}, "region": {"startLine": 21}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 62916, "scanner": "repobility-dependency-currency", "fingerprint": "938ec46ff79eecb0071890e843631891631b7d0fe2c121f4c040c00bb9a46111", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|938ec46ff79eecb0071890e843631891631b7d0fe2c121f4c040c00bb9a46111", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 62914, "scanner": "repobility-dependency-currency", "fingerprint": "f3e90e76b4d65a2ef0b1046cf3989e72c1dd63d094fffb30aa0a36e01f910d6c", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|f3e90e76b4d65a2ef0b1046cf3989e72c1dd63d094fffb30aa0a36e01f910d6c", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 62912, "scanner": "repobility-dependency-currency", "fingerprint": "82641a4a8ff821c4f2da09cf4512c6bb24fa21bd8ec45429fe4e44f222baf91a", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|82641a4a8ff821c4f2da09cf4512c6bb24fa21bd8ec45429fe4e44f222baf91a", "current_version": "v8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 62911, "scanner": "repobility-dependency-currency", "fingerprint": "6f26da21bf05cd4ab1cd136488f966d3fb45deb650fb3b0262d0d76e84bf19fc", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|6f26da21bf05cd4ab1cd136488f966d3fb45deb650fb3b0262d0d76e84bf19fc", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/download-artifact@v8` is patch version(s) behind (latest v8.0.1)"}, "properties": {"repobilityId": 62909, "scanner": "repobility-dependency-currency", "fingerprint": "81f7fdf73f1181cf6f218032e8350d532546f161cf14f1e27a17b0b23f0e3ec7", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/download-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v8.0.1", "correlation_key": "fp|81f7fdf73f1181cf6f218032e8350d532546f161cf14f1e27a17b0b23f0e3ec7", "current_version": "v8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 62908, "scanner": "repobility-dependency-currency", "fingerprint": "800d94bcb9718546b48c4d98c9fdf4e958990948c09e8e736ee235210ffb90eb", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|800d94bcb9718546b48c4d98c9fdf4e958990948c09e8e736ee235210ffb90eb", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "DEPCUR-GHA", "level": "none", "message": {"text": "GitHub Action `actions/checkout@v6` is patch version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 62907, "scanner": "repobility-dependency-currency", "fingerprint": "8566736bcdca14ae571cf9e0cda88fa3638db33ed04ce0de5e34c9e7c7e15679", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|8566736bcdca14ae571cf9e0cda88fa3638db33ed04ce0de5e34c9e7c7e15679", "current_version": "v6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC025", "level": "error", "message": {"text": "[SEC025] XML External Entity (XXE) \u2014 .NET XmlDocument / XmlTextReader: .NET XmlDocument and XmlTextReader expand external entities by default in pre-4.5.2 runtimes (and even later if XmlResolver is left at default). Allows file disclosure and SSRF via XXE."}, "properties": {"repobilityId": 62931, "scanner": "repobility-threat-engine", "fingerprint": "a1cd09971ac0408103d040c4988fea11cdf155dc89d4c9f4fabd5139a7e22b03", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "XmlReader.Create(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC025", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a1cd09971ac0408103d040c4988fea11cdf155dc89d4c9f4fabd5139a7e22b03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/v2rayN.Desktop/Views/JsonEditor.axaml.cs"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 62929, "scanner": "repobility-threat-engine", "fingerprint": "525c767aa318e6c989aacbe6932a1568164f921127284226a98d39a6cda0a00d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|525c767aa318e6c989aacbe6932a1568164f921127284226a98d39a6cda0a00d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Common/WindowsUtils.cs"}, "region": {"startLine": 62}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62921, "scanner": "repobility-threat-engine", "fingerprint": "1c1937b6d67d7cca65c0e0b8c9a7c38bdddcff430c77375e41a5c3168aef228c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "File.Delete(launchAgentPath);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1c1937b6d67d7cca65c0e0b8c9a7c38bdddcff430c77375e41a5c3168aef228c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Handler/AutoStartupHandler.cs"}, "region": {"startLine": 