{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR007", "name": "Docker build context has no .dockerignore", "shortDescription": {"text": "Docker build context has no .dockerignore"}, "fullDescription": {"text": "Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC091", "name": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnera", "shortDescription": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "fullDescription": {"text": "Construct `&http.Server{Addr: ..., ReadHeaderTimeout: 5*time.Second, ReadTimeout: 10*time.Second, WriteTimeout: 30*time.Second}`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC089", "name": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended ", "shortDescription": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "fullDescription": {"text": "Bind to `127.0.0.1:PORT` and front with a reverse proxy."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC123", "name": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environme", "shortDescription": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "fullDescription": {"text": "Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC112", "name": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/templa", "shortDescription": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "fullDescription": {"text": "Use `html/template` (NOT `text/template`) for HTML responses. Never wrap user input with `template.HTML/JS/URL`."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC094", "name": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Port", "shortDescription": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "fullDescription": {"text": "Use 0600 for files, 0700 for dirs that should be private."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR010", "name": "Dockerfile leaves apt package indexes in the image layer", "shortDescription": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "fullDescription": {"text": "End the apt install layer with `rm -rf /var/lib/apt/lists/*`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Dockerfile base image is selected through a build variable", "shortDescription": {"text": "Dockerfile base image is selected through a build variable"}, "fullDescription": {"text": "Resolve the variable to a versioned tag or digest in production builds and document the allowed images."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "info", "confidence": 0.48, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED069", "name": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files.", "shortDescription": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-489 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto (and 20 more): Same pattern found in 20 additional files. Review if needed.", "shortDescription": {"text": "[MINED004] Weak Crypto (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED060] Go Context No Cancel (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC093", "name": "[SEC093] Go: exec.Command with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[SEC093] Go: exec.Command with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Use a constant command name and validate args via a whitelist."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED033", "name": "[MINED033] Go Recover Without Log (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED033] Go Recover Without Log (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC090", "name": "[SEC090] Go: math/rand used near crypto context (and 2 more): Same pattern found in 2 additional files. Review if needed", "shortDescription": {"text": "[SEC090] Go: math/rand used near crypto context (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "import `crypto/rand` and use `rand.Read(buf)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED071", "name": "[MINED071] Go Panic Call (and 343 more): Same pattern found in 343 additional files. Review if needed.", "shortDescription": {"text": "[MINED071] Go Panic Call (and 343 more): Same pattern found in 343 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED016", "name": "[MINED016] Go Error Ignored (and 50 more): Same pattern found in 50 additional files. Review if needed.", "shortDescription": {"text": "[MINED016] Go Error Ignored (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-754 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `src/go/internal/gccgoimporter/testdata/libimportsar.a` committed in source repo: `src/go/interna", "shortDescription": {"text": "[MINED134] Binary file `src/go/internal/gccgoimporter/testdata/libimportsar.a` committed in source repo: `src/go/internal/gccgoimporter/testdata/libimportsar.a` is a .a binary (9,302 bytes) committed to a repo that otherwise has 10595 sourc"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `coqorg/coq:8.13.2` not pinned by digest: `FROM coqorg/coq:8.13.2` resolves the tag at build ", "shortDescription": {"text": "[MINED118] Dockerfile FROM `coqorg/coq:8.13.2` not pinned by digest: `FROM coqorg/coq:8.13.2` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production i"}, "fullDescription": {"text": "Replace with: `FROM coqorg/coq:8.13.2@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.invoke_per_goid` used but never assigned in __init__: Method `invoke` of class `GoroutineCmd` reads `se", "shortDescription": {"text": "[MINED108] `self.invoke_per_goid` used but never assigned in __init__: Method `invoke` of class `GoroutineCmd` reads `self.invoke_per_goid`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeErro"}, "fullDescription": {"text": "Initialize `self.invoke_per_goid = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC088", "name": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM r", "shortDescription": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "fullDescription": {"text": "Remove the option. If self-signed certs are required, pin via RootCAs."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/734"}, "properties": {"repository": "golang/go", "repoUrl": "https://github.com/golang/go", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 59989, "scanner": "repobility-ast-engine", "fingerprint": "57f44c3990e8c6ce4ce857b02e7d715d9ac7531bb1d16d9ce2ca5e4cabf4a1e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57f44c3990e8c6ce4ce857b02e7d715d9ac7531bb1d16d9ce2ca5e4cabf4a1e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 673}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 59988, "scanner": "repobility-ast-engine", "fingerprint": "b72daa1ba621c98a8ced184fe12879bc6fb7805bebd8fcbe001f196073b5507c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b72daa1ba621c98a8ced184fe12879bc6fb7805bebd8fcbe001f196073b5507c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 445}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 59987, "scanner": "repobility-ast-engine", "fingerprint": "a79c5e4585796aa8b6367eba6bf45a2c76c19d5888913f042e46c1900fbc3bcf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a79c5e4585796aa8b6367eba6bf45a2c76c19d5888913f042e46c1900fbc3bcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 59983, "scanner": "repobility-docker", "fingerprint": "885b6df67c99554d7d02f5ee1ba41a3f549c7abfbaffbc1fad89e624108ffb41", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "coqorg/coq:8.13.2", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|885b6df67c99554d7d02f5ee1ba41a3f549c7abfbaffbc1fad89e624108ffb41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/fips140/nistec/fiat/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR007", "level": "warning", "message": {"text": "Docker build context has no .dockerignore"}, "properties": {"repobilityId": 59982, "scanner": "repobility-docker", "fingerprint": "c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dockerfile exists but repository root has no .dockerignore.", "evidence": {"rule_id": "DKR007", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|c98378cf8c37e4866e89d6ca06a24b7e8c44654aa34e6e4bf1367c4a4c0c5b44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 59981, "scanner": "repobility-docker", "fingerprint": "16a81b40c5b3d9b4055143dc512795a1bc3746027e4d8c7981b27cfe5f9e4c7e", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "$ubuntu:focal", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|16a81b40c5b3d9b4055143dc512795a1bc3746027e4d8c7981b27cfe5f9e4c7e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/boring/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 59948, "scanner": "repobility-threat-engine", "fingerprint": "3825a4406926fcda22fa34531b873ef01b8eee9fddc577f9bbb1f06fd6f82a59", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServe(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3825a4406926fcda22fa34531b873ef01b8eee9fddc577f9bbb1f06fd6f82a59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/net/http/triv.go"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC091", "level": "warning", "message": {"text": "[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0)."