{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR003", "name": "Dockerfile base image uses the latest tag", "shortDescription": {"text": "Dockerfile base image uses the latest tag"}, "fullDescription": {"text": "The latest tag is mutable and can change without a code review, producing different images from the same source."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.94, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Splitting apt update and install across layers can reuse stale package indexes and make builds less reliable."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image has no explicit tag", "shortDescription": {"text": "Dockerfile base image has no explicit tag"}, "fullDescription": {"text": "Images without explicit tags resolve to a mutable default tag, which weakens reproducibility and review."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC011", "name": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted", "shortDescription": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "fullDescription": {"text": "Use torch.load(..., weights_only=True) or use safetensors format."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `train_baseline` has cognitive complexity 9 (SonarSource scale). Cognitive", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `train_baseline` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Installing recommended packages often pulls in unnecessary runtime surface area."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Pip's package cache increases image size and can preserve unnecessary artifacts."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED020", "name": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / s", "shortDescription": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED030", "name": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.", "shortDescription": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC081", "name": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary co", "shortDescription": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "fullDescription": {"text": "Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/520"}, "properties": {"repository": "huggingface/accelerate", "repoUrl": "https://github.com/huggingface/accelerate.git", "branch": "main"}, "results": [{"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 30716, "scanner": "repobility-threat-engine", "fingerprint": "0d69f581578e728f482d8a9035529c5b46a7e518375dd1565898d9fdf2f7a4db", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def selected(self, value):\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d69f581578e728f482d8a9035529c5b46a7e518375dd1565898d9fdf2f7a4db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/dataclasses.py"}, "region": {"startLine": 1565}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 30486, "scanner": "repobility-docker", "fingerprint": "029860cdc01879248a36de1279c13f8bf7db155ae6e2b6ed821fe605142835ff", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nvidia/cuda:12.6.3-cudnn-devel-ubuntu22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|029860cdc01879248a36de1279c13f8bf7db155ae6e2b6ed821fe605142835ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu-deepspeed/Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 30483, "scanner": "repobility-docker", "fingerprint": "0da5734db46990000f21f19c05b0ef2c75dd4b5b9db317b3c3026d5d44ad2cb9", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "continuumio/miniconda3:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0da5734db46990000f21f19c05b0ef2c75dd4b5b9db317b3c3026d5d44ad2cb9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu-deepspeed/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 30482, "scanner": "repobility-docker", "fingerprint": "a8e89ea5e1360eeb996099041a70a2c6bfd2cd9224c92daa63f84bf31ed4be8e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nvidia/cuda:12.6.3-cudnn-devel-ubuntu22.04", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a8e89ea5e1360eeb996099041a70a2c6bfd2cd9224c92daa63f84bf31ed4be8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu/Dockerfile"}, "region": {"startLine": 32}}}]}, {"ruleId": "DKR003", "level": "warning", "message": {"text": "Dockerfile base image uses the latest tag"}, "properties": {"repobilityId": 30479, "scanner": "repobility-docker", "fingerprint": "a881565439de886d56026cd0f9209c7ddabbc11d419811e47f001fad377b1898", "category": "docker", "severity": "medium", "confidence": 0.94, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image tag is latest.", "evidence": {"image": "continuumio/miniconda3:latest", "rule_id": "DKR003", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|a881565439de886d56026cd0f9209c7ddabbc11d419811e47f001fad377b1898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 30478, "scanner": "repobility-docker", "fingerprint": "9096711a10a9f9814bd910fadb2094815444b1513b5bdb8e2e7ff003d18ed83a", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|9096711a10a9f9814bd910fadb2094815444b1513b5bdb8e2e7ff003d18ed83a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-cpu/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 30477, "scanner": "repobility-docker", "fingerprint": "ba5707010a9256b52c9d63f922fdb3b11e8d69e36e5eb9906c4ed2de80474c2f", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nvcr.io/nvidia/pytorch:${BASE_YEAR}.