{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v2` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1313"}, "properties": {"repository": "danmindru/rare-big-deal", "repoUrl": "https://github.com/danmindru/rare-big-deal", "branch": "main"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 134048, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 134019, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 134009, "scanner": "repobility-threat-engine", "fingerprint": "998341c0ab5035337579e9cd880d6877b90d0cd217b7322c660020422b98da30", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(HELP_HREF, '_blank')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|45|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/FooterSupportButton.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 134049, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134047, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca3e11ba339f210b4abd97b4117f69975b07ce539e91f76963b97eeac56d1ffc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/layouts/PostLayout.tsx", "duplicate_line": 120, "correlation_key": "fp|ca3e11ba339f210b4abd97b4117f69975b07ce539e91f76963b97eeac56d1ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/ProductLayout.tsx"}, "region": {"startLine": 434}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134046, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93b0d316da18a17fc063927e6a7e8cbb2b24a958ee1a003ca447600eb4513639", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/showcase/EmblaCarousel.tsx", "duplicate_line": 120, "correlation_key": "fp|93b0d316da18a17fc063927e6a7e8cbb2b24a958ee1a003ca447600eb4513639"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/ProductLayout.tsx"}, "region": {"startLine": 208}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134045, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8caf4b740af8c847bfff98446646aabb8c360462e5ee3d3f23b74e9a4b3e9397", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/[...slug]/page.tsx", "duplicate_line": 149, "correlation_key": "fp|8caf4b740af8c847bfff98446646aabb8c360462e5ee3d3f23b74e9a4b3e9397"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/ProductLayout.tsx"}, "region": {"startLine": 205}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134044, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db31fc24c58f4afcd5f20be682b7803a6f60ec836cc4fd26375864df3a4e9537", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/blog/home/PostItem.tsx", "duplicate_line": 143, "correlation_key": "fp|db31fc24c58f4afcd5f20be682b7803a6f60ec836cc4fd26375864df3a4e9537"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/ProductLayout.tsx"}, "region": {"startLine": 199}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134043, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a91ab535b4483143a72513b13b92dbfa8971b517221fca7b6460cac66273bb78", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/layouts/PostBanner.tsx", "duplicate_line": 55, "correlation_key": "fp|a91ab535b4483143a72513b13b92dbfa8971b517221fca7b6460cac66273bb78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/PostSimple.tsx"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134042, "scanner": "repobility-ai-code-hygiene", "fingerprint": "690ccfe8c0f41075d4d4d31da156317cdcd3f24ccfe0360eee44c2f134d6bec6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/layouts/ListLayout.tsx", "duplicate_line": 10, "correlation_key": "fp|690ccfe8c0f41075d4d4d31da156317cdcd3f24ccfe0360eee44c2f134d6bec6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/layouts/ListLayoutWithTags.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134041, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b907c39901a28401f70ba595432d73b92abd2eb692d4081a7d5d8420ae19b384", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/[...slug]/page.tsx", "duplicate_line": 149, "correlation_key": "fp|b907c39901a28401f70ba595432d73b92abd2eb692d4081a7d5d8420ae19b384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/showcase/EmblaCarousel.tsx"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134040, "scanner": "repobility-ai-code-hygiene", "fingerprint": "74e7f72489bb4f23bee9705e5e2cfdb6aca4d359792d4f8974538b94bf88df89", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/shared/ui/command.tsx", "duplicate_line": 113, "correlation_key": "fp|74e7f72489bb4f23bee9705e5e2cfdb6aca4d359792d4f8974538b94bf88df89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ui/menubar.tsx"}, "region": {"startLine": 186}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134039, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc1c045defea1415b18f16d929cf540b411bf081f38ca0fd16f11b9956785c2a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/shared/ui/command.tsx", "duplicate_line": 113, "correlation_key": "fp|dc1c045defea1415b18f16d929cf540b411bf081f38ca0fd16f11b9956785c2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ui/context-menu.tsx"}, "region": {"startLine": 152}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134038, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d526590d2c21b162b57775c24ac5340a5038ddf9a72234653b9888e8c1b6a1ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/shared/Footer.tsx", "duplicate_line": 40, "correlation_key": "fp|d526590d2c21b162b57775c24ac5340a5038ddf9a72234653b9888e8c1b6a1ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/Header.tsx"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134037, "scanner": "repobility-ai-code-hygiene", "fingerprint": "714bb0b9ded591f4c95afa2d4b4ed936e3df33a930255197df6f2c09e83d5616", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/testimonial/LandingTestimonialGrid.tsx", "duplicate_line": 36, "correlation_key": "fp|714bb0b9ded591f4c95afa2d4b4ed936e3df33a930255197df6f2c09e83d5616"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/testimonial/LandingTestimonialList.tsx"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134036, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b86a861cd8a1d0a6a0ab2058e9c695c2afca97537389e948b6351011a1b9c77", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductFeaturesGrid.tsx", "duplicate_line": 54, "correlation_key": "fp|6b86a861cd8a1d0a6a0ab2058e9c695c2afca97537389e948b6351011a1b9c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/testimonial/LandingTestimonialInline.