188}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62920, "scanner": "repobility-threat-engine", "fingerprint": "4f7d2d49e29900c2cb655527a0a83560451943918f11f6180716901dd05f0ed0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "File.Delete(destinationArchiveFileName);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4f7d2d49e29900c2cb655527a0a83560451943918f11f6180716901dd05f0ed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/ServiceLib/Common/FileUtils.cs"}, "region": {"startLine": 145}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 62919, "scanner": "repobility-threat-engine", "fingerprint": "fb893fb9fad8b9a81a6c2e56255f92118feea81a9b23ee44df7b02037bdf3459", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "File.Delete(thisAppOldFile);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb893fb9fad8b9a81a6c2e56255f92118feea81a9b23ee44df7b02037bdf3459"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "v2rayN/AmazTool/UpgradeApp.cs"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7.0.1`"}, "properties": {"repobilityId": 62906, "scanner": "repobility-supply-chain", "fingerprint": "a1a4f01c5875544001324872e15302d7cb6f329124cbf1198c77a457c9c3de8e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a1a4f01c5875544001324872e15302d7cb6f329124cbf1198c77a457c9c3de8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5.3.0`"}, "properties": {"repobilityId": 62905, "scanner": "repobility-supply-chain", "fingerprint": "64c73269846cc96f3394299c69e3483da2b394cb149770f2d43cd7cdc65219d2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|64c73269846cc96f3394299c69e3483da2b394cb149770f2d43cd7cdc65219d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62904, "scanner": "repobility-supply-chain", "fingerprint": "3415458fa47e63893793fd2cbadf42fb0581d263872cb0a8174448c7b51c706a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3415458fa47e63893793fd2cbadf42fb0581d263872cb0a8174448c7b51c706a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `debian:13` unpinned"}, "properties": {"repobilityId": 62903, "scanner": "repobility-supply-chain", "fingerprint": "dd80f990679de2ef73999368eb3d4a1cde09de3642e4228dfeb52a6807299026", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd80f990679de2ef73999368eb3d4a1cde09de3642e4228dfeb52a6807299026"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `rockylinux/rockylinux:10` unpinned"}, "properties": {"repobilityId": 62902, "scanner": "repobility-supply-chain", "fingerprint": "0e07a17013b84e1d39623d1c59e745a124378fadbcc83a7a7a934efba2d025f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e07a17013b84e1d39623d1c59e745a124378fadbcc83a7a7a934efba2d025f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `registry.access.redhat.com/ubi10/ubi` unpinned"}, "properties": {"repobilityId": 62901, "scanner": "repobility-supply-chain", "fingerprint": "8f34b80f468269d42a6fe630d82969fec00fb2dfe2732f09b5a533dafd108983", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8f34b80f468269d42a6fe630d82969fec00fb2dfe2732f09b5a533dafd108983"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `debian:13` unpinned"}, "properties": {"repobilityId": 62900, "scanner": "repobility-supply-chain", "fingerprint": "096877b8dae264f9be2c351bc190d5e278cf5e96d587a57939ff88221b471ead", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|096877b8dae264f9be2c351bc190d5e278cf5e96d587a57939ff88221b471ead"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `svenstaro/upload-release-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 62899, "scanner": "repobility-supply-chain", "fingerprint": "92c04555636bde7fe1587c54c5b402832c5166c11f0d39c96378ffb6a8dffe5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|92c04555636bde7fe1587c54c5b402832c5166c11f0d39c96378ffb6a8dffe5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 497}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62898, "scanner": "repobility-supply-chain", "fingerprint": "bdf794a57a4014665dba13de2b59a6960b8525c033ad84812ba2c1e575b67954", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bdf794a57a4014665dba13de2b59a6960b8525c033ad84812ba2c1e575b67954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `svenstaro/upload-release-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 