{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR015", "name": "Docker build context is very large", "shortDescription": {"text": "Docker build context is very large"}, "fullDescription": {"text": "Shrink the build context with .dockerignore, move generated/runtime data outside the build context, and copy only the manifest files needed for cached dependency layers."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `ldd` has cognitive complexity 25 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `ldd` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 25."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases.", "shortDescription": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `ludeeus/action-shellcheck` pinned to mutable ref `@master`: `uses: ludeeus/action-shellcheck@master` ", "shortDescription": {"text": "[MINED115] Action `ludeeus/action-shellcheck` pinned to mutable ref `@master`: `uses: ludeeus/action-shellcheck@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-"}, "fullDescription": {"text": "Replace with: `uses: ludeeus/action-shellcheck@<40-char-sha>  # master` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.title` used but never assigned in __init__: Method `_list_title` of class `GitHubPR` reads `self.title`", "shortDescription": {"text": "[MINED108] `self.title` used but never assigned in __init__: Method `_list_title` of class `GitHubPR` reads `self.title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time th"}, "fullDescription": {"text": "Initialize `self.title = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED040", "name": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes.", "shortDescription": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED036", "name": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping.", "shortDescription": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC004", "name": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.", "shortDescription": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "fullDescription": {"text": "Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This", "shortDescription": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import xml` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED015", "name": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection.", "shortDescription": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1304"}, "properties": {"repository": "getsolus/packages", "repoUrl": "https://github.com/getsolus/packages", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133249, "scanner": "repobility-ast-engine", "fingerprint": "8274a79faccfbede3b68b9fa204deeff2eb35c2d62106a280de80b1cee3c2977", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8274a79faccfbede3b68b9fa204deeff2eb35c2d62106a280de80b1cee3c2977"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-470-glx-driver/files/modalias-util.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133248, "scanner": "repobility-ast-engine", "fingerprint": "c5bfcbb6b1739e2e77e0d5587cd7a998d9ecda875c8525f4e8e0c76c488bb219", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5bfcbb6b1739e2e77e0d5587cd7a998d9ecda875c8525f4e8e0c76c488bb219"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-glx-driver/files/modalias-util.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133247, "scanner": "repobility-ast-engine", "fingerprint": "2d55ef7d3e6ec46d4eef1defc85aefa5377a24c80afb1387cf27a6cdb8b8b601", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d55ef7d3e6ec46d4eef1defc85aefa5377a24c80afb1387cf27a6cdb8b8b601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-open/files/modalias-util.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133246, "scanner": "repobility-ast-engine", "fingerprint": "3d4504ae94b01683c1155d753058232cc1cc8be1869372d75992477245a70729", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3d4504ae94b01683c1155d753058232cc1cc8be1869372d75992477245a70729"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133245, "scanner": "repobility-ast-engine", "fingerprint": "474be5eabc57d240693bb59e6393a560a5a16aec5e26bfc9afdb1bee007404e7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|474be5eabc57d240693bb59e6393a560a5a16aec5e26bfc9afdb1bee007404e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133244, "scanner": "repobility-ast-engine", "fingerprint": "2d6db5a76497fd6d57f74e18eefff7acbe5b9bd7969e729c71b9866be237de49", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d6db5a76497fd6d57f74e18eefff7acbe5b9bd7969e729c71b9866be237de49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133243, "scanner": "repobility-ast-engine", "fingerprint": "c66ae2b9ff6cc294c231aabd5d6eb8f5d478a00ceb1a0dac8b7a0ab09afeac22", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c66ae2b9ff6cc294c231aabd5d6eb8f5d478a00ceb1a0dac8b7a0ab09afeac22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133242, "scanner": "repobility-ast-engine", "fingerprint": "2f2094735c74c266937b6e48b672dddf128a502b498c716ddc69cd4369703a36", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f2094735c74c266937b6e48b672dddf128a502b498c716ddc69cd4369703a36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133241, "scanner": "repobility-ast-engine", "fingerprint": "31db258b1fe25df7c1e31d83f08dfb55f0c98b50aadb753c743cdbddf00fdf61", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31db258b1fe25df7c1e31d83f08dfb55f0c98b50aadb753c743cdbddf00fdf61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133240, "scanner": "repobility-ast-engine", "fingerprint": "e0e418836d0d0907c20756cbbe9df2a19a2b4e3dc3f79200948c0df89a1e299e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0e418836d0d0907c20756cbbe9df2a19a2b4e3dc3f79200948c0df89a1e299e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/b/broadcom-sta/files/modalias-util.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133239, "scanner": "repobility-ast-engine", "fingerprint": "04e9561500592dc0aef487b2c79b5b2acad2eba2ef54bf84d7fb60b187760667", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04e9561500592dc0aef487b2c79b5b2acad2eba2ef54bf84d7fb60b187760667"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/find-old-packages.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133238, "scanner": "repobility-ast-engine", "fingerprint": "65b51adf6da9a5495a7e32badae1ba250bf38db386424608c9ed7ca0a4829488", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|65b51adf6da9a5495a7e32badae1ba250bf38db386424608c9ed7ca0a4829488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/find-old-packages.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133237, "scanner": "repobility-ast-engine", "fingerprint": "76bc1401860019fffe1cc757ab8003cf19e5f553d0772217e8be55fe7b40e108", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|76bc1401860019fffe1cc757ab8003cf19e5f553d0772217e8be55fe7b40e108"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/dep_check.