${BASE_MONTH}-py3", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|ba5707010a9256b52c9d63f922fdb3b11e8d69e36e5eb9906c4ed2de80474c2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/transformer_engine/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 30473, "scanner": "repobility-docker", "fingerprint": "4b4d8d405e74131a6ae739c8fc07d01974fde47a32f3fa8626aa3fd3bd7354d5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nvcr.io/nvidia/pytorch:24.07-py3", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|4b4d8d405e74131a6ae739c8fc07d01974fde47a32f3fa8626aa3fd3bd7354d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/torchao/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 30470, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 30469, "scanner": "repobility-docker", "fingerprint": "0b094ae03767c3304947b8b6b4124e4f6dcbba109fce4b3f2d7f5adbb11b52fe", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ghcr.io/azure/msamp", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0b094ae03767c3304947b8b6b4124e4f6dcbba109fce4b3f2d7f5adbb11b52fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 30466, "scanner": "repobility-docker", "fingerprint": "675f6f0500ac70ef9b824aee3f2f39881854023286dbad0dc0d7b600b1aac42b", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "ghcr.io/azure/msamp", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|675f6f0500ac70ef9b824aee3f2f39881854023286dbad0dc0d7b600b1aac42b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 30464, "scanner": "repobility-threat-engine", "fingerprint": "d460eb0835166c50213298ddce80c08340eb8b52b65a5665e76cf77ae49f48a0", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|484|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/operations.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 30462, "scanner": "repobility-threat-engine", "fingerprint": "9933be8d74f9790a51399a391d26fb7be9d18e41812d65e6f974e9be4f340e91", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9933be8d74f9790a51399a391d26fb7be9d18e41812d65e6f974e9be4f340e91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/environment.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 30461, "scanner": "repobility-threat-engine", "fingerprint": "f3c1e02cfa79b0565eb8b798d65af008d7fdf9f1b6683b947c30c7fbac3838a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug=True", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f3c1e02cfa79b0565eb8b798d65af008d7fdf9f1b6683b947c30c7fbac3838a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/launchers.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 30451, "scanner": "repobility-threat-engine", "fingerprint": "92b2c60fa88b46c1b0c3d4540c9dbf22dcc0ea5c3dd91dfa46ffb3f112e48270", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|436|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/other.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "SEC011", "level": "warning", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 30450, "scanner": "repobility-threat-engine", "fingerprint": "c537ce90b2ff3e778d9e800a5eb22cf17234cba3b5cef653eb23d29e0eba5ddd", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "torch.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|3823|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3823}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 30448, "scanner": "repobility-threat-engine", "fingerprint": "322cc7d78f47b278aacd0be0ee6c93d05042805a9a07fa63b191ad2f39a0b004", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"Loading states from {input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|322cc7d78f47b278aacd0be0ee6c93d05042805a9a07fa63b191ad2f39a0b004"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3796}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 30447, "scanner": "repobility-threat-engine", "fingerprint": "fa6a59efe5dab946201e22432bdb03ece32cbc5c78f7bb728a81d7840ffb50ff", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.warning(\n                f\"The block_size passed ({args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fa6a59efe5dab946201e22432bdb03ece32cbc5c78f7bb728a81d7840ffb50ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/megatron_lm_gpt_pretraining.py"}, "region": {"startLine": 425}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 30446, "scanner": "repobility-threat-engine", "fingerprint": "0b4cbc246a27da7b93a177df3529c2b07584ef3d127951b162c14a3ed9674a98", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.warning(\n                f\"The block_size passed ({args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b4cbc246a27da7b93a177df3529c2b07584ef3d127951b162c14a3ed9674a98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/deepspeed_with_config_support.py"}, "region": {"startLine": 437}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30443, "scanner": "repobility-threat-engine", "fingerprint": "1d565933ef057e614c3fc8fa309146d4947030a44a8375711e796fc5c540b3c2", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|1003|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/megatron_lm.py"}, "region": {"startLine": 1003}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30442, "scanner": "repobility-threat-engine", "fingerprint": "31102ac783c6325e57d4a1c9dd1d7b61fc1f89f16ab220178aaa56228a63c344", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/accelerate/optimizer.py|138|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/optimizer.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `train_baseline` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=2, nested_bonus=4."}, "properties": {"repobilityId": 30682, "scanner": "repobility-threat-engine", "fingerprint": "330f7252930324267239ea697f79e49632779320648f2d29ee17b0cf64d0a7ac", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "train_baseline", "breakdown": {"if": 2, "for": 3, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|330f7252930324267239ea697f79e49632779320648f2d29ee17b0cf64d0a7ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/torchao/distrib_deepspeed.