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134035, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f85ec5c7794f5e232ebbbf580b9323a996b0c7473732b9bbe18eca830e259841", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductVideoFeature.tsx", "duplicate_line": 50, "correlation_key": "fp|f85ec5c7794f5e232ebbbf580b9323a996b0c7473732b9bbe18eca830e259841"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/testimonial/LandingTestimonialGrid.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134034, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2562e5e04237403da814ddcc4f6ac76046fb4add6844d1ba6fbf83d9f42ff947", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductFeature.tsx", "duplicate_line": 49, "correlation_key": "fp|2562e5e04237403da814ddcc4f6ac76046fb4add6844d1ba6fbf83d9f42ff947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/testimonial/LandingTestimonialGrid.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134033, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b01665f73212ae6b5f6730400687059865f50a82a9d6a32b5cce008273b449b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductFeature.tsx", "duplicate_line": 20, "correlation_key": "fp|b01665f73212ae6b5f6730400687059865f50a82a9d6a32b5cce008273b449b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/showcase/LandingShowcase.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134032, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce0fa14abf10477ab91e0adcc2b4bff868061d61812e851eb8caaff8d0291e24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaq.tsx", "duplicate_line": 53, "correlation_key": "fp|ce0fa14abf10477ab91e0adcc2b4bff868061d61812e851eb8caaff8d0291e24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/feature/LandingFeatureList.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134031, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d58448fbd59e1f393187ccc7a649a6f1caeb20e05393a05352455354af4475f8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaqCollapsible.tsx", "duplicate_line": 31, "correlation_key": "fp|d58448fbd59e1f393187ccc7a649a6f1caeb20e05393a05352455354af4475f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/feature/LandingFeatureList.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134030, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83764fdf951f079fa85387285644d899a5ffad51e5890a452b32be6968bbe9fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaqCollapsible.tsx", "duplicate_line": 47, "correlation_key": "fp|83764fdf951f079fa85387285644d899a5ffad51e5890a452b32be6968bbe9fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/cta/LandingSaleCta.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134029, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b47dde6e6f05745146a0160ab66564b394e20703e2b68912e03d4a39fd6e826", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaq.tsx", "duplicate_line": 25, "correlation_key": "fp|4b47dde6e6f05745146a0160ab66564b394e20703e2b68912e03d4a39fd6e826"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/cta/LandingSaleCta.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134028, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be154f9db05790b5c800344658e77f0afc4743575183bf201d7b1f6f550baa10", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductFeature.tsx", "duplicate_line": 32, "correlation_key": "fp|be154f9db05790b5c800344658e77f0afc4743575183bf201d7b1f6f550baa10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/cta/LandingPrimaryCta.tsx"}, "region": {"startLine": 115}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134027, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a3588c8e49df07b516f4fd2840d2d727b4dcb685da773bc63d2be84d5d3ea3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingProductFeature.tsx", "duplicate_line": 44, "correlation_key": "fp|1a3588c8e49df07b516f4fd2840d2d727b4dcb685da773bc63d2be84d5d3ea3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/LandingProductVideoFeature.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134026, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2047b5d53210e6f3dbb83daa59a4f0b09ba1379eec15d4ae4420ec98c1b145da", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaq.tsx", "duplicate_line": 31, "correlation_key": "fp|2047b5d53210e6f3dbb83daa59a4f0b09ba1379eec15d4ae4420ec98c1b145da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/LandingProductTour.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134025, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33e0ec8be6955bf48f91e32620513852d5e7fab91b4187a2c950fac031079688", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/components/landing/LandingFaq.tsx", "duplicate_line": 8, "correlation_key": "fp|33e0ec8be6955bf48f91e32620513852d5e7fab91b4187a2c950fac031079688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/LandingFaqCollapsible.