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133236, "scanner": "repobility-ast-engine", "fingerprint": "01cfc942f2343658e6b3095e311d9d31bda4e71cfaa5b1d98434889b96904b74", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|01cfc942f2343658e6b3095e311d9d31bda4e71cfaa5b1d98434889b96904b74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/dep_check.py"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133234, "scanner": "repobility-ast-engine", "fingerprint": "9ff430c6cff6cb8187aeca0cbea33d007fa12cea7186608cc8ea93764622a087", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9ff430c6cff6cb8187aeca0cbea33d007fa12cea7186608cc8ea93764622a087"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133233, "scanner": "repobility-ast-engine", "fingerprint": "bec128543af46300869cf9774b1d010b54c75502973530212ec87cc1c3101537", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bec128543af46300869cf9774b1d010b54c75502973530212ec87cc1c3101537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133212, "scanner": "repobility-ast-engine", "fingerprint": "4b8e0e1f92aa12e54eb3d33ddec15e916d42576196c729defba8fe3a84cf685d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b8e0e1f92aa12e54eb3d33ddec15e916d42576196c729defba8fe3a84cf685d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/yauto.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133207, "scanner": "repobility-ast-engine", "fingerprint": "2a77f69e9a6486810bd4a68eb959f90eac6a8b403bd26e738e6f8cdc214e565d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a77f69e9a6486810bd4a68eb959f90eac6a8b403bd26e738e6f8cdc214e565d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/find_deps.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133206, "scanner": "repobility-ast-engine", "fingerprint": "e93f7fc832448343d4eb9466d283038c3e2f039a6b1fc291b6e3521754339dcf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e93f7fc832448343d4eb9466d283038c3e2f039a6b1fc291b6e3521754339dcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/dloader.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133205, "scanner": "repobility-ast-engine", "fingerprint": "12ef502a348f95f94f964977bd414b9c1cd4ce0399bb393cccf17c864e447ee1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|12ef502a348f95f94f964977bd414b9c1cd4ce0399bb393cccf17c864e447ee1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133204, "scanner": "repobility-ast-engine", "fingerprint": "21d2e5b33862c1dc0e4bd426aa9146832a97b11a0a9154ad063a087d81e91e73", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|21d2e5b33862c1dc0e4bd426aa9146832a97b11a0a9154ad063a087d81e91e73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 133203, "scanner": "repobility-ast-engine", "fingerprint": "37dadac1f5f2ced21129710b1ba748745eb720e835592e614eac01dbd726e3e0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|37dadac1f5f2ced21129710b1ba748745eb720e835592e614eac01dbd726e3e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 133201, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR015", "level": "warning", "message": {"text": "Docker build context is very large"}, "properties": {"repobilityId": 133200, "scanner": "repobility-docker", "fingerprint": "b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b", "category": "docker", "severity": "medium", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Estimated Docker build context exceeds Repobility's size or file-count threshold.", "evidence": {"capped": false, "rule_id": "DKR015", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "largest_paths": [{"path": ".git/objects/pack/pack-49f3a147aec84dd13b055c1e5be6d0bf95ef6e62.pack", "size_mb": 54.0}, {"path": ".git/objects/pack/pack-aee6ab3b6a4744e83c91deea27a38c3eda7f6ff9.pack", "size_mb": 42.1}, {"path": "packages/g/ghc/abi_symbols", "size_mb": 39.6}, {"path": "packages/r/rocm-llvm/abi_symbols", "size_mb": 26.7}, {"path": "packages/t/texlive/pspec_x86_64.xml", "size_mb": 20.0}], "included_files": 32952, "context_size_mb": 999.5, "correlation_key": "fp|b15d4f710afeff2af4cd4ab204332853f9025b78869a0e87bb466a798bb1a15b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 133190, "scanner": "repobility-threat-engine", "fingerprint": "ea775aa5c82824643bd9b61e2df9c53f504c4c5fd13c2000fb2e547f0ccac53e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ea775aa5c82824643bd9b61e2df9c53f504c4c5fd13c2000fb2e547f0ccac53e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/packageHandler.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 133189, "scanner": "repobility-threat-engine", "fingerprint": "f28ecb3dc1ea4cb391f787e52857c4ed5e9807fcef375279e0224507702eaeb4", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f28ecb3dc1ea4cb391f787e52857c4ed5e9807fcef375279e0224507702eaeb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/package.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 133188, "scanner": "repobility-threat-engine", "fingerprint": "9118947b9e237ae133c68bdbb947c49f8054fb4574b15c454b8653af79609825", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9118947b9e237ae133c68bdbb947c49f8054fb4574b15c454b8653af79609825"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 133164, "scanner": "repobility-threat-engine", "fingerprint": "f7dacae81102c494924e39818859e8e9b750925733229bf1d79fc9def1c21144", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|56|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 133163, "scanner": "repobility-threat-engine", "fingerprint": "b4cb4b653bec6501bd5aac71d5450650628bf417b3ee68fa7c4383d3239e3cc1", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|common/scripts/gettag.py|24|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 133162, "scanner": "repobility-threat-engine", "fingerprint": "030d54065408f04b654caf738334c1dfd1e2e2f579202c3f5113301a6bace944", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|60|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/get-py-deps.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 133155, "scanner": "repobility-threat-engine", "fingerprint": "9daf17ba25b6078f373a6bd9e8ad750a4dfbab732f58c8fac0caaed5bbc7edbc", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.check_output(\n        f\"/usr/bin/readelf -d {path}\", shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|common/scripts/find_deps.py|20|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/find_deps.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 133154, "scanner": "repobility-threat-engine", "fingerprint": "e2984c2f6c330a73e50881f53d33cedc478a2e202afdffd3f7402376aafe102f", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "os.system(f'", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|common/scripts/ep-update.py|66|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `ldd` has cognitive complexity 25 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, continue=2, else=1, for=1, if=8, nested_bonus=12."