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=2, nested_bonus=1, ternary=2."}, "properties": {"repobilityId": 30681, "scanner": "repobility-threat-engine", "fingerprint": "3493aa43f05b236d450de9286f5229ac6c30881a0176a2130c00223b91b1d3f4", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 2, "for": 2, "else": 1, "ternary": 2, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|3493aa43f05b236d450de9286f5229ac6c30881a0176a2130c00223b91b1d3f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/big_model_inference/big_model_inference.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_args` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=7, nested_bonus=3, recursion=1."}, "properties": {"repobilityId": 30680, "scanner": "repobility-threat-engine", "fingerprint": "119c1222f24a12c0c45d49adb2c5c5c6d2f5e984bf681159fb4a0b2bc8f36c61", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 11 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_args", "breakdown": {"if": 7, "recursion": 1, "nested_bonus": 3}, "complexity": 11, "correlation_key": "fp|119c1222f24a12c0c45d49adb2c5c5c6d2f5e984bf681159fb4a0b2bc8f36c61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/big_model_inference/big_model_inference.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 30485, "scanner": "repobility-docker", "fingerprint": "77eddaff2b19972bf13ad191de66b34172526af1da0a44412eed68df4a8f4081", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|77eddaff2b19972bf13ad191de66b34172526af1da0a44412eed68df4a8f4081"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu-deepspeed/Dockerfile"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 30484, "scanner": "repobility-docker", "fingerprint": "0bb9ac2da460853a80e5a729cf957f1da3be15fd90c8e7681527caed41a96df9", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0bb9ac2da460853a80e5a729cf957f1da3be15fd90c8e7681527caed41a96df9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu-deepspeed/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 30481, "scanner": "repobility-docker", "fingerprint": "e392b5cc81bf1e64c155321521f64692dcb65b11027cbd5a81b4872da7552aad", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e392b5cc81bf1e64c155321521f64692dcb65b11027cbd5a81b4872da7552aad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu/Dockerfile"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 30480, "scanner": "repobility-docker", "fingerprint": "349e14a6f712a2d63067467c57ce1dc93a9acccaf738b6930ba16fa66d7ec02a", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|349e14a6f712a2d63067467c57ce1dc93a9acccaf738b6930ba16fa66d7ec02a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/accelerate-gpu/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30476, "scanner": "repobility-docker", "fingerprint": "5f7f4b4eb8b77f4d97076e8fa2dfeb88b4e160f34fc57e213dcb41c850c5edbf", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5f7f4b4eb8b77f4d97076e8fa2dfeb88b4e160f34fc57e213dcb41c850c5edbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/transformer_engine/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30475, "scanner": "repobility-docker", "fingerprint": "5232dc9f6c17fd5124b384f72642fd41867fad2236f353a2e7f3b07ced413958", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5232dc9f6c17fd5124b384f72642fd41867fad2236f353a2e7f3b07ced413958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/transformer_engine/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30472, "scanner": "repobility-docker", "fingerprint": "74837756be5e8061d9e6ff2a0c76dea2aede3f3a9c7ede09e7142fe879cf3fe1", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|74837756be5e8061d9e6ff2a0c76dea2aede3f3a9c7ede09e7142fe879cf3fe1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/torchao/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30471, "scanner": "repobility-docker", "fingerprint": "77bda041c837a873a21369b6b95befd166566ea173cdb7b201a7ddc93dc013b3", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|77bda041c837a873a21369b6b95befd166566ea173cdb7b201a7ddc93dc013b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/torchao/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30468, "scanner": "repobility-docker", "fingerprint": "af201542899376a040aeb88fbb0a1473d791a23e1214d12f1938bd315e766d9d", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|af201542899376a040aeb88fbb0a1473d791a23e1214d12f1938bd315e766d9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/Dockerfile"}, "region": {"startLine": 6}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 30467, "scanner": "repobility-docker", "fingerprint": "c0ffe11e7d5b1a866f5c5c492ffa8d56e3710908841134df20f871d5c1404e4e", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c0ffe11e7d5b1a866f5c5c492ffa8d56e3710908841134df20f871d5c1404e4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/Dockerfile"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "34b760078ffe33f5326ccb19e2c5945d6f1a4f6e1d886f92774c089e7737fb49", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/accelerate/commands/config/cluster.py", "duplicate_line": 139, "correlation_key": "fp|34b760078ffe33f5326ccb19e2c5945d6f1a4f6e1d886f92774c089e7737fb49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/config/sagemaker.