}, "properties": {"repobilityId": 59947, "scanner": "repobility-threat-engine", "fingerprint": "443ed0fcea8c5d3fc7acc599985d8a9088d9ff570d27498f42277380812d0671", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "http.ListenAndServe(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC091", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|443ed0fcea8c5d3fc7acc599985d8a9088d9ff570d27498f42277380812d0671"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/net/http/doc.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC089", "level": "warning", "message": {"text": "[SEC089] Go: bind to all interfaces (0.0.0.0): Server binds to all network interfaces \u2014 exposes service beyond intended scope. Ported from gosec G102 (Apache-2.0)."}, "properties": {"repobilityId": 59946, "scanner": "repobility-threat-engine", "fingerprint": "ee6476ed2c22a0060dabd5df63713e21e8afba7b90c12db30f564df9dbb54bd0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".ListenAndServe(\":8080\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC089", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ee6476ed2c22a0060dabd5df63713e21e8afba7b90c12db30f564df9dbb54bd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/net/http/doc.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 59931, "scanner": "repobility-threat-engine", "fingerprint": "6a5213987655eab7829a087e17525afc4fc7bcbb6da2021ce5e8f93d44e7e365", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6a5213987655eab7829a087e17525afc4fc7bcbb6da2021ce5e8f93d44e7e365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/fips140/fips140.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 59930, "scanner": "repobility-threat-engine", "fingerprint": "bbeba95b7fe869cbfd1e07f4ed062ef958e40dd29dc543c071f1a12e13203a9d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bbeba95b7fe869cbfd1e07f4ed062ef958e40dd29dc543c071f1a12e13203a9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/run/run.go"}, "region": {"startLine": 151}}}]}, {"ruleId": "SEC123", "level": "warning", "message": {"text": "[SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals \u2014 sometimes triggers RCE (Django debug page with arbitrary template eval)."}, "properties": {"repobilityId": 59929, "scanner": "repobility-threat-engine", "fingerprint": "088c3860ef771d817d47c5b58b3e9a3ceae4f215e48c443743a239b8dddd088f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Debug = true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC123", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|088c3860ef771d817d47c5b58b3e9a3ceae4f215e48c443743a239b8dddd088f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/doc/pkgsite.go"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 59923, "scanner": "repobility-threat-engine", "fingerprint": "0dca5a0537a7074d7db3e959f31b9836006a80ff943327ca00dcf202460f7635", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "template.HTML(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0dca5a0537a7074d7db3e959f31b9836006a80ff943327ca00dcf202460f7635"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/trace/goroutines.go"}, "region": {"startLine": 232}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 59922, "scanner": "repobility-threat-engine", "fingerprint": "c793bed54164be65b74feb444730ca516b8cb9dd848f6af92e29897a0d19f0ac", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "fmt.Fprintln(bw, edge.CallerName)\n\t\twritten += int64(n)\n\t\tif err != nil {\n\t\t\treturn written, err\n\t\t}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c793bed54164be65b74feb444730ca516b8cb9dd848f6af92e29897a0d19f0ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/internal/pgo/serialize.go"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC112", "level": "warning", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input: Go's `text/template` does no HTML escaping. `template.HTML(x)` marks data as already-safe. Using either with user input = XSS."}, "properties": {"repobilityId": 59921, "scanner": "repobility-threat-engine", "fingerprint": "2963ff3a9845e6c725b18fba868d27146945bd3ada69964a35989d0ee4ff3dca", "category": "xss", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "template.HTML(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2963ff3a9845e6c725b18fba868d27146945bd3ada69964a35989d0ee4ff3dca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cover/html.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 59895, "scanner": "repobility-threat-engine", "fingerprint": "9d2da5b8dd3bfd968d657ef207132c922f5bca451184f03d99a1ea3d2654f2c8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.WriteFile(name+\".c\", stdin, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9d2da5b8dd3bfd968d657ef207132c922f5bca451184f03d99a1ea3d2654f2c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/util.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 59894, "scanner": "repobility-threat-engine", "fingerprint": "7ab90d41ba7e1af1d29af92d1f4ddfa895b0bb65e5143d4ca18009a163e7465b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.MkdirAll(dstRoot, 0777", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7ab90d41ba7e1af1d29af92d1f4ddfa895b0bb65e5143d4ca18009a163e7465b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/cgotest/overlaydir.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC094", "level": "warning", "message": {"text": "[SEC094] Go: world-writable file permissions: File or directory created with world-writable mode (e.g. 0666, 0777). Ported from gosec G301 / G302 / G306 (Apache-2.0)."}, "properties": {"repobilityId": 59893, "scanner": "repobility-threat-engine", "fingerprint": "436f1117e24752b768ebf245e71b532013f96ec57f945667f25a1c1fe3e7e4d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "os.OpenFile(lockName, os.O_CREATE|os.O_RDONLY, 0666", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|436f1117e24752b768ebf245e71b532013f96ec57f945667f25a1c1fe3e7e4d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/ios/go_ios_exec.go"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 59874, "scanner": "repobility-threat-engine", "fingerprint": "15976cb86691da4111e8fd1d0f511e7399153043e8bcf404a0a5a9a8adaba48a", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".Exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|61|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/toolchain/exec.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 59873, "scanner": "repobility-threat-engine", "fingerprint": "f8e59c679690932fb973c00a48aef8e7ec432efb68de18101ea61f5d2271ceaf", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|88|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/imports/build.go"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 59872, "scanner": "repobility-threat-engine", "fingerprint": "216d536c658504e0e60e9781fd3151ad4cab30815a344b9c0268ffc356d72615", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|29|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/gopher.