}, "properties": {"repobilityId": 133144, "scanner": "repobility-threat-engine", "fingerprint": "8cd587963d8f2c233843dbd2fe52f2318076d20a1ec2574eb2fb275d2cb0ecc8", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 25 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "ldd", "breakdown": {"if": 8, "for": 1, "else": 1, "break": 1, "continue": 2, "nested_bonus": 12}, "complexity": 25, "correlation_key": "fp|8cd587963d8f2c233843dbd2fe52f2318076d20a1ec2574eb2fb275d2cb0ecc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/dep_check.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27654af2f494f2b9646d5e1c7aaef4362ea60fd96e8f86af5e48c8542e8b4e2b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/f/firefox-langpacks/update.py", "duplicate_line": 4, "correlation_key": "fp|27654af2f494f2b9646d5e1c7aaef4362ea60fd96e8f86af5e48c8542e8b4e2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/t/thunderbird-langpacks/update.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2010c7084d12fa4297dee17b93a3a4b3696b450bc7ec0d516246beaf7a21863f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/b/broadcom-sta/files/modalias-util.py", "duplicate_line": 1, "correlation_key": "fp|2010c7084d12fa4297dee17b93a3a4b3696b450bc7ec0d516246beaf7a21863f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-open/files/modalias-util.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba2309e1620c923513e3f3544ca81c9302c3a21c37a42d8ef787fbfc3c5ed57c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/n/nvidia-470-glx-driver/files/parse-supported-gpus.py", "duplicate_line": 1, "correlation_key": "fp|ba2309e1620c923513e3f3544ca81c9302c3a21c37a42d8ef787fbfc3c5ed57c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-glx-driver/files/parse-supported-gpus.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133196, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3d71f38d53a487fdd53f06f02088b3d0be04e4df372decc296bfad467f67e39", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/b/broadcom-sta/files/modalias-util.py", "duplicate_line": 1, "correlation_key": "fp|c3d71f38d53a487fdd53f06f02088b3d0be04e4df372decc296bfad467f67e39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-glx-driver/files/modalias-util.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133195, "scanner": "repobility-ai-code-hygiene", "fingerprint": "84406703e79627799807d89f4d5a4a542f938393c29ed10595f0bf7135c4b0b8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/b/broadcom-sta/files/modalias-util.py", "duplicate_line": 1, "correlation_key": "fp|84406703e79627799807d89f4d5a4a542f938393c29ed10595f0bf7135c4b0b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-470-glx-driver/files/modalias-util.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133194, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f1bb912fd01541f4a45c7ffa07b831f39089bad6e1ad81e6c51777525ed39fd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/k/kernel-glue/comar/package.py", "duplicate_line": 4, "correlation_key": "fp|7f1bb912fd01541f4a45c7ffa07b831f39089bad6e1ad81e6c51777525ed39fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/packageHandler.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133193, "scanner": "repobility-ai-code-hygiene", "fingerprint": "053f3178a4c4ee7eb3c7b84f687886069ef4d0cec2bcb31fafdd8feae213dcab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "common/Scripts/ep-update.py", "duplicate_line": 13, "correlation_key": "fp|053f3178a4c4ee7eb3c7b84f687886069ef4d0cec2bcb31fafdd8feae213dcab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/pbump.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 133192, "scanner": "repobility-ai-code-hygiene", "fingerprint": "240855d92f037624dd552d82230eb60a56d76ec8e2b746072ca9ea859cf586dd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "common/Go/deprecate_packages.go", "duplicate_line": 12, "correlation_key": "fp|240855d92f037624dd552d82230eb60a56d76ec8e2b746072ca9ea859cf586dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/update_packages.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 133191, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ed968f7d6ebcfcb6bd078951abde80ca1ec0960cebed57be7c80c720df20d78", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|5ed968f7d6ebcfcb6bd078951abde80ca1ec0960cebed57be7c80c720df20d78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `dumpDelinquints` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=2, if=2, nested_bonus=2."}, "properties": {"repobilityId": 133145, "scanner": "repobility-threat-engine", "fingerprint": "73cfde5d854b38b24e7cb6202baa112af67c224440886b00a410cee84752e634", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "dumpDelinquints", "breakdown": {"if": 2, "for": 2, "continue": 2, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|73cfde5d854b38b24e7cb6202baa112af67c224440886b00a410cee84752e634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/find-old-packages.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `commit_scope` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=4, nested_bonus=4."}, "properties": {"repobilityId": 133143, "scanner": "repobility-threat-engine", "fingerprint": "a180f94420b34cc00c892bd1c6e92a683b478b966441d5b47dca4f0aeb35044e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "commit_scope", "breakdown": {"if": 4, "nested_bonus": 4}, "complexity": 8, "correlation_key": "fp|a180f94420b34cc00c892bd1c6e92a683b478b966441d5b47dca4f0aeb35044e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Hooks/prepare-commit-msg.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 133130, "scanner": "repobility-threat-engine", "fingerprint": "da78513e3089daca543968ec1d1421bc41ea1224ece59634df760f0290cb15c8", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strconv.Atoi(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|da78513e3089daca543968ec1d1421bc41ea1224ece59634df760f0290cb15c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/ypkg/cli/update.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 133183, "scanner": "repobility-threat-engine", "fingerprint": "344f89fc069abe95624c2d34e753fd1b7053850cd854e6163ddc16bb15c0eeed", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|344f89fc069abe95624c2d34e753fd1b7053850cd854e6163ddc16bb15c0eeed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/c/ca-certs/update.