62897, "scanner": "repobility-supply-chain", "fingerprint": "fe13affca7aa3d25ffe183c9279e63eb63b10a33a38a6503b4efa3864686e98a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fe13affca7aa3d25ffe183c9279e63eb63b10a33a38a6503b4efa3864686e98a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 175}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62896, "scanner": "repobility-supply-chain", "fingerprint": "98705915e3dab3e3abae8ff8836e7645fb8c5a49fe6832dcfee8c96e024ba3e9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|98705915e3dab3e3abae8ff8836e7645fb8c5a49fe6832dcfee8c96e024ba3e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `svenstaro/upload-release-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 62895, "scanner": "repobility-supply-chain", "fingerprint": "e963fbdb702d366cd46b7cb65b5b97113734a9b0386b3b3847f1536c9abae9cd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e963fbdb702d366cd46b7cb65b5b97113734a9b0386b3b3847f1536c9abae9cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62894, "scanner": "repobility-supply-chain", "fingerprint": "aafe6fce1339f590dd304e28506496cd829a8e7123636d7d3db57c2ef95130db", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aafe6fce1339f590dd304e28506496cd829a8e7123636d7d3db57c2ef95130db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-linux.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `svenstaro/upload-release-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 62893, "scanner": "repobility-supply-chain", "fingerprint": "f0ee87ed0ed13646ff98580cbb866a5b43ee0ae7541c0549d2c855062f2f92eb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f0ee87ed0ed13646ff98580cbb866a5b43ee0ae7541c0549d2c855062f2f92eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 62892, "scanner": "repobility-supply-chain", "fingerprint": "6b07e38ba1f27019f83540a0d7fd2b85ae5e3615c96b5179ae1ef9e89bc61558", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6b07e38ba1f27019f83540a0d7fd2b85ae5e3615c96b5179ae1ef9e89bc61558"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62891, "scanner": "repobility-supply-chain", "fingerprint": "8412a306193a85b31fb5ad014ed694d018046310d7ee3bae5973541bd4ec1e69", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8412a306193a85b31fb5ad014ed694d018046310d7ee3bae5973541bd4ec1e69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-osx.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `svenstaro/upload-release-action` pinned to mutable ref `@v2`"}, "properties": {"repobilityId": 62890, "scanner": "repobility-supply-chain", "fingerprint": "ad7cc2ada32d66dcafdc2ed4fc89dea1c00ecd7cb4ff0583b5b6cf9f456276ce", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad7cc2ada32d66dcafdc2ed4fc89dea1c00ecd7cb4ff0583b5b6cf9f456276ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/download-artifact` pinned to mutable ref `@v8`"}, "properties": {"repobilityId": 62889, "scanner": "repobility-supply-chain", "fingerprint": "f263481968c99f779547506dbdee754fa8eea291ba5a540f279982ba3db59ae9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f263481968c99f779547506dbdee754fa8eea291ba5a540f279982ba3db59ae9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62888, "scanner": "repobility-supply-chain", "fingerprint": "906a2e21a10e7cf927d67b16f04f4f5dff769f9d74b67a96f1a7a91df66add8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|906a2e21a10e7cf927d67b16f04f4f5dff769f9d74b67a96f1a7a91df66add8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package-zip.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-dotnet` pinned to mutable ref `@v5.3.0`"}, "properties": {"repobilityId": 62887, "scanner": "repobility-supply-chain", "fingerprint": "a3303be84d6548231aeb8e6bb4e714cf66e20e75fd53da3da389a008f9b24fd9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a3303be84d6548231aeb8e6bb4e714cf66e20e75fd53da3da389a008f9b24fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 62886, "scanner": "repobility-supply-chain", "fingerprint": "0cc81eda2e95f008f2f157081424976c5422589bccc5dafcf62c412014930395", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0cc81eda2e95f008f2f157081424976c5422589bccc5dafcf62c412014930395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 62855, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}