{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/459"}, "properties": {"repository": "devmspl/HR-App", "repoUrl": "https://github.com/devmspl/HR-App.git", "branch": "master"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 23701, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 23700, "scanner": "repobility-threat-engine", "fingerprint": "adeb52b1db48f777604bc39a65d9b8c913bf6b724fa2c473d261ca3db1624f3b", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (1.4 bits) \u2014 may be placeholder or common string", "evidence": {"match": "Passwd=\"\n                                                endString:@\"", "reason": "Low entropy value (1.4 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|64|passwd endstring:"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/GTMSessionFetcher/Source/GTMSessionFetcherLogging.m"}, "region": {"startLine": 643}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 23664, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23694, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d1ee9595773f69b95d89ecbfd900917ab2fa85f51c1b109e5f256cf80e8fbeec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDClientMetadataParameters.h", "duplicate_line": 1, "correlation_key": "fp|d1ee9595773f69b95d89ecbfd900917ab2fa85f51c1b109e5f256cf80e8fbeec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDRegistrationRequest.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23693, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b7aa63f7d6e0388de33fa0c5b267fd6c524729952def260a11698b92d9cea2d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|8b7aa63f7d6e0388de33fa0c5b267fd6c524729952def260a11698b92d9cea2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDGrantTypes.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23692, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bda9778596f4cbf1cc44fb37edde9be6a8ad1aa0875fdfb0c4e389bc6ae23ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDError.h", "duplicate_line": 3, "correlation_key": "fp|0bda9778596f4cbf1cc44fb37edde9be6a8ad1aa0875fdfb0c4e389bc6ae23ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDFieldMapping.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23691, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3337a32eb6495b8985d07295c759c6ba4167a86b282ece48133de8c455dda65d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|3337a32eb6495b8985d07295c759c6ba4167a86b282ece48133de8c455dda65d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDFieldMapping.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23690, "scanner": "repobility-ai-code-hygiene", "fingerprint": "befa80daec8a2385d334d0d0ba0b35068bdb2039e90ec4742279cfbe40b2a151", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDEndSessionRequest.h", "duplicate_line": 1, "correlation_key": "fp|befa80daec8a2385d334d0d0ba0b35068bdb2039e90ec4742279cfbe40b2a151"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDExternalUserAgentSession.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23689, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d93652541695bcd8f1687e9f67bf3fdfa35c5ddae04207e63eed376c0dd5e7cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDEndSessionRequest.h", "duplicate_line": 1, "correlation_key": "fp|d93652541695bcd8f1687e9f67bf3fdfa35c5ddae04207e63eed376c0dd5e7cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDExternalUserAgentRequest.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23688, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3258bccd9a6576fa76b8a17d63054763cf375553819c2b21878f26cb9264585a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth/iOS/OIDAuthState+IOS.h", "duplicate_line": 1, "correlation_key": "fp|3258bccd9a6576fa76b8a17d63054763cf375553819c2b21878f26cb9264585a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDExternalUserAgent.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23687, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88965008c7c1db22bf3198f87b8d3359617598c75d360d2b2d2964dda05dd053", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDError.h", "duplicate_line": 3, "correlation_key": "fp|88965008c7c1db22bf3198f87b8d3359617598c75d360d2b2d2964dda05dd053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDErrorUtilities.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23686, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f634f8a7769ea80be3ebe6bb6c1b39cb854fa64f9da1a9c4bf42294096715015", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|f634f8a7769ea80be3ebe6bb6c1b39cb854fa64f9da1a9c4bf42294096715015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDErrorUtilities.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23685, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73fd11ea6a478244a03366849166e0b6381fdaa61c9f2db76fd072445139d40b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|73fd11ea6a478244a03366849166e0b6381fdaa61c9f2db76fd072445139d40b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDError.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23684, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f549549d22d55d3df53470b401dd689a7c44896a6a57d741a0197100aa817e02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDEndSessionRequest.h", "duplicate_line": 1, "correlation_key": "fp|f549549d22d55d3df53470b401dd689a7c44896a6a57d741a0197100aa817e02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDEndSessionResponse.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23683, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ccdb7653f28368c47a2c14e282b582fd08958293b0f28cca415d74df5b066f70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDAuthorizationRequest.h", "duplicate_line": 4, "correlation_key": "fp|ccdb7653f28368c47a2c14e282b582fd08958293b0f28cca415d74df5b066f70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDEndSessionRequest.h"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23682, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4a7789f5ffd3ad5be5399a6bcd6a75cacd10772ba56fed11708c6b5485e8f07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|c4a7789f5ffd3ad5be5399a6bcd6a75cacd10772ba56fed11708c6b5485e8f07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDDefines.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23681, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbff0905badc4af93a23d5be74723411964ba0c0b3c6fc892686989ccceada34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|fbff0905badc4af93a23d5be74723411964ba0c0b3c6fc892686989ccceada34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthorizationService.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23680, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea85db26f629c7b53462a096b7fa41a2545a05e8be35a0e73bcb3b930f4ef3e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDAuthState.h", "duplicate_line": 3, "correlation_key": "fp|ea85db26f629c7b53462a096b7fa41a2545a05e8be35a0e73bcb3b930f4ef3e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthorizationResponse.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23679, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a95f226114b2329df5fc11061675246e2e1ba9a7978d6f9955c0c3761b6c78c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|5a95f226114b2329df5fc11061675246e2e1ba9a7978d6f9955c0c3761b6c78c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthorizationResponse.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23678, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ea6f6edd0c5a7040cda5c6722064de987b47be541735d6043ec93171700e315", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|1ea6f6edd0c5a7040cda5c6722064de987b47be541735d6043ec93171700e315"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthorizationRequest.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23677, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49a5e0b1f6a4742acfb9a14fe255196009473ea6e4d9c45b379dd2e1d2bf0377", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuthCore/OIDAuthStateChangeDelegate.h", "duplicate_line": 3, "correlation_key": "fp|49a5e0b1f6a4742acfb9a14fe255196009473ea6e4d9c45b379dd2e1d2bf0377"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthStateErrorDelegate.h"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23676, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a998a63b9bc7d252ad8ebd11c5b083e4a7191030df50fb0908e80d45909dc0e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|a998a63b9bc7d252ad8ebd11c5b083e4a7191030df50fb0908e80d45909dc0e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthStateErrorDelegate.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23675, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f461841a58cc676a9bfa0989c0ad0b708f3a45b9aa4e16c272dbb0367ee031f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|f461841a58cc676a9bfa0989c0ad0b708f3a45b9aa4e16c272dbb0367ee031f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthStateChangeDelegate.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23674, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c5646a6516d730d953ff93248b64f8b97718d34f9da9f838d33315d0839c3de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|4c5646a6516d730d953ff93248b64f8b97718d34f9da9f838d33315d0839c3de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore/OIDAuthState.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23673, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be6a7dd3a942d82e6dbf3ff4ef37da487cbd5387a081a01f7b1103e725252fd9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth.h", "duplicate_line": 1, "correlation_key": "fp|be6a7dd3a942d82e6dbf3ff4ef37da487cbd5387a081a01f7b1103e725252fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuthCore.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23672, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9054735f4c1e3ff5cf3756a9fec19a3563581ed6df0d1f398af96c83a5f5e1d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth/iOS/OIDAuthState+IOS.h", "duplicate_line": 1, "correlation_key": "fp|9054735f4c1e3ff5cf3756a9fec19a3563581ed6df0d1f398af96c83a5f5e1d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuth/iOS/OIDExternalUserAgentIOS.