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 133182, "scanner": "repobility-threat-engine", "fingerprint": "bdc9d759bc27572d1875c1517c4874017948c9d4e1476bae4e961e5662f5f545", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdc9d759bc27572d1875c1517c4874017948c9d4e1476bae4e961e5662f5f545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 133181, "scanner": "repobility-threat-engine", "fingerprint": "48b74b15373067815054b99dc26dda51c668159d02bd97c7bb86fdb23015b43f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|48b74b15373067815054b99dc26dda51c668159d02bd97c7bb86fdb23015b43f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 133180, "scanner": "repobility-threat-engine", "fingerprint": "d861abcad3ffbfbb5b71180110c6f9b0b25fa75268d69e30c4a78109403a6197", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d861abcad3ffbfbb5b71180110c6f9b0b25fa75268d69e30c4a78109403a6197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 133178, "scanner": "repobility-threat-engine", "fingerprint": "9f7ae80628e4efddf7dffb63483fe29e4ca0a82618779e12c0b0fd9446af791e", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'timeout\\s*=' detected on same line", "evidence": {"match": "requests.get(", "reason": "Safe pattern 'timeout\\s*=' detected on same line", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|9f7ae80628e4efddf7dffb63483fe29e4ca0a82618779e12c0b0fd9446af791e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 133150, "scanner": "repobility-threat-engine", "fingerprint": "24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|24cb949de0b3987330b23bb4f90e26bdc816ebe1ec34ae36e009f771500d6e3d", "aggregated_count": 1}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 133149, "scanner": "repobility-threat-engine", "fingerprint": "58e7e64b84a6f07b7a8d149644749fe0121e799d64beae9862ac0e25a25ef7aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|58e7e64b84a6f07b7a8d149644749fe0121e799d64beae9862ac0e25a25ef7aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/n/nvidia-470-glx-driver/files/parse-supported-gpus.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 133148, "scanner": "repobility-threat-engine", "fingerprint": "4d0267ddd565249e45a1c55870055e7489707edf452d176bdd5cf688d472f834", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4d0267ddd565249e45a1c55870055e7489707edf452d176bdd5cf688d472f834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/dloader.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 133147, "scanner": "repobility-threat-engine", "fingerprint": "96a5227875e7b703c13f2592bc632ee51677656545b5ec59e9f4dde81dd030a6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96a5227875e7b703c13f2592bc632ee51677656545b5ec59e9f4dde81dd030a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/check_appstream_progress.py"}, "region": {"startLine": 168}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 19 more): Same pattern found in 19 additional files. Review if needed."}, "properties": {"repobilityId": 133146, "scanner": "repobility-threat-engine", "fingerprint": "4612b01ffcc78b6370f43ee2ac2e930ea8de620331b53fdc616f698a9ff00b3f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 19 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "commit_scope", "breakdown": {"if": 4, "nested_bonus": 4}, "aggregated": true, "complexity": 8, "correlation_key": "fp|4612b01ffcc78b6370f43ee2ac2e930ea8de620331b53fdc616f698a9ff00b3f", "aggregated_count": 19}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 133142, "scanner": "repobility-threat-engine", "fingerprint": "b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "aggregated_count": 2}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 133141, "scanner": "repobility-threat-engine", "fingerprint": "73c53c493d8480d6eb18b662969fce448490b2eaec36eca65949a508d8cfda1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73c53c493d8480d6eb18b662969fce448490b2eaec36eca65949a508d8cfda1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 133140, "scanner": "repobility-threat-engine", "fingerprint": "1153a6041aadf7b85962d4ba36dbeb2a9cf34e0ef8a02cb9257a5e1dc895a53d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1153a6041aadf7b85962d4ba36dbeb2a9cf34e0ef8a02cb9257a5e1dc895a53d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Legacy/Scripts/find-old-packages.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 133139, "scanner": "repobility-threat-engine", "fingerprint": "46c65250599b4362b2277c4730de5ebe2de2c6f0d9738a241994754c110a0bf5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46c65250599b4362b2277c4730de5ebe2de2c6f0d9738a241994754c110a0bf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Hooks/prepare-commit-msg.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 133135, "scanner": "repobility-threat-engine", "fingerprint": "1ab0966882172f716d1247842a9bdbf4a5236791b7b5d384b71091e522cd236d", "category": "path_traversal", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'abspath' detected on same line", "evidence": {"match": "os.path.join(sys.argv", "reason": "Safe pattern 'abspath' detected on same line", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|path_traversal|common/hooks/pre-commit.py|6|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Hooks/pre-commit.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 133134, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 133129, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 133128, "scanner": "repobility-threat-engine", "fingerprint": "2983245547f84e377a5ab427d75a7e1e19558fa579edf87753b3bb9c51aa8b5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2983245547f84e377a5ab427d75a7e1e19558fa579edf87753b3bb9c51aa8b5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/l/leiningen/files/project.clj"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 133127, "scanner": "repobility-threat-engine", "fingerprint": "10c19aba5273e929733246945a0656e76ab8ac346230d7894eb233360adbdfcc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10c19aba5273e929733246945a0656e76ab8ac346230d7894eb233360adbdfcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/ypkg/shared/sources.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 133126, "scanner": "repobility-threat-engine", "fingerprint": "6cbfb96c5eae70933581ca3c87ce1524fbc0159af7db86588bc039bf0e05213d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cbfb96c5eae70933581ca3c87ce1524fbc0159af7db86588bc039bf0e05213d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/switch_repo_domains.go"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 133125, "scanner": "repobility-threat-engine", "fingerprint": "ca015fd630cbc06f5431f510e06f67c3c161256fcc334bca8bfd7bbdc129c8e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca015fd630cbc06f5431f510e06f67c3c161256fcc334bca8bfd7bbdc129c8e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/ypkg/v2/yml.go"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 133124, "scanner": "repobility-threat-engine", "fingerprint": "8de4e81dcf12a9236e6e239ab7d40061214f29f1c6c58718deca1ad0f41c6491", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8de4e81dcf12a9236e6e239ab7d40061214f29f1c6c58718deca1ad0f41c6491"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/update_packages.go"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 133123, "scanner": "repobility-threat-engine", "fingerprint": "62bbc47fdfb2365320d30f02813f8ac106810acc95e1fd15c44314b415572571", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62bbc47fdfb2365320d30f02813f8ac106810acc95e1fd15c44314b415572571"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/deprecate_packages.