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38f4877b8cb3f9de01b1be7d9656d90218325a83bd8fac29daac1d401bc25015", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_5.py", "duplicate_line": 140, "correlation_key": "fp|38f4877b8cb3f9de01b1be7d9656d90218325a83bd8fac29daac1d401bc25015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_7.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "551393af5bb416ae993bfda16c898ed2ed282ff69b6429c753d474f414b23cbf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_2.py", "duplicate_line": 16, "correlation_key": "fp|551393af5bb416ae993bfda16c898ed2ed282ff69b6429c753d474f414b23cbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_7.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc3eb0d4d30daa32b5c01e5bf120f1ee28bb14d04d3086f2be386cf920eaec21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_2.py", "duplicate_line": 16, "correlation_key": "fp|bc3eb0d4d30daa32b5c01e5bf120f1ee28bb14d04d3086f2be386cf920eaec21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_6.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a481c1c94a8b18b7760e5d6b102653130978748265fb038901ec75c141af7c6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_5.py", "duplicate_line": 3, "correlation_key": "fp|a481c1c94a8b18b7760e5d6b102653130978748265fb038901ec75c141af7c6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_6.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18d385ad3ceab99e2194f60cb60858f4b03f3ca310acb47be9d17a6ce50c7db9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_2.py", "duplicate_line": 16, "correlation_key": "fp|18d385ad3ceab99e2194f60cb60858f4b03f3ca310acb47be9d17a6ce50c7db9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_5.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e414a130e8620b6350831e0c3afcf3fe22961dbade65e76a4aa09a4bba4995bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/dataloaders/stage_0.py", "duplicate_line": 3, "correlation_key": "fp|e414a130e8620b6350831e0c3afcf3fe22961dbade65e76a4aa09a4bba4995bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/dataloaders/stage_1.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a846d7d753acf964598e8fc9df668b4762d1c05370cdf322d2a86f3ec31d714", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_3.py", "duplicate_line": 17, "correlation_key": "fp|5a846d7d753acf964598e8fc9df668b4762d1c05370cdf322d2a86f3ec31d714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_5.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7c0dcbe1078f7a24bd2441a1b2b088c606b80bc35c9700d9615f1db32a1ff8d4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_2.py", "duplicate_line": 6, "correlation_key": "fp|7c0dcbe1078f7a24bd2441a1b2b088c606b80bc35c9700d9615f1db32a1ff8d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_5.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ccba6ea64d1347caabe3046524350a47c40aa61e23fc6d006c9343ea7e21c65", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_4.py", "duplicate_line": 3, "correlation_key": "fp|2ccba6ea64d1347caabe3046524350a47c40aa61e23fc6d006c9343ea7e21c65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_5.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "461fd0ce36143e608592bd591415653357aee9b651565ae951b1f500965e8100", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_3.py", "duplicate_line": 29, "correlation_key": "fp|461fd0ce36143e608592bd591415653357aee9b651565ae951b1f500965e8100"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_4.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4cd4f438a4318dbc8819fe28e2825a2e7753f0e75a86ec5d01eb2901707a1298", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_2.py", "duplicate_line": 6, "correlation_key": "fp|4cd4f438a4318dbc8819fe28e2825a2e7753f0e75a86ec5d01eb2901707a1298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_4.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5a731657b00e9a78c9d9001b4717d9de217b864318cd7d71bb04c20d7f88e6c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_2.py", "duplicate_line": 5, "correlation_key": "fp|e5a731657b00e9a78c9d9001b4717d9de217b864318cd7d71bb04c20d7f88e6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_3.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 30424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e8ca32057fa96c2bf09d92f90475bce74fdbe6948e2a4e207f8295e167d8874", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "manim_animations/big_model_inference/stage_1.py", "duplicate_line": 3, "correlation_key": "fp|2e8ca32057fa96c2bf09d92f90475bce74fdbe6948e2a4e207f8295e167d8874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manim_animations/big_model_inference/stage_2.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 30717, "scanner": "repobility-threat-engine", "fingerprint": "5e161d444ef67faa67c7bb7a509604e770f77c19b9acacee24a2bc0296d5da90", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e161d444ef67faa67c7bb7a509604e770f77c19b9acacee24a2bc0296d5da90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/deepspeed.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 30715, "scanner": "repobility-threat-engine", "fingerprint": "cb57739b70fee99de1ef35a2cc365691f4e13067957f2f749cb363c38a69c60a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cb57739b70fee99de1ef35a2cc365691f4e13067957f2f749cb363c38a69c60a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/operations.py"}, "region": {"startLine": 739}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 30714, "scanner": "repobility-threat-engine", "fingerprint": "c4071506c0149adb07e7301be65056b06c944bbc6b2233dfcdc90b4a146fea50", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c4071506c0149adb07e7301be65056b06c944bbc6b2233dfcdc90b4a146fea50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/test_utils/testing.py"}, "region": {"startLine": 822}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30713, "scanner": "repobility-threat-engine", "fingerprint": "fd31529210e5c0e2c0120deea12f1ccdeee20a320ae7a81b23aa8b76b22ea27b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd31529210e5c0e2c0120deea12f1ccdeee20a320ae7a81b23aa8b76b22ea27b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/environment.