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 59867, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "DKR010", "level": "note", "message": {"text": "Dockerfile leaves apt package indexes in the image layer"}, "properties": {"repobilityId": 59980, "scanner": "repobility-docker", "fingerprint": "5c95d9751eec755230eee66272e03337c383f18bd60b9784d3ed3acce534c908", "category": "docker", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt update/install layer does not remove /var/lib/apt/lists.", "evidence": {"rule_id": "DKR010", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|5c95d9751eec755230eee66272e03337c383f18bd60b9784d3ed3acce534c908"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/boring/Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59978, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbf42d6c6709f3052d461daacac064e82b8c856c0dbda6d28dc9e00542946211", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/ssa/_gen/386Ops.go", "duplicate_line": 28, "correlation_key": "fp|fbf42d6c6709f3052d461daacac064e82b8c856c0dbda6d28dc9e00542946211"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/ssa/_gen/ARM64Ops.go"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59977, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2eec8c20980f81ef76dc9f952a89fbe7394cd093644cb1b7c25cc3e07c46424", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/inline/inl.go", "duplicate_line": 576, "correlation_key": "fp|e2eec8c20980f81ef76dc9f952a89fbe7394cd093644cb1b7c25cc3e07c46424"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/pgoir/irgraph.go"}, "region": {"startLine": 254}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59976, "scanner": "repobility-ai-code-hygiene", "fingerprint": "68cda973ea97bbdb504937483f3f81aef52d3fbaf12ee80dbd93053cd40bdb68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/ir/html.go", "duplicate_line": 109, "correlation_key": "fp|68cda973ea97bbdb504937483f3f81aef52d3fbaf12ee80dbd93053cd40bdb68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/noder/html.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59975, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de87f9eba8957901bf696b28eb4a1dfa975f5a295f965a1da7a6040d7a00ed2b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/mips/ssa.go", "duplicate_line": 2, "correlation_key": "fp|de87f9eba8957901bf696b28eb4a1dfa975f5a295f965a1da7a6040d7a00ed2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/mips64/ssa.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59974, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b09c449fb49b376965f719423c749afa180f64fad8b783fdde5f8debf7cfcc78", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_closure.go", "duplicate_line": 21, "correlation_key": "fp|b09c449fb49b376965f719423c749afa180f64fad8b783fdde5f8debf7cfcc78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_minimal_closure.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59973, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b25213c406f8791ba51515492f720c6793259955f94f80665cd4943855407eef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_minimal_closure.go", "duplicate_line": 10, "correlation_key": "fp|b25213c406f8791ba51515492f720c6793259955f94f80665cd4943855407eef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_minimal_closure.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59972, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0fdfb91e63e0f69c61a036fe2ad1f035561a86f187da90f48fd8ab98a11a4b48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/range_esc_closure.go", "duplicate_line": 1, "correlation_key": "fp|0fdfb91e63e0f69c61a036fe2ad1f035561a86f187da90f48fd8ab98a11a4b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_minimal_closure.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59971, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b98abbb4cc1d1e32df61d92a9798258d7d7cec7caedc36232fd03e961fd388f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_method.go", "duplicate_line": 14, "correlation_key": "fp|2b98abbb4cc1d1e32df61d92a9798258d7d7cec7caedc36232fd03e961fd388f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_method.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59970, "scanner": "repobility-ai-code-hygiene", "fingerprint": "605858889e5bf05773dad24a606c0f62cd84d8a6012829e029d1a810e5602862", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_closure.go", "duplicate_line": 10, "correlation_key": "fp|605858889e5bf05773dad24a606c0f62cd84d8a6012829e029d1a810e5602862"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_closure.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59969, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cb79378ba86d1a3b761a6808e41f88a1938db6663a58c54e619c3c6a6cfca063", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_address.go", "duplicate_line": 10, "correlation_key": "fp|cb79378ba86d1a3b761a6808e41f88a1938db6663a58c54e619c3c6a6cfca063"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/range_esc_address.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59968, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58c6cdf27b60f5d15e5e3c80e3d8390fc2249f41aa567f8889b51b058c574d5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/opt-121.go", "duplicate_line": 1, "correlation_key": "fp|58c6cdf27b60f5d15e5e3c80e3d8390fc2249f41aa567f8889b51b058c574d5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/opt.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59967, "scanner": "repobility-ai-code-hygiene", "fingerprint": "159093a469732dd8f271bd5ccb2ae49b560439ad05a1b1d06d8407fb5c166114", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/opt-121.go", "duplicate_line": 1, "correlation_key": "fp|159093a469732dd8f271bd5ccb2ae49b560439ad05a1b1d06d8407fb5c166114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/opt-122.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59966, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37e3084e333f8086704319500ac77b4b554f94e6ab8c24603d917329c4f77f63", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/loopvar/testdata/for_esc_closure.go", "duplicate_line": 1, "correlation_key": "fp|37e3084e333f8086704319500ac77b4b554f94e6ab8c24603d917329c4f77f63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/loopvar/testdata/for_esc_minimal_closure.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59965, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c7975c5693090650c2bd2cf3767436906903def907f96d9244447f44caedb3e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/inline/inlheur/callsite.go", "duplicate_line": 60, "correlation_key": "fp|4c7975c5693090650c2bd2cf3767436906903def907f96d9244447f44caedb3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/liveness/mergelocals.go"}, "region": {"startLine": 664}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59964, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b53ead660e8d11ec9ca3cbe206f652a17f3186c5b46eec0f8c6d6147895419b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/compile/internal/inline/inlheur/callsite.go", "duplicate_line": 60, "correlation_key": "fp|4b53ead660e8d11ec9ca3cbe206f652a17f3186c5b46eec0f8c6d6147895419b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/ir/reassign_consistency_check.go"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59963, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b4a15c00447fa51edb0b811a4ae406e254c5453f3a11f92b43549bec89aa70f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testsanitizers/testdata/tsan13.go", "duplicate_line": 18, "correlation_key": "fp|3b4a15c00447fa51edb0b811a4ae406e254c5453f3a11f92b43549bec89aa70f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testsanitizers/testdata/tsan9.go"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59962, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3172ec043842bc8e17a3ffb405aa739dc2f38e9f9702ef9b10ded44333c00fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testsanitizers/testdata/msan2.go", "duplicate_line": 1, "correlation_key": "fp|f3172ec043842bc8e17a3ffb405aa739dc2f38e9f9702ef9b10ded44333c00fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testsanitizers/testdata/msan2_cmsan.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59961, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a4b9b2f86fb89a888b1ddd2e921539d708f7646485993af273f044709914ffc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testsanitizers/testdata/asan_unsafe_fail1.go", "duplicate_line": 1, "correlation_key": "fp|3a4b9b2f86fb89a888b1ddd2e921539d708f7646485993af273f044709914ffc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testsanitizers/testdata/asan_unsafe_fail2.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59960, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aae0eeae1129e4de1a8909eb9a75e89b3e8ad69b5ccb070f2a18dfd76c203342", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testplugin/testdata/plugin1/plugin1.go", "duplicate_line": 24, "correlation_key": "fp|aae0eeae1129e4de1a8909eb9a75e89b3e8ad69b5ccb070f2a18dfd76c203342"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testplugin/testdata/plugin2/plugin2.