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134024, "scanner": "repobility-ai-code-hygiene", "fingerprint": "359354bedd1fe528ed15687b4e2683466543f0bb8e2ad2846ef4008305eb13bb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/[...slug]/page.tsx", "duplicate_line": 149, "correlation_key": "fp|359354bedd1fe528ed15687b4e2683466543f0bb8e2ad2846ef4008305eb13bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/blog/home/PostItem.tsx"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134023, "scanner": "repobility-ai-code-hygiene", "fingerprint": "560c23fcb7965998762114e98559878b1854294b8ee47fdd9f2fdfeec60b51cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/categories/menu.tsx", "duplicate_line": 48, "correlation_key": "fp|560c23fcb7965998762114e98559878b1854294b8ee47fdd9f2fdfeec60b51cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/blog/HomeList.tsx"}, "region": {"startLine": 84}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134022, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6fdd6857abd6958fc828c4a73d195a9221e9a474ead45180ae5ef48b7ec48a68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/privacy/page.tsx", "duplicate_line": 455, "correlation_key": "fp|6fdd6857abd6958fc828c4a73d195a9221e9a474ead45180ae5ef48b7ec48a68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/terms/page.tsx"}, "region": {"startLine": 581}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2943949516a2a2d4b7f503183acc3e16358adb9b5f1f31ad82f52717698c5ffd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/handpicked-deals/page.tsx", "duplicate_line": 17, "correlation_key": "fp|2943949516a2a2d4b7f503183acc3e16358adb9b5f1f31ad82f52717698c5ffd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/page.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c1e2c4ceef6e011f1eaf86921a5e301d94521c02b035cdbe4cad3a070b1c1d5a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "shipixen/app/all-deals/page.tsx", "duplicate_line": 11, "correlation_key": "fp|c1e2c4ceef6e011f1eaf86921a5e301d94521c02b035cdbe4cad3a070b1c1d5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/all-deals/page/[page]/page.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 133996, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134018, "scanner": "repobility-threat-engine", "fingerprint": "b2630e33bbf90d76bb763cbf584cc1e07b85ab50279ace9b1699e1450777dbb3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b2630e33bbf90d76bb763cbf584cc1e07b85ab50279ace9b1699e1450777dbb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/rss.mjs"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 134017, "scanner": "repobility-threat-engine", "fingerprint": "8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8323284e71c0a31a05bed90ab17738fa73ec0ef9ce708f2be963d66c42fd127f", "aggregated_count": 11}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 134016, "scanner": "repobility-threat-engine", "fingerprint": "ee6bbb6c97cfcd766592bb470adee2cef7c290a0696c8a90ca35def451a37c50", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee6bbb6c97cfcd766592bb470adee2cef7c290a0696c8a90ca35def451a37c50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/appstore.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 134015, "scanner": "repobility-threat-engine", "fingerprint": "036df89f40e03c7aac15a6ec265cb1e68a10f5032babc69a0d66459b7777983f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|036df89f40e03c7aac15a6ec265cb1e68a10f5032babc69a0d66459b7777983f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/apply-overrides.js"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 134014, "scanner": "repobility-threat-engine", "fingerprint": "e96db43e6124b060748d5c9a8ccfbaa03abd03eec6e45ad1c5a29c18895880ed", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e96db43e6124b060748d5c9a8ccfbaa03abd03eec6e45ad1c5a29c18895880ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/contentlayer.config.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 134013, "scanner": "repobility-threat-engine", "fingerprint": "e8db9482fd3d2db73782da039348ff4673a4a97555c11b85c60d37bf0ebe4a9a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8db9482fd3d2db73782da039348ff4673a4a97555c11b85c60d37bf0ebe4a9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/showcase/BundleShowcase.tsx"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 134006, "scanner": "repobility-threat-engine", "fingerprint": "29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|29f418f0b32afce9ff9545bb3e439c1b302cb3c41f56d413b872dcb5fe0b02fc"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 134002, "scanner": "repobility-threat-engine", "fingerprint": "377e9ed5b80ffb9d61ead7cdc96c8d32214c1075bbdc490f011ecc80671f46d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|377e9ed5b80ffb9d61ead7cdc96c8d32214c1075bbdc490f011ecc80671f46d1", "aggregated_count": 10}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 134001, "scanner": "repobility-threat-engine", "fingerprint": "28e71b9a6d56805fccb6fd53b9b5c49a648ae16e4bcb74407ac30373a7e28d6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28e71b9a6d56805fccb6fd53b9b5c49a648ae16e4bcb74407ac30373a7e28d6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/LandingFaqCollapsible.tsx"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 134000, "scanner": "repobility-threat-engine", "fingerprint": "0d091d4c2bffba4f80091c9ee5a0f546022eaa905902cafac2c79d782bd77495", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0d091d4c2bffba4f80091c9ee5a0f546022eaa905902cafac2c79d782bd77495"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/LandingFaq.tsx"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 133999, "scanner": "repobility-threat-engine", "fingerprint": "cac2ea399437514d84856f0519697f4af4ce21153fcce38f55372c112f3aa6d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cac2ea399437514d84856f0519697f4af4ce21153fcce38f55372c112f3aa6d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/handpicked-deals/page.tsx"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 