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ludeeus/action-shellcheck` pinned to mutable ref `@master`: `uses: ludeeus/action-shellcheck@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133256, "scanner": "repobility-supply-chain", "fingerprint": "7e58712a2b5cd2a33e4d4e4a0e15cb31b07f3150bee652a26c211dd8d60e1796", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e58712a2b5cd2a33e4d4e4a0e15cb31b07f3150bee652a26c211dd8d60e1796"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133255, "scanner": "repobility-supply-chain", "fingerprint": "79955b5c9f8adef36311fba147ca3f16c68f5e93f86a382f9ad3c812fe937c18", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|79955b5c9f8adef36311fba147ca3f16c68f5e93f86a382f9ad3c812fe937c18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `jpetrucciani/mypy-check` pinned to mutable ref `@master`: `uses: jpetrucciani/mypy-check@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133254, "scanner": "repobility-supply-chain", "fingerprint": "ebc721d1285b1dfbdbcad06adb7e4188fca04ded9409faeb2a9c1b240ff3a171", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ebc721d1285b1dfbdbcad06adb7e4188fca04ded9409faeb2a9c1b240ff3a171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `py-actions/flake8` pinned to mutable ref `@v2`: `uses: py-actions/flake8@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133253, "scanner": "repobility-supply-chain", "fingerprint": "6e294bb985db3679e9ae3d05d247efff53ab0d435081f03d8b6118fed56c1895", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6e294bb985db3679e9ae3d05d247efff53ab0d435081f03d8b6118fed56c1895"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133252, "scanner": "repobility-supply-chain", "fingerprint": "94db647d575271460c3431382cbd8be5a3c73e7e2eea4bfe3e76caf5e019f577", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94db647d575271460c3431382cbd8be5a3c73e7e2eea4bfe3e76caf5e019f577"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133251, "scanner": "repobility-supply-chain", "fingerprint": "f7abb3c1185e4f1f91e989f5a62a058627f6241be45f5935a908822e607ef46a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f7abb3c1185e4f1f91e989f5a62a058627f6241be45f5935a908822e607ef46a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/script_lint.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 133250, "scanner": "repobility-supply-chain", "fingerprint": "6f18159777847b51d20772d5b0457b51202e94b70dff26995735b8e406d31b49", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6f18159777847b51d20772d5b0457b51202e94b70dff26995735b8e406d31b49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/package_lint.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title` used but never assigned in __init__: Method `_list_title` of class `GitHubPR` reads `self.title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133232, "scanner": "repobility-ast-engine", "fingerprint": "7abe6819cb134cb6319b7cf898b1c1d170cd1018cdfa78179b3b1695fadb7808", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7abe6819cb134cb6319b7cf898b1c1d170cd1018cdfa78179b3b1695fadb7808"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.package` used but never assigned in __init__: Method `_list_title` of class `GitHubPR` reads `self.package`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133231, "scanner": "repobility-ast-engine", "fingerprint": "d5feb81aba8850abe55c4c371b8b7158de3bceb1358551c253084fa8f855ed75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5feb81aba8850abe55c4c371b8b7158de3bceb1358551c253084fa8f855ed75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._list_title` used but never assigned in __init__: Method `to_tty` of class `GitHubPR` reads `self._list_title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133230, "scanner": "repobility-ast-engine", "fingerprint": "d37ebf0f6ca62e108461ee53d275de93e06fff0e680955942d54d57efa60cb1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d37ebf0f6ca62e108461ee53d275de93e06fff0e680955942d54d57efa60cb1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._prefix_summary` used but never assigned in __init__: Method `to_tty` of class `GitHubPR` reads `self._prefix_summary`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133229, "scanner": "repobility-ast-engine", "fingerprint": "c1d570abdd50c681004a95857806c200579ef6128d2c100f39f869d9e7fd2ffe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1d570abdd50c681004a95857806c200579ef6128d2c100f39f869d9e7fd2ffe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._url` used but never assigned in __init__: Method `to_tty` of class `GitHubPR` reads `self._url`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133228, "scanner": "repobility-ast-engine", "fingerprint": "b4657df84287151eaed4edad0cd0f5fdd8bc8eb9d3088cfaa8d90a4652c41510", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4657df84287151eaed4edad0cd0f5fdd8bc8eb9d3088cfaa8d90a4652c41510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._list_title` used but never assigned in __init__: Method `to_html` of class `GitHubPR` reads `self._list_title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133227, "scanner": "repobility-ast-engine", "fingerprint": "f7c212c93029baf78f9bb017580e7a2032721a9786d0e792478dca2356b5d389", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7c212c93029baf78f9bb017580e7a2032721a9786d0e792478dca2356b5d389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._html_summary` used but never assigned in __init__: Method `to_html` of class `GitHubPR` reads `self._html_summary`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133226, "scanner": "repobility-ast-engine", "fingerprint": "57108c4f13734acb30017eedd9c90bb6af00af0963e56c1c33ef845bcdf49a6f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57108c4f13734acb30017eedd9c90bb6af00af0963e56c1c33ef845bcdf49a6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._url` used but never assigned in __init__: Method `to_html` of class `GitHubPR` reads `self._url`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133225, "scanner": "repobility-ast-engine", "fingerprint": "620f9174b4631d38e24e4db882b5043196a8fe6b0973f8782c362c31adc1d84e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|620f9174b4631d38e24e4db882b5043196a8fe6b0973f8782c362c31adc1d84e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._prefix_summary` used but never assigned in __init__: Method `to_md` of class `GitHubPR` reads `self._prefix_summary`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133224, "scanner": "repobility-ast-engine", "fingerprint": "cf39d72851900de7be9f51552e33126d9e5a01530ff4ddeb7e299904149c5533", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf39d72851900de7be9f51552e33126d9e5a01530ff4ddeb7e299904149c5533"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._list_title` used but never assigned in __init__: Method `to_md` of class `GitHubPR` reads `self._list_title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133223, "scanner": "repobility-ast-engine", "fingerprint": "e7f42c128c4a80f122347e0a2c0eb739c730d9d3e9cc8b86713f731aade466c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7f42c128c4a80f122347e0a2c0eb739c730d9d3e9cc8b86713f731aade466c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._url` used