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59959, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1426958e02be2349e2bf047885ac3aa5ff098f2b7e22cb38f0d7ac83070c445f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testlife/testdata/life.go", "duplicate_line": 2, "correlation_key": "fp|1426958e02be2349e2bf047885ac3aa5ff098f2b7e22cb38f0d7ac83070c445f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testplugin/testdata/issue25756/plugin/life.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59958, "scanner": "repobility-ai-code-hygiene", "fingerprint": "00ae02c9fa8afe472ecfe3d3e66c0a47c024babcbf706a78986a171a7e1e6b91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testlife/testdata/c-life.c", "duplicate_line": 1, "correlation_key": "fp|00ae02c9fa8afe472ecfe3d3e66c0a47c024babcbf706a78986a171a7e1e6b91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testplugin/testdata/issue25756/plugin/c-life.c"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59957, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7bec0ae286a9345a1cff0b542d78c116016a516d271cd603fdd7ac394948c09", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testlife/testdata/main.go", "duplicate_line": 6, "correlation_key": "fp|b7bec0ae286a9345a1cff0b542d78c116016a516d271cd603fdd7ac394948c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testplugin/testdata/issue25756/main.go"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59956, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d83f29d2d0b3f0ffdda9f5015527eb5428698f06b5bf2172a8d3100da131488", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/main3.c", "duplicate_line": 74, "correlation_key": "fp|2d83f29d2d0b3f0ffdda9f5015527eb5428698f06b5bf2172a8d3100da131488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/main5.c"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59955, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc5e6d67a02719a03b9bdc67cb76f0c73dfe66c76f8f4ed2d944a323013a3785", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcshared/testdata/main4.c", "duplicate_line": 47, "correlation_key": "fp|cc5e6d67a02719a03b9bdc67cb76f0c73dfe66c76f8f4ed2d944a323013a3785"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/main5.c"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59954, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1e755e379bc3495ff90c4f3eb39c8847922aa416423e4bdbd45967bda5a9a648", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/main3.c", "duplicate_line": 74, "correlation_key": "fp|1e755e379bc3495ff90c4f3eb39c8847922aa416423e4bdbd45967bda5a9a648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/main4.c"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59953, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c306777e946ae2969f4812f73bedb916734686cc907c93abe63072add456c00", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/main2.c", "duplicate_line": 32, "correlation_key": "fp|0c306777e946ae2969f4812f73bedb916734686cc907c93abe63072add456c00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/main4.c"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59952, "scanner": "repobility-ai-code-hygiene", "fingerprint": "62a7c8f56d55a977523dbb9d8cd3922ffdfe627c4fa796f076e8dedbac486915", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/libgo3/libgo3.go", "duplicate_line": 1, "correlation_key": "fp|62a7c8f56d55a977523dbb9d8cd3922ffdfe627c4fa796f076e8dedbac486915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/libgo5/libgo5.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59951, "scanner": "repobility-ai-code-hygiene", "fingerprint": "29ce7c62c8970645c2cb719eb8d9d97d1e66f6f437779163af5e75638883be79", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/libgo2/libgo2.go", "duplicate_line": 15, "correlation_key": "fp|29ce7c62c8970645c2cb719eb8d9d97d1e66f6f437779163af5e75638883be79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/libgo4/libgo4.go"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59950, "scanner": "repobility-ai-code-hygiene", "fingerprint": "88bf5100dddc2239877d14dbd0088fb9247da763c30ce9f2bcd6a2c36fb5019f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/cgo/internal/testcarchive/testdata/libgo/libgo.go", "duplicate_line": 17, "correlation_key": "fp|88bf5100dddc2239877d14dbd0088fb9247da763c30ce9f2bcd6a2c36fb5019f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/testcshared/testdata/libgo/libgo.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 59949, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d11f83b0f489ac8a633df9c2691cdcf0165e9831197bba6336f3e42715a884a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/cmd/asm/internal/arch/arm.go", "duplicate_line": 53, "correlation_key": "fp|2d11f83b0f489ac8a633df9c2691cdcf0165e9831197bba6336f3e42715a884a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/asm/internal/arch/arm64.go"}, "region": {"startLine": 14}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 59907, "scanner": "repobility-threat-engine", "fingerprint": "99e013011173fa3f7aa9e916c45df8e3a49e5eab9300d77dc3f7e1131a682192", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = r.String(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|99e013011173fa3f7aa9e916c45df8e3a49e5eab9300d77dc3f7e1131a682192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/noder/linker.go"}, "region": {"startLine": 126}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 59906, "scanner": "repobility-threat-engine", "fingerprint": "5fb654b872607efeb4b6662f8a3b030cad92bcac41af40e80cfe5361a720f519", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = reflectdata.TypeLinksym(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5fb654b872607efeb4b6662f8a3b030cad92bcac41af40e80cfe5361a720f519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/gc/obj.go"}, "region": {"startLine": 192}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 59905, "scanner": "repobility-threat-engine", "fingerprint": "503ed8255bb6b1b71a59478d5ade7eef8c74883759769a79e200e8bd864f7e30", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = flate.NewWriter(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|503ed8255bb6b1b71a59478d5ade7eef8c74883759769a79e200e8bd864f7e30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/archive/zip/register.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 59886, "scanner": "repobility-threat-engine", "fingerprint": "fb0708485a96bb53a66bd0d3eaf4b768f9e46acdde838a3b6be41f0ee2dda5d8", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"golang.org/fips140@\"+version+\"/LICENSE\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fb0708485a96bb53a66bd0d3eaf4b768f9e46acdde838a3b6be41f0ee2dda5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/fips140/mkzip.go"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 59885, "scanner": "repobility-threat-engine", "fingerprint": "dcc6cb1d09a82f963f9b48b63f674922d1afc62b61891948ef98d72ae9016ef3", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"go_ios_exec-\"+deviceID+\".lock\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dcc6cb1d09a82f963f9b48b63f674922d1afc62b61891948ef98d72ae9016ef3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/ios/go_ios_exec.go"}, "region": {"startLine": 81}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 59884, "scanner": "repobility-threat-engine", "fingerprint": "98f3213c4df82235de904655f7cc5be4930233eafbaf9d35897cfdc19346edc5", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"matched \" + t + \" to: \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|98f3213c4df82235de904655f7cc5be4930233eafbaf9d35897cfdc19346edc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/popup.js"}, "region": {"startLine": 33}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 59979, "scanner": "repobility-docker", "fingerprint": "bdbbf7c0e8a3998b5b8cfa93b8b38cb836bf8748ad531400852ecbf0e6e9a5ad", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$ubuntu:focal", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|bdbbf7c0e8a3998b5b8cfa93b8b38cb836bf8748ad531400852ecbf0e6e9a5ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/boring/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 59945, "scanner": "repobility-threat-engine", "fingerprint": "41916891d159a1e478c9ababb082c1e3f6fad6412891cd087d2b4096ae0d22d0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41916891d159a1e478c9ababb082c1e3f6fad6412891cd087d2b4096ae0d22d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/poll/fd_poll_js.