133998, "scanner": "repobility-threat-engine", "fingerprint": "7accee821bf908cf7052c2167a6268f2c95e0f4f0dcee233347f816d5aa393ca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7accee821bf908cf7052c2167a6268f2c95e0f4f0dcee233347f816d5aa393ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ui/chart.tsx"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 133997, "scanner": "repobility-threat-engine", "fingerprint": "1bc737ff79569ad91496bc437362ccbc2aa3e6ee3cc9158d0fdd3cb7a1205b1e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1bc737ff79569ad91496bc437362ccbc2aa3e6ee3cc9158d0fdd3cb7a1205b1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/[...slug]/page.tsx"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134053, "scanner": "repobility-supply-chain", "fingerprint": "070bf8619ea2a0f9f832a9be3202d6d5de3bc44f4840212909357744ef9482b8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|070bf8619ea2a0f9f832a9be3202d6d5de3bc44f4840212909357744ef9482b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/parse-submission.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v2`: `uses: actions/setup-node@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134052, "scanner": "repobility-supply-chain", "fingerprint": "80f3b37ccb6c776e085c4df5cc14c580b26219b5f97bc4bb77f9f640ffe8225a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80f3b37ccb6c776e085c4df5cc14c580b26219b5f97bc4bb77f9f640ffe8225a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/parse-submission.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134051, "scanner": "repobility-supply-chain", "fingerprint": "e97202a4954855e011713984090fd527ed1d19e7bb6396e68dc40271db04cc3f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e97202a4954855e011713984090fd527ed1d19e7bb6396e68dc40271db04cc3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/parse-submission.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 134050, "scanner": "repobility-supply-chain", "fingerprint": "9237a3771ea103909c6eb84524bb6d8ba302e19f2e45d1f3f33fac2e8e8e618f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9237a3771ea103909c6eb84524bb6d8ba302e19f2e45d1f3f33fac2e8e8e618f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/parse-submission.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 134012, "scanner": "repobility-threat-engine", "fingerprint": "bea054365573c4725ef303cea57b3d27c82d4c65dca70af9f9a27178a0cbc428", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((t) => `<category>${t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bea054365573c4725ef303cea57b3d27c82d4c65dca70af9f9a27178a0cbc428"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/rss.mjs"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 134011, "scanner": "repobility-threat-engine", "fingerprint": "298ec13c88104104cf591a17871a6ede2e2c93f37c59bda5d695d8a9048ff3ea", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((tag) => `  - ${tag}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|298ec13c88104104cf591a17871a6ede2e2c93f37c59bda5d695d8a9048ff3ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/generate-mdx-content.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 134010, "scanner": "repobility-threat-engine", "fingerprint": "8bace37fc02222701f43bb33a7fb2019f6114400d1b72f9bcbb56496902f9eb2", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n            ([theme, prefix]) => `\n${prefix} [data-chart=${id}] {\n${colorConfig\n  .map(([key, i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8bace37fc02222701f43bb33a7fb2019f6114400d1b72f9bcbb56496902f9eb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ui/chart.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134008, "scanner": "repobility-threat-engine", "fingerprint": "b4d11dcf9b665b10c07e01cacb090e60a7460b5c5acbbd0e827014f7f8872c68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "toastTimeouts.delete(toastId);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b4d11dcf9b665b10c07e01cacb090e60a7460b5c5acbbd0e827014f7f8872c68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ui/use-toast.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134007, "scanner": "repobility-threat-engine", "fingerprint": "325a8f8608430716dc6a839e6571dbac4d57028a85337604f62b2e0073cd325b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "particle.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|325a8f8608430716dc6a839e6571dbac4d57028a85337604f62b2e0073cd325b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/landing/cta-backgrounds/LandingDotParticleCtaBg.tsx"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134005, "scanner": "repobility-threat-engine", "fingerprint": "600282906a79bfe2602c209100b12825164f65412868c354d6aee1aa8b695164", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|600282906a79bfe2602c209100b12825164f65412868c354d6aee1aa8b695164"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/scripts/appstore.js"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134004, "scanner": "repobility-threat-engine", "fingerprint": "469f2b3be3f19ad04a4e74da3b2d1a0c1ed32325944686dd02071c878d3800fc", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|469f2b3be3f19ad04a4e74da3b2d1a0c1ed32325944686dd02071c878d3800fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/components/shared/ActiveLink.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 134003, "scanner": "repobility-threat-engine", "fingerprint": "4c2cef106fe8c5ec33100288f04f596082da90e625411dfd0a0c40c6545117b9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c2cef106fe8c5ec33100288f04f596082da90e625411dfd0a0c40c6545117b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "shipixen/app/layout.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 133995, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}]}]}