but never assigned in __init__: Method `to_md` of class `GitHubPR` reads `self._url`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133222, "scanner": "repobility-ast-engine", "fingerprint": "fac805cfa772d779d33b930684388867b213bf597b49d69cbd230055cd266367", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fac805cfa772d779d33b930684388867b213bf597b49d69cbd230055cd266367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.labels` used but never assigned in __init__: Method `include_in_sync_notes` of class `GitHubPR` reads `self.labels`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133221, "scanner": "repobility-ast-engine", "fingerprint": "08a18ede893abae5454cb96ef2d6f7f504ea149b5efb98762a75282012f53ddf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|08a18ede893abae5454cb96ef2d6f7f504ea149b5efb98762a75282012f53ddf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.body` used but never assigned in __init__: Method `summary` of class `GitHubPR` reads `self.body`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133220, "scanner": "repobility-ast-engine", "fingerprint": "8356088219e7a44f9e6c033762c74ab7ec954efd51c3a56fa9f22f7d89f0e968", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8356088219e7a44f9e6c033762c74ab7ec954efd51c3a56fa9f22f7d89f0e968"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.body` used but never assigned in __init__: Method `summary` of class `GitHubPR` reads `self.body`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133219, "scanner": "repobility-ast-engine", "fingerprint": "3e6a5290c62f797fbc036d0872b4c3d2073d80b55fe3148b175ce6716ce227c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3e6a5290c62f797fbc036d0872b4c3d2073d80b55fe3148b175ce6716ce227c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 193}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.body` used but never assigned in __init__: Method `summary` of class `GitHubPR` reads `self.body`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133218, "scanner": "repobility-ast-engine", "fingerprint": "cb95145161bcc95a4870a6892cfd88159db4015bc3c12ce72ebfd230b42360a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb95145161bcc95a4870a6892cfd88159db4015bc3c12ce72ebfd230b42360a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.body` used but never assigned in __init__: Method `summary` of class `GitHubPR` reads `self.body`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133217, "scanner": "repobility-ast-engine", "fingerprint": "7ff38e7520e94e69f4a962a473986491124e55ac0560eadf12338d9567e3297d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ff38e7520e94e69f4a962a473986491124e55ac0560eadf12338d9567e3297d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title` used but never assigned in __init__: Method `package` of class `GitHubPR` reads `self.title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133216, "scanner": "repobility-ast-engine", "fingerprint": "99b2ed5694c0fb51886116c70bb7ecfabe671df7d6b8ae3253ef6e0152625949", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|99b2ed5694c0fb51886116c70bb7ecfabe671df7d6b8ae3253ef6e0152625949"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title` used but never assigned in __init__: Method `package` of class `GitHubPR` reads `self.title`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133215, "scanner": "repobility-ast-engine", "fingerprint": "a2a4ddb5cf4503e2af83512061a4f7e569264acb42b3813ea15bffdd7c954882", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a2a4ddb5cf4503e2af83512061a4f7e569264acb42b3813ea15bffdd7c954882"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.message` used but never assigned in __init__: Method `ghsas` of class `GitHubCommit` reads `self.message`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133214, "scanner": "repobility-ast-engine", "fingerprint": "d5d28df9d9f1865e42ae6d7d54079382b55e03dc73e24ba473959f4f967fc63c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5d28df9d9f1865e42ae6d7d54079382b55e03dc73e24ba473959f4f967fc63c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.message` used but never assigned in __init__: Method `cves` of class `GitHubCommit` reads `self.message`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133213, "scanner": "repobility-ast-engine", "fingerprint": "a241d64c9c18ca94770a6f81bd6a78af98e1a020a377e63b4ae261fbcedd36e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a241d64c9c18ca94770a6f81bd6a78af98e1a020a377e63b4ae261fbcedd36e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/worklog.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.extra_build_deps` used but never assigned in __init__: Method `examine_source` of class `AutoPackage` reads `self.extra_build_deps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133211, "scanner": "repobility-ast-engine", "fingerprint": "7338b56739710bfa448429f531b38ef4ef0a74dd36e7b260ea97d872abd574f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7338b56739710bfa448429f531b38ef4ef0a74dd36e7b260ea97d872abd574f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/yauto.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.extra_build_deps` used but never assigned in __init__: Method `examine_source` of class `AutoPackage` reads `self.extra_build_deps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133210, "scanner": "repobility-ast-engine", "fingerprint": "3ebdfd97464541733d5fedde15c76538023dcc71036a6b58bfdd3b4ea96cb4f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ebdfd97464541733d5fedde15c76538023dcc71036a6b58bfdd3b4ea96cb4f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/yauto.py"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_is_gnomey` used but never assigned in __init__: Method `examine_source` of class `AutoPackage` reads `self.check_is_gnomey`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133209, "scanner": "repobility-ast-engine", "fingerprint": "5b802a1d274d66edfbee0fa11af3e9601cec84cf9dc6ba74913c80fd6fa74e49", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5b802a1d274d66edfbee0fa11af3e9601cec84cf9dc6ba74913c80fd6fa74e49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/yauto.py"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.check_build_deps` used but never assigned in __init__: Method `examine_source` of class `AutoPackage` reads `self.check_build_deps`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133208, "scanner": "repobility-ast-engine", "fingerprint": "e8dab3e2c2fffce4673e7d94bd3d4e0b94f4de8f73a3494b3189c3e52491ebca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e8dab3e2c2fffce4673e7d94bd3d4e0b94f4de8f73a3494b3189c3e52491ebca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/yauto.