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 59944, "scanner": "repobility-threat-engine", "fingerprint": "393f9968e5d2d55a6e9fa4b6a22220c4658ae99f9add46243f77888ff0c4f0d0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|393f9968e5d2d55a6e9fa4b6a22220c4658ae99f9add46243f77888ff0c4f0d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/ast/print.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED069", "level": "none", "message": {"text": "[MINED069] Debug True Prod: Django/Flask DEBUG=True or app.debug=True in non-test files."}, "properties": {"repobilityId": 59942, "scanner": "repobility-threat-engine", "fingerprint": "d41e29802509474de042f6884d1108a90ff8e0e0cb18136ef405a98b1d086dad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "debug-true-prod", "owasp": "A05:2021", "cwe_ids": ["CWE-489"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348063+00:00", "triaged_in_corpus": 12, "observations_count": 37393, "ai_coder_pattern_id": 17}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d41e29802509474de042f6884d1108a90ff8e0e0cb18136ef405a98b1d086dad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/fips140/fips140.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED004", "level": "none", "message": {"text": "[MINED004] Weak Crypto (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 59941, "scanner": "repobility-threat-engine", "fingerprint": "4737284a5965f8e598ebc3c81c786380f33a2f6209538293791ec5f115f729ab", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4737284a5965f8e598ebc3c81c786380f33a2f6209538293791ec5f115f729ab", "aggregated_count": 20}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 59928, "scanner": "repobility-threat-engine", "fingerprint": "d227e25c90c540376caf7eb465a825b2759437e210c3947eeef7a235a7935a80", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d227e25c90c540376caf7eb465a825b2759437e210c3947eeef7a235a7935a80", "aggregated_count": 6}}}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 59927, "scanner": "repobility-threat-engine", "fingerprint": "bb3503039534e78391bedd5d86e9d87069367114e31810b1e03cad37aebae3fa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb3503039534e78391bedd5d86e9d87069367114e31810b1e03cad37aebae3fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/vcweb/hg.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 59926, "scanner": "repobility-threat-engine", "fingerprint": "c4b7fd9a9ef6b2a505a41fae0459fa212450885756bb3d4ed23405369f8ffa8d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c4b7fd9a9ef6b2a505a41fae0459fa212450885756bb3d4ed23405369f8ffa8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/fips140/fips140.go"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 59925, "scanner": "repobility-threat-engine", "fingerprint": "129b011b6f9e7aa5bd94b099a13a345249964efd2f5ef845a66298094805ce44", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|129b011b6f9e7aa5bd94b099a13a345249964efd2f5ef845a66298094805ce44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/cache/prog.go"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC112", "level": "none", "message": {"text": "[SEC112] Go html/template bypass \u2014 text/template used for HTML output, or template.HTML on user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 59924, "scanner": "repobility-threat-engine", "fingerprint": "c208521a4500955fa32351cf15067f2d13692e70d052cda0e5be466f45a88a5c", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC112", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c208521a4500955fa32351cf15067f2d13692e70d052cda0e5be466f45a88a5c"}}}, {"ruleId": "SEC093", "level": "none", "message": {"text": "[SEC093] Go: exec.Command with non-literal (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 59920, "scanner": "repobility-threat-engine", "fingerprint": "dcfb387b37bbe5453dccabec7873dc45aea9a63f96c13393c452547fa8fbe14e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|dcfb387b37bbe5453dccabec7873dc45aea9a63f96c13393c452547fa8fbe14e"}}}, {"ruleId": "MINED033", "level": "none", "message": {"text": "[MINED033] Go Recover Without Log (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 59916, "scanner": "repobility-threat-engine", "fingerprint": "ca22a55b95865baa8a6444680efc5ea47a19759f4f78042b7119cef7af957b5e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ca22a55b95865baa8a6444680efc5ea47a19759f4f78042b7119cef7af957b5e", "aggregated_count": 10}}}, {"ruleId": "SEC090", "level": "none", "message": {"text": "[SEC090] Go: math/rand used near crypto context (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 59912, "scanner": "repobility-threat-engine", "fingerprint": "6abd2a7cb22888beb43dc230d9fad82ca0e1396437be57760a9d7ff425ee4db9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6abd2a7cb22888beb43dc230d9fad82ca0e1396437be57760a9d7ff425ee4db9"}}}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 38 more): Same pattern found in 38 additional files. Review if needed."}, "properties": {"repobilityId": 59908, "scanner": "repobility-threat-engine", "fingerprint": "8c07d6175cd7d2e77e5fc9020c48f5bcbe6ec1673c92c52de5697a1f1874d904", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 38 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8c07d6175cd7d2e77e5fc9020c48f5bcbe6ec1673c92c52de5697a1f1874d904"}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call (and 343 more): Same pattern found in 343 additional files. Review if needed."}, "properties": {"repobilityId": 59904, "scanner": "repobility-threat-engine", "fingerprint": "ac3d5263ee813ca6819300c34cbef351527bfc30cf6a70ab89ab242587b48e81", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 343 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ac3d5263ee813ca6819300c34cbef351527bfc30cf6a70ab89ab242587b48e81", "aggregated_count": 343}}}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 59903, "scanner": "repobility-threat-engine", "fingerprint": "8672077b0be2b821d279482f877c6881d360ad1600699d22ae19a993ab8920c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8672077b0be2b821d279482f877c6881d360ad1600699d22ae19a993ab8920c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/bytes/reader.go"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 59902, "scanner": "repobility-threat-engine", "fingerprint": "eea7593ba33df78c33415420f084a8832530bb22f96339df248ed2245e5d9f6c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eea7593ba33df78c33415420f084a8832530bb22f96339df248ed2245e5d9f6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/archive/zip/register.go"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED071", "level": "none", "message": {"text": "[MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases."}, "properties": {"repobilityId": 59901, "scanner": "repobility-threat-engine", "fingerprint": "76461f9505daf10e80ecb0d6333d8e626bb4536863a3c60543f31ee869d2f080", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-panic-call", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348067+00:00", "triaged_in_corpus": 12, "observations_count": 29174, "ai_coder_pattern_id": 108}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76461f9505daf10e80ecb0d6333d8e626bb4536863a3c60543f31ee869d2f080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/archive/tar/format.go"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 59900, "scanner": "repobility-threat-engine", "fingerprint": "133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "aggregated_count": 4}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 59899, "scanner": "repobility-threat-engine", "fingerprint": "177d496a6645bc6bb0c1a3591822d178e41ebf015ae9acb31691145f5b688927", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|177d496a6645bc6bb0c1a3591822d178e41ebf015ae9acb31691145f5b688927"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/pprof/pprof.go"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 59898, "scanner": "repobility-threat-engine", "fingerprint": "e121b06e83b13b46c41da66442e63878ee4425ce756016f527ac962cb2a606ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e121b06e83b13b46c41da66442e63878ee4425ce756016f527ac962cb2a606ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/doc/pkgsite.go"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 