{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC003", "name": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.", "shortDescription": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "fullDescription": {"text": "Never commit secrets. Use .env files with .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if need", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/415"}, "properties": {"repository": "hashicorp/terraform-provider-aws", "repoUrl": "https://github.com/hashicorp/terraform-provider-aws.git", "branch": "main"}, "results": [{"ruleId": "SEC003", "level": "warning", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key found in source code."}, "properties": {"repobilityId": 16543, "scanner": "repobility-threat-engine", "fingerprint": "0211dafffc8d34ffe4d4e218c0e7e81ec8633d0c01584f732389961116e97ace", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (2.8 bits) \u2014 may be placeholder or common string", "evidence": {"match": "SecretKey                  = \"secret_key\"", "reason": "Low entropy value (2.8 bits) \u2014 may be placeholder or common string", "rule_id": "SEC003", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|names/attr_consts_gen.go|17|secretkey secret_key"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "names/attr_consts_gen.go"}, "region": {"startLine": 178}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16540, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fca73b12374057b4cc06dc70de00d846f668f0a52d106e9071ef9a208edf1280", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/acctest/statecheck/expect_global_arn_format.go", "duplicate_line": 17, "correlation_key": "fp|fca73b12374057b4cc06dc70de00d846f668f0a52d106e9071ef9a208edf1280"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/acctest/statecheck/expect_regional_arn_format.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16539, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c92cf0eee404ecb35bec7429bd9469269e97fa4d7656fa9bc15458453991cdff", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/acctest/statecheck/expect_global_arn_format.go", "duplicate_line": 17, "correlation_key": "fp|c92cf0eee404ecb35bec7429bd9469269e97fa4d7656fa9bc15458453991cdff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/acctest/statecheck/expect_global_arn_no_account_id_format.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16538, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9703ed433be9a6fcdf54358a38e2a32b619fb5c2ce615c9261e114bdf25b30e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/acctest/querycheck/expect_identity_func.go", "duplicate_line": 18, "correlation_key": "fp|a9703ed433be9a6fcdf54358a38e2a32b619fb5c2ce615c9261e114bdf25b30e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/acctest/querycheck/expect_no_identity_func.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16537, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0fc5e171bf79da5f91e33f4fe16bf23b965bce8347ae6b155621bdcaaa15006f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/acctest/knownvalue/regional_hostname_ondotaws_regexp.go", "duplicate_line": 16, "correlation_key": "fp|0fc5e171bf79da5f91e33f4fe16bf23b965bce8347ae6b155621bdcaaa15006f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/acctest/knownvalue/regional_hostname_regexp.go"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16536, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4530874a14cca0d671950740e579262ffbd47f554f1cbaef7ab16db4df613d1b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".ci/semgrep/acctest/errorcheck.go", "duplicate_line": 21, "correlation_key": "fp|4530874a14cca0d671950740e579262ffbd47f554f1cbaef7ab16db4df613d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/semgrep/acctest/precheck.go"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16535, "scanner": "repobility-ai-code-hygiene", "fingerprint": "080acaaac6468958c038a79a097489051e8e703aff7e4e669ce22df9c0cec84a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".ci/semgrep/acctest/context.go", "duplicate_line": 70, "correlation_key": "fp|080acaaac6468958c038a79a097489051e8e703aff7e4e669ce22df9c0cec84a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/semgrep/acctest/paralleltest.go"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16534, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0bef3985117c77bab027f505bbfe6f5f10af18b93906c054a9f3c66862ea4f3c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".ci/providerlint/passes/AWSAT002/AWSAT002.go", "duplicate_line": 15, "correlation_key": "fp|0bef3985117c77bab027f505bbfe6f5f10af18b93906c054a9f3c66862ea4f3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/providerlint/passes/AWSAT006/AWSAT006.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16533, "scanner": "repobility-ai-code-hygiene", "fingerprint": "63343311de86acf1201f0ff4ee389712837d558c9c15ec8b95cf33261239fa1f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".ci/providerlint/passes/AWSAT002/AWSAT002.go", "duplicate_line": 15, "correlation_key": "fp|63343311de86acf1201f0ff4ee389712837d558c9c15ec8b95cf33261239fa1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/providerlint/passes/AWSAT005/AWSAT005.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16532, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d4d76129576bd4dab1b6dcf8e6158d7a2bc65a1580a3648024a7a1eedf8a8fc8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".ci/providerlint/passes/AWSAT002/AWSAT002.go", "duplicate_line": 15, "correlation_key": "fp|d4d76129576bd4dab1b6dcf8e6158d7a2bc65a1580a3648024a7a1eedf8a8fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".ci/providerlint/passes/AWSAT003/AWSAT003.go"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16531, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb04c3db02a22706e29c05348d9e86c72a970b368b799abbb36c46544f74e030", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/service/securityhub/automation_rule_v2.go", "duplicate_line": 220, "correlation_key": "fp|bb04c3db02a22706e29c05348d9e86c72a970b368b799abbb36c46544f74e030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/securityhub/connector_v2.go"}, "region": {"startLine": 187}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16530, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cd66d36a2b2e5efdbd592fa0a7400d1f73d1d97afed68691885403bd44efa272", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/service/securityhub/aggregator_v2.go", "duplicate_line": 9, "correlation_key": "fp|cd66d36a2b2e5efdbd592fa0a7400d1f73d1d97afed68691885403bd44efa272"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/securityhub/connector_v2.go"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16529, "scanner": "repobility-ai-code-hygiene", "fingerprint": "277f0fa88f1368f98bb06a99302246265ac88b9c5e4603a668958ad5ee0f78e3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/service/securityhub/aggregator_v2.go", "duplicate_line": 165, "correlation_key": "fp|277f0fa88f1368f98bb06a99302246265ac88b9c5e4603a668958ad5ee0f78e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/securityhub/automation_rule_v2.go"}, "region": {"startLine": 314}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 16528, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb2949cd9affb575f4d7dfe5bd037bdec570aa23d469e408af5b7209be5303bb", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v0", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|fb2949cd9affb575f4d7dfe5bd037bdec570aa23d469e408af5b7209be5303bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/s3/bucket_lifecycle_configuration_migrate_v0.