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.name` used but never assigned in __init__: Method `to_yaml` of class `ReleaseMonitoring` reads `self.name`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 133202, "scanner": "repobility-ast-engine", "fingerprint": "2618d45ef3201d4ec78ea500eb510a0359678838000c1c7e457c26895a19576e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2618d45ef3201d4ec78ea500eb510a0359678838000c1c7e457c26895a19576e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 133187, "scanner": "repobility-threat-engine", "fingerprint": "b5bbe2bfa98cc9097338dcad8ee3c02f8ba6d9b706629de7c63bfb8ab2b23788", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5bbe2bfa98cc9097338dcad8ee3c02f8ba6d9b706629de7c63bfb8ab2b23788"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/packageHandler.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 133186, "scanner": "repobility-threat-engine", "fingerprint": "b5d2fa0eee206d9c091b93ac5b0bf6b0fafb662983747d8fa91835f0ca8319c3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5d2fa0eee206d9c091b93ac5b0bf6b0fafb662983747d8fa91835f0ca8319c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/package.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 133185, "scanner": "repobility-threat-engine", "fingerprint": "e6dd8e9e7014ce5e5e1ca767e25841edd78efa3fb2cbe4e6c8cb1ccfdd8e0954", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6dd8e9e7014ce5e5e1ca767e25841edd78efa3fb2cbe4e6c8cb1ccfdd8e0954"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 133179, "scanner": "repobility-threat-engine", "fingerprint": "4af1b8949c872a9cbaf7bc918750a9a764e83d0d0877248e5386ff9b0aa99ef9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4af1b8949c872a9cbaf7bc918750a9a764e83d0d0877248e5386ff9b0aa99ef9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/c/ca-certs/update.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 133177, "scanner": "repobility-threat-engine", "fingerprint": "9d82a8681751ab09c59b926fcdc05ed9f3935643a80347a1c3433794c3cc7786", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9d82a8681751ab09c59b926fcdc05ed9f3935643a80347a1c3433794c3cc7786"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 133176, "scanner": "repobility-threat-engine", "fingerprint": "45588a2e8058b8fb78cbbb9f2ea9c34a98a9e8344e26f598b8d1629fbe78a008", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45588a2e8058b8fb78cbbb9f2ea9c34a98a9e8344e26f598b8d1629fbe78a008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 133175, "scanner": "repobility-threat-engine", "fingerprint": "23f61c03a7a3f1b1b49a96770c9a8d9e4441389794b03bcefbf46cc7dd3c0b61", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23f61c03a7a3f1b1b49a96770c9a8d9e4441389794b03bcefbf46cc7dd3c0b61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED040", "level": "error", "message": {"text": "[MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize arbitrary classes."}, "properties": {"repobilityId": 133174, "scanner": "repobility-threat-engine", "fingerprint": "eb6c8836a682a557cdf9a188e8d17afb37745074f6ff54f7bc869bdbd7a5b038", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-yaml-load-unsafe", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347991+00:00", "triaged_in_corpus": 15, "observations_count": 1487, "ai_coder_pattern_id": 120}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eb6c8836a682a557cdf9a188e8d17afb37745074f6ff54f7bc869bdbd7a5b038"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/get-py-deps.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 133161, "scanner": "repobility-threat-engine", "fingerprint": "7507de5dbf5eef994a2c69abb0ee90b1c0b414902e26c05d3878952e16123380", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7507de5dbf5eef994a2c69abb0ee90b1c0b414902e26c05d3878952e16123380"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/find_deps.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 133160, "scanner": "repobility-threat-engine", "fingerprint": "cff853462023cb7747fa574f00b07c4fd958d490c8308aa28d35f14d7d97864d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sha256_hash.update(byte_block)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cff853462023cb7747fa574f00b07c4fd958d490c8308aa28d35f14d7d97864d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 133159, "scanner": "repobility-threat-engine", "fingerprint": "d431ba74006bbcccfe6530efdde176163e5107c0760d8884a8cfe5546a8eb466", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "valid_libs.update([\"/usr/lib32\", \"/lib32\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d431ba74006bbcccfe6530efdde176163e5107c0760d8884a8cfe5546a8eb466"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/find_deps.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 133158, "scanner": "repobility-threat-engine", "fingerprint": "e6402f6b9f3088506294cec1dfb463e3ae63458c7b23e2a0a5d3b4f0c8588378", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e6402f6b9f3088506294cec1dfb463e3ae63458c7b23e2a0a5d3b4f0c8588378"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/packageHandler.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 133157, "scanner": "repobility-threat-engine", "fingerprint": "4f2275bd5c09ff67b45cbd64da1040c0aac0a32e48006ca8b969389627df1d83", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4f2275bd5c09ff67b45cbd64da1040c0aac0a32e48006ca8b969389627df1d83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/k/kernel-glue/comar/package.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED036", "level": "error", "message": {"text": "[MINED036] Python Os System Call: os.system() invokes shell with no escaping."}, "properties": {"repobilityId": 133156, "scanner": "repobility-threat-engine", "fingerprint": "f8d3dce913dfc97571c840b7b0a7cbbdec638d35005ca6a89558cde29b38813c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-os-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347982+00:00", "triaged_in_corpus": 15, "observations_count": 2221, "ai_coder_pattern_id": 117}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f8d3dce913dfc97571c840b7b0a7cbbdec638d35005ca6a89558cde29b38813c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC004", "level": "error", "message": {"text": "[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection."}, "properties": {"repobilityId": 133153, "scanner": "repobility-threat-engine", "fingerprint": "0f9eafb6a21d857a8a8ccc27a6c88a66e2a5d09b39c23268a35022df71acc624", "category": "injection", "severity": "high", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "evidence": {"match": "text = f\"Update", "reason": "SQL string interpolation found, but user-controlled taint was not proven from local context.", "rule_id": "SEC004", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|common/scripts/ep-update.py|122|sec004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 133152, "scanner": "repobility-threat-engine", "fingerprint": "439bf0a935c556ce350a61b9bc7dc2cb3f1be94efa8eee909084a40bdb703b19", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|439bf0a935c556ce350a61b9bc7dc2cb3f1be94efa8eee909084a40bdb703b19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/ep-update.