{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/279"}, "properties": {"repository": "jazzenchen/VibeAround", "repoUrl": "https://github.com/jazzenchen/VibeAround", "branch": "main"}, "results": [{"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 8618, "scanner": "repobility-journey-contract", "fingerprint": "551bec2891ccacf16394821b9f6d4446af2a962f70521d0d22c45357379f6fd1", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/web/src/main.tsx|61|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/main.tsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 8617, "scanner": "repobility-journey-contract", "fingerprint": "98289d3e596130f50889f7abbd0bbc6d2632aa783114c448b0960504e7076d7a", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/web/src/main.tsx|46|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/main.tsx"}, "region": {"startLine": 46}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 8616, "scanner": "repobility-journey-contract", "fingerprint": "354f78e41164bdae853f459bdd68161dffd91fd9d9f9682b8d08a28fc1cd4afe", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/web/src/lib/auth.ts|31|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/lib/auth.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 8615, "scanner": "repobility-journey-contract", "fingerprint": "c89edf62aa0fbf716744068a9952081e9842750c5231223dd87d5cd27178d734", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|src/web/src/pairinggate.tsx|93|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/PairingGate.tsx"}, "region": {"startLine": 93}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 8614, "scanner": "repobility-threat-engine", "fingerprint": "69f9aad11c75fd6a392c83d159eca43d98530cbf16dfee2629a101afd3e06e3a", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": "Pattern matched with no mitigating context found | [R34-retro auto-suppress: setup/install wizard (placeholder values)]", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69f9aad11c75fd6a392c83d159eca43d98530cbf16dfee2629a101afd3e06e3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/desktop-ui/src/Onboarding/hooks/useChannelAuth.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 8610, "scanner": "repobility-agent-runtime", "fingerprint": "7eec21863de40638566e7dbd96f8a5623e69590a676e6604b0a09893fa09e7bc", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7eec21863de40638566e7dbd96f8a5623e69590a676e6604b0a09893fa09e7bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/agents.json"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8609, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b9cad814518d352fa641998ca8a2d6de5741280b078bba3c3c63d28f60ccff61", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/desktop-ui/vite.config.ts", "duplicate_line": 6, "correlation_key": "fp|b9cad814518d352fa641998ca8a2d6de5741280b078bba3c3c63d28f60ccff61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/vite.config.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8608, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b9207719f73714de4ebeda7a987dd0dd3ad41f5e58fd0d1edd110558a2c2f58", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/web/src/App.tsx", "duplicate_line": 24, "correlation_key": "fp|9b9207719f73714de4ebeda7a987dd0dd3ad41f5e58fd0d1edd110558a2c2f58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/hooks/useSessions.ts"}, "region": {"startLine": 197}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8607, "scanner": "repobility-ai-code-hygiene", "fingerprint": "142a9c4d60481000d706fed32266e4fcda2404eba4360ed832ff8f66e1b263ac", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/desktop-ui/src/components/ui/dropdown-menu.tsx", "duplicate_line": 1, "correlation_key": "fp|142a9c4d60481000d706fed32266e4fcda2404eba4360ed832ff8f66e1b263ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/components/ui/dropdown-menu.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8606, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a41be2d87c4558049efc3773b3f5451c6f9ed4948ffb7b0531741f2a13be1ce", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/desktop-ui/src/components/LanguageMenu.tsx", "duplicate_line": 33, "correlation_key": "fp|8a41be2d87c4558049efc3773b3f5451c6f9ed4948ffb7b0531741f2a13be1ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/components/LanguageMenu.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8605, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7107c7270abc47e806cfd1c98cbc15b660fe6bbc89ff5b893c2fda2ee198fdab", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/desktop-ui/src/components/ui/dropdown-menu.tsx", "duplicate_line": 1, "correlation_key": "fp|7107c7270abc47e806cfd1c98cbc15b660fe6bbc89ff5b893c2fda2ee198fdab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/shared/ui/src/dropdown-menu.tsx"}, "region": {"startLine": 222}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8604, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcc1bfd156ea819d74c9399ed41bef8311440209b077d93dfa389b0afbd3679b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/server/src/web_server/api/runtime.rs", "duplicate_line": 26, "correlation_key": "fp|bcc1bfd156ea819d74c9399ed41bef8311440209b077d93dfa389b0afbd3679b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/src/web_server/ws_domains.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8603, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc60668f148ebd9585ca56b76adfd3fcbbedd11f4151ed648ef1703f67b4cb3d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/server/src/openai_proxy/providers/dashscope.rs", "duplicate_line": 45, "correlation_key": "fp|fc60668f148ebd9585ca56b76adfd3fcbbedd11f4151ed648ef1703f67b4cb3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/src/openai_proxy/providers/zai.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8602, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a6685c69fda6426fa5e8a9849024cefadfa158abbbe8af2a3ecd9ca70213933", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/src/profiles/proxy_launch.rs", "duplicate_line": 374, "correlation_key": "fp|3a6685c69fda6426fa5e8a9849024cefadfa158abbbe8af2a3ecd9ca70213933"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/desktop/src/profiles/launcher/codex.rs"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8601, "scanner": "repobility-ai-code-hygiene", "fingerprint": "30b19e7f275b86e8d44eafc907b408b0eece3225c958ab42e2270c5ddd59488b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/src/agent/install.rs", "duplicate_line": 65, "correlation_key": "fp|30b19e7f275b86e8d44eafc907b408b0eece3225c958ab42e2270c5ddd59488b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/desktop/src/onboarding/plugin_install.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8600, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1934c100ec48a6a34ef9a427b87ea2431ec8034f34f745c983758c456b84a13d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/desktop-ui/src/Launch/LaunchSettingsMenu.tsx", "duplicate_line": 82, "correlation_key": "fp|1934c100ec48a6a34ef9a427b87ea2431ec8034f34f745c983758c456b84a13d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/desktop-ui/src/Launch/WorkspacePicker.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8599, "scanner": "repobility-ai-code-hygiene", "fingerprint": "63233b926e39d78a1ae510a9b68a7cb6a6f9676b538224a9dbc340aa56b8c147", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/src/profiles/proxy_launch.rs", "duplicate_line": 371, "correlation_key": "fp|63233b926e39d78a1ae510a9b68a7cb6a6f9676b538224a9dbc340aa56b8c147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/src/profiles/render.rs"}, "region": {"startLine": 218}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 8612, "scanner": "repobility-threat-engine", "fingerprint": "1619e3017e887eb427cd83aafe2397a5b679190c97fada976e1c7e3830c95e22", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = m", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|120|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/src/web_server/preview/markdown.rs"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 8613, "scanner": "repobility-threat-engine", "fingerprint": "c6895f114031bb4588cf36bb97087398afba1f589883358a9d3225ef506229cf", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Form field or UI element reference", "evidence": {"match": "API_KEY = \"<redacted>\"", "reason": "Form field or UI element reference", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/desktop-ui/src/Launch/ProfileConnectionManualGuide.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 8611, "scanner": "repobility-threat-engine", "fingerprint": "a11b4e7764ed69cba41a0991684839a8884fd905bba82622813a4b446d510c2f", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|487|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/web/src/components/chat/ChatView.tsx"}, "region": {"startLine": 487}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 8598, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}