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30712, "scanner": "repobility-threat-engine", "fingerprint": "3e8157838db9b038d12ff209741958d20b3f8544d684d87ccad5ceeb1403c501", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e8157838db9b038d12ff209741958d20b3f8544d684d87ccad5ceeb1403c501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/dataclasses.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 30711, "scanner": "repobility-threat-engine", "fingerprint": "66526db9ba4f42fd0e56eda95ca805ab6046dbd58b7b7453e631b23af35c9d45", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66526db9ba4f42fd0e56eda95ca805ab6046dbd58b7b7453e631b23af35c9d45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/parallelism_config.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 30710, "scanner": "repobility-threat-engine", "fingerprint": "330560d0473abb8bdaffe2c9d1daee39cc2c5e8862e4c6e7e115d43239301721", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|330560d0473abb8bdaffe2c9d1daee39cc2c5e8862e4c6e7e115d43239301721"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/launchers.py"}, "region": {"startLine": 308}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 30709, "scanner": "repobility-threat-engine", "fingerprint": "ad9455255e86cc86499c59455d4f01e5ad495dd7d60d538e7e75d4948a0bba9d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad9455255e86cc86499c59455d4f01e5ad495dd7d60d538e7e75d4948a0bba9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/modeling.py"}, "region": {"startLine": 690}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 30708, "scanner": "repobility-threat-engine", "fingerprint": "1d80eac5bbe444537199ffdc2491ad5e07bbd58e6373333d46bb6168f70f40ca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d80eac5bbe444537199ffdc2491ad5e07bbd58e6373333d46bb6168f70f40ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/menu/selection_menu.py"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 30707, "scanner": "repobility-threat-engine", "fingerprint": "e28bd57f234df1b97e4404ef4446c3ef7e5d140e51aabc00ec02369e6f01b67d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e28bd57f234df1b97e4404ef4446c3ef7e5d140e51aabc00ec02369e6f01b67d", "aggregated_count": 3}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 30703, "scanner": "repobility-threat-engine", "fingerprint": "1ef1db074e52ca94f41f67b241313b8e867edb2b5790e79d170fb00de924dd16", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1ef1db074e52ca94f41f67b241313b8e867edb2b5790e79d170fb00de924dd16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/menu/selection_menu.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 30702, "scanner": "repobility-threat-engine", "fingerprint": "d30e7c4e5dbca7a41fecd8072a65135b0d58e17105af7172becfe542b3ce0167", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d30e7c4e5dbca7a41fecd8072a65135b0d58e17105af7172becfe542b3ce0167"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/config/config_utils.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 30701, "scanner": "repobility-threat-engine", "fingerprint": "c5117fc06cbea93e53426ecb77c583a68f554cadf498e9ce4c1ce59a6f7a5a31", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c5117fc06cbea93e53426ecb77c583a68f554cadf498e9ce4c1ce59a6f7a5a31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3074}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 30697, "scanner": "repobility-threat-engine", "fingerprint": "ed8db4a7e87d758093f842f3a35607da2271bec5bb41ef3546636776388b50de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ed8db4a7e87d758093f842f3a35607da2271bec5bb41ef3546636776388b50de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "setup.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 30695, "scanner": "repobility-threat-engine", "fingerprint": "41b36a860ca554f7e87e298a2a560a53a3a1508b8b92382f7079585bc8589dbf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41b36a860ca554f7e87e298a2a560a53a3a1508b8b92382f7079585bc8589dbf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/inference/distributed/florence2.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 30694, "scanner": "repobility-threat-engine", "fingerprint": "c15875ea518c56641d9aedcadf6cbfaa6f30ee89ffce3421e20d1d4c53acca7f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c15875ea518c56641d9aedcadf6cbfaa6f30ee89ffce3421e20d1d4c53acca7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/inference/distributed/distributed_speech_generation.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 30693, "scanner": "repobility-threat-engine", "fingerprint": "7c49765a04b17348a82105d4c968edce645432e304f8e6abf141a40cfdc0dec0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7c49765a04b17348a82105d4c968edce645432e304f8e6abf141a40cfdc0dec0", "aggregated_count": 17}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30692, "scanner": "repobility-threat-engine", "fingerprint": "2397f9ac9ed12d67c698710bae893f9ef32ee8073dc033c79c0a269ed92afc77", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2397f9ac9ed12d67c698710bae893f9ef32ee8073dc033c79c0a269ed92afc77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/gradient_accumulation_for_autoregressive_models.