59897, "scanner": "repobility-threat-engine", "fingerprint": "242b3295c50b79817eeaec242ba67273086217895d805a1c8e6b7234fc46748c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|242b3295c50b79817eeaec242ba67273086217895d805a1c8e6b7234fc46748c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/ios/go_ios_exec.go"}, "region": {"startLine": 305}}}]}, {"ruleId": "SEC094", "level": "none", "message": {"text": "[SEC094] Go: world-writable file permissions (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 59896, "scanner": "repobility-threat-engine", "fingerprint": "23cbbfc56fbfaa67de4cdf4b3393c56326b0dffcf99aa8170b404c660ddfa8d0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC094", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|23cbbfc56fbfaa67de4cdf4b3393c56326b0dffcf99aa8170b404c660ddfa8d0"}}}, {"ruleId": "MINED016", "level": "none", "message": {"text": "[MINED016] Go Error Ignored (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "properties": {"repobilityId": 59892, "scanner": "repobility-threat-engine", "fingerprint": "13a04dcba58fb18931cff0aafbc3d4d2f01e7a768b5e37286cec8b510715c367", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 50 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|13a04dcba58fb18931cff0aafbc3d4d2f01e7a768b5e37286cec8b510715c367", "aggregated_count": 50}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 59888, "scanner": "repobility-threat-engine", "fingerprint": "ab81cdf1578cfbf2742ee6c582407f56df66d62fd2364630df3093c75bed2a5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab81cdf1578cfbf2742ee6c582407f56df66d62fd2364630df3093c75bed2a5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/popup.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC132", "level": "none", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift) (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 59887, "scanner": "repobility-threat-engine", "fingerprint": "5b5429ce103e0212fe1464cb57739bff2520dbc1282d1a7ac9eefe5666813e21", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5b5429ce103e0212fe1464cb57739bff2520dbc1282d1a7ac9eefe5666813e21"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 59883, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 59879, "scanner": "repobility-threat-engine", "fingerprint": "606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 59875, "scanner": "repobility-threat-engine", "fingerprint": "7ad821c68fd7d69c56ceaf843dc975879999279796dea3d5e69af832688addea", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7ad821c68fd7d69c56ceaf843dc975879999279796dea3d5e69af832688addea"}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 59871, "scanner": "repobility-threat-engine", "fingerprint": "43b81e30ecec4542d5b7c1728a77ddf506d2c87684fdce356d7b2b0e14a44049", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|43b81e30ecec4542d5b7c1728a77ddf506d2c87684fdce356d7b2b0e14a44049"}}}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gccgoimporter/testdata/libimportsar.a` committed in source repo: `src/go/internal/gccgoimporter/testdata/libimportsar.a` is a .a binary (9,302 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 60000, "scanner": "repobility-supply-chain", "fingerprint": "1cf51276b490f4a071725d2e796c02e0361fb08bd6a77a37094437b750ee0bb5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1cf51276b490f4a071725d2e796c02e0361fb08bd6a77a37094437b750ee0bb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gccgoimporter/testdata/libimportsar.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.8_5.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.8_5.a` is a .a binary (1,658 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59999, "scanner": "repobility-supply-chain", "fingerprint": "db4c34dad31b223a9c39bf9627fed9af8b72f50dc9cfcb4e1a479bf8adb70688", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|db4c34dad31b223a9c39bf9627fed9af8b72f50dc9cfcb4e1a479bf8adb70688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.8_5.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.11_999b.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.11_999b.a` is a .a binary (2,600 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59998, "scanner": "repobility-supply-chain", "fingerprint": "222c6311c6269ae7e1562dd8f96b700e43859c758c46d819176b9b1fc9716b42", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|222c6311c6269ae7e1562dd8f96b700e43859c758c46d819176b9b1fc9716b42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.11_999b.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.7_0.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.7_0.a` is a .a binary (1,862 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59997, "scanner": "repobility-supply-chain", "fingerprint": "41adeaab9023efde86a8c1f79004f5c123baa0c20fff27a75a3a55c6bf0fceaf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41adeaab9023efde86a8c1f79004f5c123baa0c20fff27a75a3a55c6bf0fceaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.7_0.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.8_4.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.8_4.a` is a .a binary (1,658 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59996, "scanner": "repobility-supply-chain", "fingerprint": "8d3435d9924aa9aba669e02b1a0ef861f8874bb6bd01a207404632b12339121a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8d3435d9924aa9aba669e02b1a0ef861f8874bb6bd01a207404632b12339121a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.8_4.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.11_0i.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.11_0i.a` is a .a binary (2,420 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59995, "scanner": "repobility-supply-chain", "fingerprint": "84c9d4419f8926ffab3228bfeba4d37a23029e7edf82febac76a548302a6ec87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84c9d4419f8926ffab3228bfeba4d37a23029e7edf82febac76a548302a6ec87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.11_0i.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.11_999i.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.11_999i.a` is a .a binary (2,420 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59994, "scanner": "repobility-supply-chain", "fingerprint": "62ab25b45c8d6da9b323d38c2def68405d4d944239103f3ecfdfd9228e3e86e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|62ab25b45c8d6da9b323d38c2def68405d4d944239103f3ecfdfd9228e3e86e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.11_999i.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.7_1.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.7_1.a` is a .a binary (2,316 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59993, "scanner": "repobility-supply-chain", "fingerprint": "c947cc06ed443ed6823465fab041cddd299c89049d46396fefc5290fd19ca2ab", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c947cc06ed443ed6823465fab041cddd299c89049d46396fefc5290fd19ca2ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.7_1.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/go/internal/gcimporter/testdata/versions/test_go1.11_6b.a` committed in source repo: `src/go/internal/gcimporter/testdata/versions/test_go1.11_6b.a` is a .a binary (2,426 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59992, "scanner": "repobility-supply-chain", "fingerprint": "8bc65e62b889f9e35e1572bccb4fc46fd10282f8211140a9db712f0999028845", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8bc65e62b889f9e35e1572bccb4fc46fd10282f8211140a9db712f0999028845"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/internal/gcimporter/testdata/versions/test_go1.11_6b.a"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `src/cmd/objdump/testdata/go116.o` committed in source repo: `src/cmd/objdump/testdata/go116.o` is a .o binary (478 bytes) committed to a repo that otherwise has 10595 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 59991, "scanner": "repobility-supply-chain", "fingerprint": "ec1dd137e3d684a3e34c06b21c86848a2ad88b933faa32fa06af74e6a3e26605", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec1dd137e3d684a3e34c06b21c86848a2ad88b933faa32fa06af74e6a3e26605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/objdump/testdata/go116.o"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `coqorg/coq:8.13.2` not pinned by digest: `FROM coqorg/coq:8.13.2` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 