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 133151, "scanner": "repobility-threat-engine", "fingerprint": "f2e193876ba503d83b9550703eeb153aab67c77b777c3da766a5f7698956aa04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f2e193876ba503d83b9550703eeb153aab67c77b777c3da766a5f7698956aa04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/dloader.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 133138, "scanner": "repobility-threat-engine", "fingerprint": "c69070ceb8af62f1c0b88278e03888bf4043426c4fd649f780f7f71175b42f7f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c69070ceb8af62f1c0b88278e03888bf4043426c4fd649f780f7f71175b42f7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/check_appstream_progress.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 133137, "scanner": "repobility-threat-engine", "fingerprint": "e40430c994a5371c3786ea4412e6d95e3908d6dcd77abb64acc8b82963827ba0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e40430c994a5371c3786ea4412e6d95e3908d6dcd77abb64acc8b82963827ba0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Hooks/pre-commit.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 133136, "scanner": "repobility-threat-engine", "fingerprint": "6a2e2c142e35145e5ee11b3812723bed08cb7cc2aa3cebc359a59fdc3bc139bd", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(qtwebengine_url) as qtwebengine_request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|34|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/q/qt6-webengine/update-chromium.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133133, "scanner": "repobility-threat-engine", "fingerprint": "c9166dbafba2245c759a44c0eec15d98b15ba74daa946d8851c21ab360808680", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(base_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9166dbafba2245c759a44c0eec15d98b15ba74daa946d8851c21ab360808680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/release_monitoring.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133132, "scanner": "repobility-threat-engine", "fingerprint": "f769c93ae3cd8c34674075c2170b83be6a18e6d4be1e2d213efe28d4e202b046", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f769c93ae3cd8c34674075c2170b83be6a18e6d4be1e2d213efe28d4e202b046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/dloader.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 133131, "scanner": "repobility-threat-engine", "fingerprint": "7e36ffc95ee54c08d6653f033828abf4cf0b717207d9eb18f03395f02a628ae4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.Get(U", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e36ffc95ee54c08d6653f033828abf4cf0b717207d9eb18f03395f02a628ae4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Go/ypkg/shared/sources.go"}, "region": {"startLine": 38}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 133122, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)` but never imports `xml`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 133235, "scanner": "repobility-ast-engine", "fingerprint": "457d382493b97fc76dfc2df97f8d48a6eab824a0fc84b6c294a4fe435e875469", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|457d382493b97fc76dfc2df97f8d48a6eab824a0fc84b6c294a4fe435e875469"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/CI/package_checks.py"}, "region": {"startLine": 742}}}]}, {"ruleId": "MINED015", "level": "error", "message": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "properties": {"repobilityId": 133184, "scanner": "repobility-threat-engine", "fingerprint": "21ca055e7c2bfff057258371af7497591a0cade9b5f7cf7d3c36e431d915a9df", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "correlation_key": "fp|21ca055e7c2bfff057258371af7497591a0cade9b5f7cf7d3c36e431d915a9df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/perl/get_unique_updates/get_unique_updates.pl"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 133173, "scanner": "repobility-threat-engine", "fingerprint": "124e96ac71ab1d6fe3bb9c283f2095cfb9988eed1401a08eddadac86fccd9e7a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|124e96ac71ab1d6fe3bb9c283f2095cfb9988eed1401a08eddadac86fccd9e7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 133172, "scanner": "repobility-threat-engine", "fingerprint": "c27702430c524b684bc0cf754081522de2e4bf74351cb35f4d241f56c9db6f14", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c27702430c524b684bc0cf754081522de2e4bf74351cb35f4d241f56c9db6f14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 133171, "scanner": "repobility-threat-engine", "fingerprint": "ba81db719668a6c3ad7f27721028e053059fa2621c8d9f39c53da139ec8e3d36", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ba81db719668a6c3ad7f27721028e053059fa2621c8d9f39c53da139ec8e3d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/get-py-deps.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 133170, "scanner": "repobility-threat-engine", "fingerprint": "1d5362dd61400cd4b8972e770e73192575480fd379cc8ddc3895010bd86eaf70", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|56|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 133169, "scanner": "repobility-threat-engine", "fingerprint": "97accc709ad8913ace701a6410f6f1cb748ce9f68145ff86fec6c4f28884d7b9", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|common/scripts/gettag.py|24|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 133168, "scanner": "repobility-threat-engine", "fingerprint": "4c4b55910ff2e7ad2cd3b0ea366287a78d56f05fb32fcae6eec88279df5e3629", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|60|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/get-py-deps.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 133167, "scanner": "repobility-threat-engine", "fingerprint": "4ab26885185dce7cb0f2ef4cd79d612f5757aa9a2be289c6b6a29b841834a2cf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(f)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4ab26885185dce7cb0f2ef4cd79d612f5757aa9a2be289c6b6a29b841834a2cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/a/appstream-catalog/update-appstream-sources.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 133166, "scanner": "repobility-threat-engine", "fingerprint": "8b89cc89b2a943f0d88bbb2c599257212e55252ac2a072354279ddadc0ce9697", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(f)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b89cc89b2a943f0d88bbb2c599257212e55252ac2a072354279ddadc0ce9697"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/gettag.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 133165, "scanner": "repobility-threat-engine", "fingerprint": "5643c4006152c31b8d1e9349fb00ffeaa5c1d8b900ed6d22bb540e0c410b6b6f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(file)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5643c4006152c31b8d1e9349fb00ffeaa5c1d8b900ed6d22bb540e0c410b6b6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "common/Scripts/get-py-deps.py"}, "region": {"startLine": 60}}}]}]}]}