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30691, "scanner": "repobility-threat-engine", "fingerprint": "114e994631ab82869dc3889c79bdd376290d4c43e2239d5fd5aa47ffe1a6a603", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|114e994631ab82869dc3889c79bdd376290d4c43e2239d5fd5aa47ffe1a6a603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/gradient_accumulation.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 30690, "scanner": "repobility-threat-engine", "fingerprint": "66ea12743af2066b36b47084907896c124d428c7e7d383e0d62b25b3f79c19a3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|66ea12743af2066b36b47084907896c124d428c7e7d383e0d62b25b3f79c19a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/fsdp_with_peak_mem_tracking.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 30687, "scanner": "repobility-threat-engine", "fingerprint": "9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|9a4dded8559d76bfe00bc64cc7f3b84ea0bd9b1742965a6b760ddbb7eebe1048"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 119 more): Same pattern found in 119 additional files. Review if needed."}, "properties": {"repobilityId": 30683, "scanner": "repobility-threat-engine", "fingerprint": "42532674bba0def110f0d75e67c92a8217422f098356b9c0778d892fd08ee59e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 119 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_args", "breakdown": {"if": 7, "recursion": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 11, "correlation_key": "fp|42532674bba0def110f0d75e67c92a8217422f098356b9c0778d892fd08ee59e", "aggregated_count": 119}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30679, "scanner": "repobility-threat-engine", "fingerprint": "3843ffee0cff409af5ff8d86348b6edf8c7c2dc6f78b8838ac13041bcdec2ba8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3843ffee0cff409af5ff8d86348b6edf8c7c2dc6f78b8838ac13041bcdec2ba8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/config/sagemaker.py"}, "region": {"startLine": 108}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30678, "scanner": "repobility-threat-engine", "fingerprint": "dbc59a819a284f859c9cbeb42451ed1d2c6abdfd3ea5a09ea12e86e496af1353", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dbc59a819a284f859c9cbeb42451ed1d2c6abdfd3ea5a09ea12e86e496af1353"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/inference/pippy/llama.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 30677, "scanner": "repobility-threat-engine", "fingerprint": "3f1b98986fe6afcdbbae8b73a5feeacce9172b945beb4c85fb1b90e87d2f6507", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f1b98986fe6afcdbbae8b73a5feeacce9172b945beb4c85fb1b90e87d2f6507"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/big_model_inference/big_model_inference.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 30474, "scanner": "repobility-docker", "fingerprint": "8f279133c60c531ed44bf7c936d1c1bbf9fa3c3ebf0d95fa177000cf5d44a6a0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "nvcr.io/nvidia/pytorch:${BASE_YEAR}.${BASE_MONTH}-py3", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|8f279133c60c531ed44bf7c936d1c1bbf9fa3c3ebf0d95fa177000cf5d44a6a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/transformer_engine/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30457, "scanner": "repobility-threat-engine", "fingerprint": "75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d"}}}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30453, "scanner": "repobility-threat-engine", "fingerprint": "aa76beac12056d5af1bf4b95ddaaa163735f3a82499334fcd54d26ab486513a5", "category": "deserialization", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|aa76beac12056d5af1bf4b95ddaaa163735f3a82499334fcd54d26ab486513a5"}}}, {"ruleId": "SEC011", "level": "none", "message": {"text": "[SEC011] Unsafe PyTorch Model Loading: torch.load() uses pickle internally and can execute arbitrary code from untrusted model files."}, "properties": {"repobilityId": 30452, "scanner": "repobility-threat-engine", "fingerprint": "010a3a0b907a0d51a4f69a035a704608ed30e473e632b21482ab6e447c1f2540", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "evidence": {"match": "torch.load(", "reason": "Safe pattern 'weights_only\\s*=\\s*True' detected on same line", "rule_id": "SEC011", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|199|sec011"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/fsdp_utils.py"}, "region": {"startLine": 199}}}]}, {"ruleId": "SEC034", "level": "none", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30449, "scanner": "repobility-threat-engine", "fingerprint": "0c38f3359897d8fbb05222ca133c0d09a5b4d741ea471e5ee93549f3c0437c61", "category": "log_injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0c38f3359897d8fbb05222ca133c0d09a5b4d741ea471e5ee93549f3c0437c61"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 30 more): Same pattern found in 30 additional files. Review if needed."