59990, "scanner": "repobility-supply-chain", "fingerprint": "e3ec818ebdc6ff2d533c4415667e271b4a665903c8bc7e36afd97413bb18a0c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3ec818ebdc6ff2d533c4415667e271b4a665903c8bc7e36afd97413bb18a0c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/fips140/nistec/fiat/Dockerfile"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.invoke_per_goid` used but never assigned in __init__: Method `invoke` of class `GoroutineCmd` reads `self.invoke_per_goid`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 59986, "scanner": "repobility-ast-engine", "fingerprint": "cb75350e89647c0d081ab8a57f9e237ef78477e9c0b9828a9c3e570b96c749e5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb75350e89647c0d081ab8a57f9e237ef78477e9c0b9828a9c3e570b96c749e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 635}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.val` used but never assigned in __init__: Method `invoke` of class `GoLenFunc` reads `self.val`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 59985, "scanner": "repobility-ast-engine", "fingerprint": "bf3c6c22d5202255ac66b0c93c0074e5f633499022588d96b8cadddc1896c603", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf3c6c22d5202255ac66b0c93c0074e5f633499022588d96b8cadddc1896c603"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 483}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.len` used but never assigned in __init__: Method `__getitem__` of class `SliceValue` reads `self.len`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 59984, "scanner": "repobility-ast-engine", "fingerprint": "3cae17f8c776d22a2b561ba9f0851f220fe881ff63763ff8cf2294d176b79186", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3cae17f8c776d22a2b561ba9f0851f220fe881ff63763ff8cf2294d176b79186"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/runtime/runtime-gdb.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 59943, "scanner": "repobility-threat-engine", "fingerprint": "6d2694d38901c96b95f583689db49043130158ae0cda7297cc8648d9fb5d9785", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(w io.Writer, fset *token.FileSet, x any, f FieldFilter)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|src/go/ast/print.go|3|print w io.writer fset token.fileset x any f fieldfilter"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/go/ast/print.go"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 59940, "scanner": "repobility-threat-engine", "fingerprint": "65d0d8e66483d7b7c0c5ff390c7ca953c3ee2f1aebaecc0924da7ea6fb4d2da2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65d0d8e66483d7b7c0c5ff390c7ca953c3ee2f1aebaecc0924da7ea6fb4d2da2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/boring/notboring.go"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 59939, "scanner": "repobility-threat-engine", "fingerprint": "0c56d97042db6f6cd496e3d13df718452d87f9d6fbb81a7b667ff8ab67c3e97c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0c56d97042db6f6cd496e3d13df718452d87f9d6fbb81a7b667ff8ab67c3e97c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/internal/boring/hmac.go"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 59938, "scanner": "repobility-threat-engine", "fingerprint": "41dd639b3177357d15e89d301d9fc5cb6104d3be809f40278b927f1cc5d83886", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41dd639b3177357d15e89d301d9fc5cb6104d3be809f40278b927f1cc5d83886"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/crypto/crypto.go"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC005", "level": "error", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 59937, "scanner": "repobility-threat-engine", "fingerprint": "7c2e2499858d4c354f26c0ed6e25b5adbef937c6abbba9e4343c8e4abe2e61e7", "category": "injection", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Command source appears controllable (config/plugin/argv/user input)", "evidence": {"match": "Exec(argv", "reason": "Command source appears controllable (config/plugin/argv/user input)", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|injection|token|33|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/link/internal/ld/execarchive.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 59936, "scanner": "repobility-threat-engine", "fingerprint": "471d9d55dddc26f2b09bcc309577f86f84db6d83416fa0e90c1091e87a7a9b07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|471d9d55dddc26f2b09bcc309577f86f84db6d83416fa0e90c1091e87a7a9b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/pprof/pprof.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 59935, "scanner": "repobility-threat-engine", "fingerprint": "284394706fa01f4b66dc68325fede7ff78f3ae0f9f5f162e59bab438502c80a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|284394706fa01f4b66dc68325fede7ff78f3ae0f9f5f162e59bab438502c80a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/web/http.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC088", "level": "error", "message": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "properties": {"repobilityId": 59934, "scanner": "repobility-threat-engine", "fingerprint": "6a94b9aa294ea8535d532d8e3b761de96d202f6b100ad85ef5d16618ac71815f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "InsecureSkipVerify: true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC088", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6a94b9aa294ea8535d532d8e3b761de96d202f6b100ad85ef5d16618ac71815f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/pprof/pprof.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC088", "level": "error", "message": {"text": "[SEC088] Go: TLS InsecureSkipVerify=true: tls.Config{InsecureSkipVerify:true} disables certificate verification \u2014 MITM risk. Ported from gosec G402 (Apache-2.0)."}, "properties": {"repobilityId": 59933, "scanner": "repobility-threat-engine", "fingerprint": "d09602f2990585b0fec36b623f07a803b4cb1be111824306903a41319c86da9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "InsecureSkipVerify: true", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC088", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d09602f2990585b0fec36b623f07a803b4cb1be111824306903a41319c86da9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/web/http.go"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 59919, "scanner": "repobility-threat-engine", "fingerprint": "ded63d556422f21b8c211f822317cdff6d34aa4a7cacfd0d6e25d827a93418b3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.CommandContext(ctx,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ded63d556422f21b8c211f822317cdff6d34aa4a7cacfd0d6e25d827a93418b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/cache/prog.go"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 59918, "scanner": "repobility-threat-engine", "fingerprint": "b60f3156817c027c074f8074beea6368510e39d5eae2d2f78e685ec0868a425f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.Command(path,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b60f3156817c027c074f8074beea6368510e39d5eae2d2f78e685ec0868a425f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/bug/bug.go"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC093", "level": "error", "message": {"text": "[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) \u2014 variable command name allows command injection. Ported from gosec G204 (Apache-2.0)."}, "properties": {"repobilityId": 59917, "scanner": "repobility-threat-engine", "fingerprint": "798218fd4f59140e662d3d43cc70dcbef5f5ce493a972566938fd31d2e143dd1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec.Command(goTool,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC093", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|798218fd4f59140e662d3d43cc70dcbef5f5ce493a972566938fd31d2e143dd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cover/func.go"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 59915, "scanner": "repobility-threat-engine", "fingerprint": "49ad9995a82b221a575271b8e8c3e26fcca73a7d202fc4d9f99966579179ef3a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|49ad9995a82b221a575271b8e8c3e26fcca73a7d202fc4d9f99966579179ef3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/distpack/pack.go"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 59914, "scanner": "repobility-threat-engine", "fingerprint": "3896a2f9e584a6bdc95c937f7f8508cac80eeae2f4b4dfe5e056c08c39b90fc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3896a2f9e584a6bdc95c937f7f8508cac80eeae2f4b4dfe5e056c08c39b90fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/syntax/syntax.go"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED033", "level": "error", "message": {"text": "[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic."}, "properties": {"repobilityId": 59913, "scanner": "repobility-threat-engine", "fingerprint": "5bebdf7638ee1e46a4816d9aa1ccfbf6446c2c85372d01d640ad1c7d32a11568", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-recover-without-log", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347975+00:00", "triaged_in_corpus": 15, "observations_count": 3808, "ai_coder_pattern_id": 109}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5bebdf7638ee1e46a4816d9aa1ccfbf6446c2c85372d01d640ad1c7d32a11568"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/syntax/dumper.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 59911, "scanner": "repobility-threat-engine", "fingerprint": "1fe35bbeb0606b985c3e35d1adf69cdf994433cc90d99377d52d7430f2a4228a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"sync\"\n\t\"sync/atomic\"\n)\n\n// Work manages a set of work items to be executed in parallel,", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1fe35bbeb0606b985c3e35d1adf69cdf994433cc90d99377d52d7430f2a4228a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/internal/par/work.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 59910, "scanner": "repobility-threat-engine", "fingerprint": "e523601c1472d6c256535c3cb7761a8a1f374ff6fc3e6d908385199d954ea57c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n)\n\n// Opening an exclusive-use file returns an error.\n// The exp", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e523601c1472d6c256535c3cb7761a8a1f374ff6fc3e6d908385199d954ea57c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/lockedfile/lockedfile_plan9.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC090", "level": "error", "message": {"text": "[SEC090] Go: math/rand used near crypto context: math/rand is not cryptographically secure. Use crypto/rand for tokens/keys. Ported from gosec G404 (Apache-2.0)."}, "properties": {"repobilityId": 59909, "scanner": "repobility-threat-engine", "fingerprint": "7ec4faac5d6aacdc3915ae24b8c6cd7c278615e778c299a665d3d2b1c34acf94", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "math/rand\"\n\t\"slices\"\n\t\"sync\"\n\n\t\"cmd/compile/internal/base\"\n\t\"cmd/compile/internal/ir\"\n\t\"cmd/compile/", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC090", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7ec4faac5d6aacdc3915ae24b8c6cd7c278615e778c299a665d3d2b1c34acf94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/compile/internal/gc/compile.go"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 59891, "scanner": "repobility-threat-engine", "fingerprint": "7c64ce2a0f211e7e86ba0110df3f93bc868c31aebaa6c75e2579508ecc363ef7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c64ce2a0f211e7e86ba0110df3f93bc868c31aebaa6c75e2579508ecc363ef7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/cgo/internal/cgotest/overlaydir.go"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 59890, "scanner": "repobility-threat-engine", "fingerprint": "4a119c9179b6cb2286900c058739cdba9b1d5b677b59966070822939d44c40e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a119c9179b6cb2286900c058739cdba9b1d5b677b59966070822939d44c40e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/asm/internal/arch/riscv64.go"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED016", "level": "error", "message": {"text": "[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern."}, "properties": {"repobilityId": 59889, "scanner": "repobility-threat-engine", "fingerprint": "8f8596ecb5ebbec43d0e384ff6c8a40ac9b9cff80767e5054df87356880ad293", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-error-ignored", "owasp": null, "cwe_ids": ["CWE-754"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347935+00:00", "triaged_in_corpus": 15, "observations_count": 83036, "ai_coder_pattern_id": 107}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f8596ecb5ebbec43d0e384ff6c8a40ac9b9cff80767e5054df87356880ad293"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/ios/detect.go"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 59882, "scanner": "repobility-threat-engine", "fingerprint": "9bcffe67b0a46fd230f050e037cdaec9e93f1463541b477d1d1cccc831b3545b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9bcffe67b0a46fd230f050e037cdaec9e93f1463541b477d1d1cccc831b3545b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/web/intercept/intercept.go"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 59881, "scanner": "repobility-threat-engine", "fingerprint": "23865304186e5ad605d3cd3c777cf6ad596963659fba6e01bfd84ec70f45492d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|23865304186e5ad605d3cd3c777cf6ad596963659fba6e01bfd84ec70f45492d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/web/http.go"}, "region": {"startLine": 107}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 59880, "scanner": "repobility-threat-engine", "fingerprint": "a87a9afb5614841c16e70cd27be65596bd6f1df4796fefeebd14a35a7695f223", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a87a9afb5614841c16e70cd27be65596bd6f1df4796fefeebd14a35a7695f223"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/popup.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 59878, "scanner": "repobility-threat-engine", "fingerprint": "94323e1863d0a879a641fdd7c80e6fd24631b3a96f775f793dbe527f795d4b5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|94323e1863d0a879a641fdd7c80e6fd24631b3a96f775f793dbe527f795d4b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/toolchain/switch.go"}, "region": {"startLine": 111}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 59877, "scanner": "repobility-threat-engine", "fingerprint": "d917c6465e9120a1e58bae6509c19af385ec45fe1cea821078795929b962e81f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Exec(exe", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d917c6465e9120a1e58bae6509c19af385ec45fe1cea821078795929b962e81f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/toolchain/exec.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 59876, "scanner": "repobility-threat-engine", "fingerprint": "9443e3323ce7743e464758a49fc563414318caf253f261a228e88d20234ba319", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9443e3323ce7743e464758a49fc563414318caf253f261a228e88d20234ba319"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/gopher.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59870, "scanner": "repobility-threat-engine", "fingerprint": "060b3b66ce226fdd446058f91c135e645c0b943900c3cdd22c1e3b6681d8c67f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "credentialCache.Delete(prefix)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|060b3b66ce226fdd446058f91c135e645c0b943900c3cdd22c1e3b6681d8c67f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/auth/auth.go"}, "region": {"startLine": 175}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59869, "scanner": "repobility-threat-engine", "fingerprint": "c85737cffa571a42039b77cc77813871be94137488b5cef76d87ec7f5ce3fa37", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "chrome.tabs.create({ \"url\": url })", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c85737cffa571a42039b77cc77813871be94137488b5cef76d87ec7f5ce3fa37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/popup.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 59868, "scanner": "repobility-threat-engine", "fingerprint": "90dcd17f3f7545be82ab8f0791d89faf8d90fa088e78e73731e8e754682922c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "chrome.tabs.update(tab.id, { \"url\": url, \"selected\": true });", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|90dcd17f3f7545be82ab8f0791d89faf8d90fa088e78e73731e8e754682922c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "misc/chrome/gophertool/background.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 59932, "scanner": "repobility-threat-engine", "fingerprint": "3883eb1ce2441448a6e995c4444d4628a0d86b68ae9c2eb161c58ac2233f8957", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Require(m", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3883eb1ce2441448a6e995c4444d4628a0d86b68ae9c2eb161c58ac2233f8957"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/cmd/go/internal/mvs/graph.go"}, "region": {"startLine": 60}}}]}]}]}