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23671, "scanner": "repobility-ai-code-hygiene", "fingerprint": "43b116fdc2e25e5ecb193a2626e8adfe7638d8baa836108c753b8a4dc2386630", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/AppAuth/Source/AppAuth/iOS/OIDAuthState+IOS.h", "duplicate_line": 1, "correlation_key": "fp|43b116fdc2e25e5ecb193a2626e8adfe7638d8baa836108c753b8a4dc2386630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/AppAuth/Source/AppAuth/iOS/OIDAuthorizationService+IOS.h"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23670, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa50159adc37e0597207accc2a60b370701bde044648e5d752cdaa403df03ffc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/Alamofire/Source/ParameterEncoder.swift", "duplicate_line": 45, "correlation_key": "fp|fa50159adc37e0597207accc2a60b370701bde044648e5d752cdaa403df03ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/Alamofire/Source/ParameterEncoding.swift"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23669, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8e8bc47bbeab8daea4a61ee135cd6fd4f9c35f5ae5201a68323f481a4dbea647", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/ARSLineProgress/Source/ARSInfiniteLoader.swift", "duplicate_line": 3, "correlation_key": "fp|8e8bc47bbeab8daea4a61ee135cd6fd4f9c35f5ae5201a68323f481a4dbea647"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/ARSLineProgress/Source/ARSStatus.swift"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23668, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8af5af4673a6239e8052a40854e7e23eaff81d7ef17a0fbfdbe14547b37c7c86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "Pods/ARSLineProgress/Source/ARSInfiniteLoader.swift", "duplicate_line": 5, "correlation_key": "fp|8af5af4673a6239e8052a40854e7e23eaff81d7ef17a0fbfdbe14547b37c7c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Pods/ARSLineProgress/Source/ARSProgressLoader.swift"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23667, "scanner": "repobility-ai-code-hygiene", "fingerprint": "811e74684c5f507ab20e79ecbc76e816005592e7d9896b45495e141a825bd897", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "HRM/Model/ApplyModel/ApplyListByIdModel.swift", "duplicate_line": 30, "correlation_key": "fp|811e74684c5f507ab20e79ecbc76e816005592e7d9896b45495e141a825bd897"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Model/JobModel/JobAndCompanyDetailModel.swift"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23666, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4278baa53d2c9027920fe86d347ddb6f5451a06eaa86f892037ebd68dc0cda00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "HRM/Model/JobModel/ApplicantDataModel.swift", "duplicate_line": 4, "correlation_key": "fp|4278baa53d2c9027920fe86d347ddb6f5451a06eaa86f892037ebd68dc0cda00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Model/JobModel/ApplicantModel.swift"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 23665, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c5c1a6b4da0b587534d5a9dec13bcf97a8f61715a5ac7e6f6e806ae32d28527", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "HRM/Controllers/tabBar/EmployeeHomeVC.swift", "duplicate_line": 150, "correlation_key": "fp|0c5c1a6b4da0b587534d5a9dec13bcf97a8f61715a5ac7e6f6e806ae32d28527"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Controllers/tabBar/EmployerHomeVC.swift"}, "region": {"startLine": 107}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 23663, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 23699, "scanner": "repobility-threat-engine", "fingerprint": "0fd45793ceb78d9211884eabc57dd83da2b57ab94d514e6e04956c1e1a48228c", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Url:- \\(ApiUrls.forgetPassword)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|17|print url:- apiurls.forgetpassword"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Services/ApiManager.swift"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 23698, "scanner": "repobility-threat-engine", "fingerprint": "a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a1abc0f73fcbbde4bfde07d3a1caa75668c0f255cd2533e6367562d2e96a50c7"}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23697, "scanner": "repobility-threat-engine", "fingerprint": "6ba000b7172d0f4e9940d143dd11474c825b39fd432adfa7fe82836812a962f2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6ba000b7172d0f4e9940d143dd11474c825b39fd432adfa7fe82836812a962f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Controllers/Employee/JobApplyVC.swift"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23696, "scanner": "repobility-threat-engine", "fingerprint": "2dbb56fe56a7b9bd613d742b15e7edfcdfa85abdc4995ec520e3e8fe2e57365e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2dbb56fe56a7b9bd613d742b15e7edfcdfa85abdc4995ec520e3e8fe2e57365e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/Controllers/Employee/EnterCompanyDetailsVC.swift"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 23695, "scanner": "repobility-threat-engine", "fingerprint": "b1060f9aaa9012454632d9658cdefbce5273ea85507fad6fbbbdb0d4bd4d4aaa", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b1060f9aaa9012454632d9658cdefbce5273ea85507fad6fbbbdb0d4bd4d4aaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "HRM/BaseClass.swift"}, "region": {"startLine": 266}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 23662, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}