}, "properties": {"repobilityId": 30445, "scanner": "repobility-threat-engine", "fingerprint": "f1abb92158b2e03a7cc4edb76de375e21bc6561c711b14103d1e4824e0b0b71e", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 30 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f1abb92158b2e03a7cc4edb76de375e21bc6561c711b14103d1e4824e0b0b71e"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 30444, "scanner": "repobility-threat-engine", "fingerprint": "bb9ab173b47f83a7de100f72777d570879360b88598200cb4cb7458a85850556", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.eval\\(' detected on same line", "evidence": {"match": ".eval(", "reason": "Safe pattern '\\.eval\\(' detected on same line", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|106|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/fp8_utils.py"}, "region": {"startLine": 106}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 30441, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30440, "scanner": "repobility-threat-engine", "fingerprint": "0b117056bf47ac09fbe093c2cbed4b7d4d369e0a7eb094c9311277beda3acef1", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(os.environ)", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|35|print os.environ"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/environment.py"}, "region": {"startLine": 358}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30439, "scanner": "repobility-threat-engine", "fingerprint": "5943d2d73408baab58c2d9c06d69d25bf57b1432a3be167c10fabb0d56779ad1", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "evidence": {"match": "print(tokenizer.batch_decode(next_token)", "reason": "The token term appears to refer to NLP/model token counts, a tokenizer, or blockchain token metadata rather than credential material", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|5|print tokenizer.batch_decode next_token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/inference/pippy/llama.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30706, "scanner": "repobility-threat-engine", "fingerprint": "ad61192fb849d15da7aab03df0b7ac9262a689800a03d16762cd514427293da5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ad61192fb849d15da7aab03df0b7ac9262a689800a03d16762cd514427293da5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/environment.py"}, "region": {"startLine": 223}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30705, "scanner": "repobility-threat-engine", "fingerprint": "a5a6f507efbf176f71d90c97ab03dc9c67e757c55fdd27f22e9fff4ba48ef57c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5a6f507efbf176f71d90c97ab03dc9c67e757c55fdd27f22e9fff4ba48ef57c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/test_utils/testing.py"}, "region": {"startLine": 822}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 30704, "scanner": "repobility-threat-engine", "fingerprint": "f74b4373abeb2aec7dbcb9bfd8dd1e478a247aa21ac71d9295b8920ded727867", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f74b4373abeb2aec7dbcb9bfd8dd1e478a247aa21ac71d9295b8920ded727867"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/menu/selection_menu.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 30700, "scanner": "repobility-threat-engine", "fingerprint": "d700aff8e658b5f3ba11f65a665ad92ec42756a60d74fd20597da6d890fcc1c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d700aff8e658b5f3ba11f65a665ad92ec42756a60d74fd20597da6d890fcc1c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/fsdp_utils.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 30699, "scanner": "repobility-threat-engine", "fingerprint": "3dfe84cdf0a693b3e1b05ea825fc41a1ac4484954b05236eaa902f7a4f09943d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3dfe84cdf0a693b3e1b05ea825fc41a1ac4484954b05236eaa902f7a4f09943d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/commands/config/config_args.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 30698, "scanner": "repobility-threat-engine", "fingerprint": "9fb3dc408deeb84590639513c83da380256bd737336d19a74c62868fe46956a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9fb3dc408deeb84590639513c83da380256bd737336d19a74c62868fe46956a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3787}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 30696, "scanner": "repobility-threat-engine", "fingerprint": "6e1fa011915105baf89a3636daa7ecda4b2a7fd96a0ccb0980ac191a41f96f00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6e1fa011915105baf89a3636daa7ecda4b2a7fd96a0ccb0980ac191a41f96f00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/inference/distributed/florence2.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 30689, "scanner": "repobility-threat-engine", "fingerprint": "1044a2c2afaf1ddcd5507ba0cf6928939caf97917fe0a87f0884ed8282597a0e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1044a2c2afaf1ddcd5507ba0cf6928939caf97917fe0a87f0884ed8282597a0e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/megatron_lm_gpt_pretraining.py"}, "region": {"startLine": 418}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 30688, "scanner": "repobility-threat-engine", "fingerprint": "900893ad4db2ae5b9c6e3d37f4a6ee14d24bc26f1021f87b5b338e207b421cd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|900893ad4db2ae5b9c6e3d37f4a6ee14d24bc26f1021f87b5b338e207b421cd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/by_feature/deepspeed_with_config_support.py"}, "region": {"startLine": 430}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30686, "scanner": "repobility-threat-engine", "fingerprint": "55f3b1ee9c2eeb62ea4ea6ea624a9a5e4437162a83374d6d5f653cd30dbaa19c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "model.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|55f3b1ee9c2eeb62ea4ea6ea624a9a5e4437162a83374d6d5f653cd30dbaa19c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/transformer_engine/distrib_deepspeed.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30685, "scanner": "repobility-threat-engine", "fingerprint": "eecf7484e8a36b54c756334e251cc4958b8adef0643f1c3680edb5bdb83a7f8c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "model.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|eecf7484e8a36b54c756334e251cc4958b8adef0643f1c3680edb5bdb83a7f8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/torchao/distrib_deepspeed.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 30684, "scanner": "repobility-threat-engine", "fingerprint": "1ba71cc7815581d95edda4aa1c0f18df70d47dec7b8415fd8239f1c6606ef56f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "model.destroy()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1ba71cc7815581d95edda4aa1c0f18df70d47dec7b8415fd8239f1c6606ef56f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/fp8/ms_amp/distrib_deepspeed.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 30463, "scanner": "repobility-threat-engine", "fingerprint": "42a9b719f77ceb1e9764b42c9e78b36e5b6fd0a4fbdecc7dfdb2532085d13691", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"[^\\d](\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|174|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/modeling.py"}, "region": {"startLine": 174}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 30460, "scanner": "repobility-threat-engine", "fingerprint": "c592f54df8888549bfaefda74c92b2b27db54ea181eebb14602bbcc9eb1212d3", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|194|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/fsdp_utils.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 30459, "scanner": "repobility-threat-engine", "fingerprint": "b0c0c786b3bd47ee98a8acb32fa44dcc75b62b75c07cfef27d871f0e0baf0a32", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(dir_name, \"hparams", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|src/accelerate/tracking.py|237|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/tracking.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 30458, "scanner": "repobility-threat-engine", "fingerprint": "0439fc36461e0e8ff65c4ce9d5f23c68a42d454ff0bbeeb1e9f39735881a9950", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.join(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|3787|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3787}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 30456, "scanner": "repobility-threat-engine", "fingerprint": "48794c5f3e16ad89523b2387ce26b1953d468acbafe17287d793a62a6064135b", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|194|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/fsdp_utils.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 30455, "scanner": "repobility-threat-engine", "fingerprint": "044142cc1f0a146961d978a1f1ee5c6dad221fa16e6d1cf01c5bc8b1efd146a9", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(dir_name, \"hparams", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|src/accelerate/tracking.py|237|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/tracking.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 30454, "scanner": "repobility-threat-engine", "fingerprint": "767501132396d1bc886907c4eae930d96f4d165c7c409e15fa6c964f3e063206", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "os.path.join(input_dir, folder) for folder in os.listdir(input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|3787|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/accelerator.py"}, "region": {"startLine": 3787}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 30438, "scanner": "repobility-threat-engine", "fingerprint": "4f95a40f991b31c061817594d695e335485d88478c0685efeb29047ede6e32f6", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"Prompt: {prompt}\\nGeneration {text_out}\\nIn {generation_time:.2f}s for {num_gen_tokens} toke", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|12|print f prompt: prompt ngeneration text_out nin generation_time:.2f s for num_gen_tokens toke"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "benchmarks/big_model_inference/big_model_inference.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED030", "level": "error", "message": {"text": "[MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__."}, "properties": {"repobilityId": 30719, "scanner": "repobility-threat-engine", "fingerprint": "6cffb0f7096c41bfb1e2618d88b75c7a8b20bed747c0577be2924c54b53fb0fe", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pickle-loads", "owasp": null, "cwe_ids": ["CWE-502"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347968+00:00", "triaged_in_corpus": 20, "observations_count": 6314, "ai_coder_pattern_id": 119}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cffb0f7096c41bfb1e2618d88b75c7a8b20bed747c0577be2924c54b53fb0fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/operations.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 30718, "scanner": "repobility-threat-engine", "fingerprint": "234cab9195cbef00fe7b8b55582bfebe1862afb6184f55b766bc29011fe47071", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|234cab9195cbef00fe7b8b55582bfebe1862afb6184f55b766bc29011fe47071"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/operations.py"}, "region": {"startLine": 484}}}]}, {"ruleId": "SEC081", "level": "error", "message": {"text": "[SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3)."}, "properties": {"repobilityId": 30465, "scanner": "repobility-threat-engine", "fingerprint": "dcf74bd22daf6024cd01a7e92d2c686438b69a1bff32021a7b6578c25113abd9", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pickle.loads(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC081", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcf74bd22daf6024cd01a7e92d2c686438b69a1bff32021a7b6578c25113abd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/accelerate/utils/operations.py"}, "region": {"startLine": 484}}}]}]}]}