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 16527, "scanner": "repobility-ai-code-hygiene", "fingerprint": "42f6e9433c24367cc8dd857a108e777376d84522e428ffc85100769885f061fc", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|42f6e9433c24367cc8dd857a108e777376d84522e428ffc85100769885f061fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/ec2/ec2_ami_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 16526, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e77af976012d533d52eb8373f0ac729d28e41c0f07ace1f8dcef52b1f2a46b8", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "updated", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|7e77af976012d533d52eb8373f0ac729d28e41c0f07ace1f8dcef52b1f2a46b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/appsync/test-fixtures/test-code-updated.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 16525, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f0f7eb694673cbd84e2f6b1a8892071f7d071e4e94f9288faced36425855e87b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "update", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|f0f7eb694673cbd84e2f6b1a8892071f7d071e4e94f9288faced36425855e87b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/framework/with_noop_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16523, "scanner": "repobility-ai-code-hygiene", "fingerprint": "542ba326694727b9bd02625e74b74acea5db13f722a258995a97d031615cee68", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v2", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/securityhub/account.go", "correlation_key": "fp|542ba326694727b9bd02625e74b74acea5db13f722a258995a97d031615cee68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/securityhub/account_v2.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16522, "scanner": "repobility-ai-code-hygiene", "fingerprint": "de78ef1532fcccd707254a2467e9a0e0112315c5e7eceea023826bdd35f006c2", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/s3/object.go", "correlation_key": "fp|de78ef1532fcccd707254a2467e9a0e0112315c5e7eceea023826bdd35f006c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/s3/object_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16519, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7ff1463dc662fa43c2596deef74966f37b8c7385ae31f60f08e363bc50f72d06", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/rds/snapshot.go", "correlation_key": "fp|7ff1463dc662fa43c2596deef74966f37b8c7385ae31f60f08e363bc50f72d06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/rds/snapshot_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16518, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1640a4cb3baf7395bc77cbb06ec4033d016c9ff87755e41a480b6ddeff394213", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/rds/cluster_snapshot.go", "correlation_key": "fp|1640a4cb3baf7395bc77cbb06ec4033d016c9ff87755e41a480b6ddeff394213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/rds/cluster_snapshot_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16517, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ef5966e60703d97bba1ce66ae192ca3937745e63015d8c0a46ed85687018cf24", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/ec2/ec2_ami.go", "correlation_key": "fp|ef5966e60703d97bba1ce66ae192ca3937745e63015d8c0a46ed85687018cf24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/ec2/ec2_ami_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16516, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b1295afea9ebe7e47369ff9f11fadd4a4b814321abfac080aeb5b0a332e477e", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/ec2/ebs_volume.go", "correlation_key": "fp|6b1295afea9ebe7e47369ff9f11fadd4a4b814321abfac080aeb5b0a332e477e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/ec2/ebs_volume_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16515, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b2ada6e4527c3033489b592e94275056018ed4579a86811e75674f29b7b206c5", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/ec2/ebs_snapshot.go", "correlation_key": "fp|b2ada6e4527c3033489b592e94275056018ed4579a86811e75674f29b7b206c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/ec2/ebs_snapshot_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 16514, "scanner": "repobility-ai-code-hygiene", "fingerprint": "797b705ef25befab3b24b9813948b527280924eeeacdb3e4e9456c3fb9b97c05", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "updated", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "internal/service/appsync/test-fixtures/test-code.js", "correlation_key": "fp|797b705ef25befab3b24b9813948b527280924eeeacdb3e4e9456c3fb9b97c05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/appsync/test-fixtures/test-code-updated.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16546, "scanner": "repobility-threat-engine", "fingerprint": "3ce8a56a7970e679552ddbe4918be32d985528bebf9006600949b077a300bd69", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strings.Cut(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3ce8a56a7970e679552ddbe4918be32d985528bebf9006600949b077a300bd69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/framework/flex/tags.go"}, "region": {"startLine": 33}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16545, "scanner": "repobility-threat-engine", "fingerprint": "e327b11d1ab3341b0bf633ec5dcd8a3ea25f96fa39f9490a884dee719a6a681d", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = strings.Cut(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e327b11d1ab3341b0bf633ec5dcd8a3ea25f96fa39f9490a884dee719a6a681d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/generate/common/args.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16544, "scanner": "repobility-threat-engine", "fingerprint": "38d635a2475bd35383e46bdb6a571cd0b2ea1cd14808a2a6ea06d4eee5f74a85", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = br.Discard(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|38d635a2475bd35383e46bdb6a571cd0b2ea1cd14808a2a6ea06d4eee5f74a85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/dns/normalize.go"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 16541, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8fb1b79aaa035ee994223a159b088d06cbb1e2f5e958d7b6680edd4a63be430d", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "request", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "internal/service/appsync/test-fixtures/test-code.js", "correlation_key": "fp|8fb1b79aaa035ee994223a159b088d06cbb1e2f5e958d7b6680edd4a63be430d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/appsync/test-fixtures/test-code-updated.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 16524, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dbd02260722167afc89b921bca78a34019ca0d892222e6a6d20e44e3dee5aafb", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|dbd02260722167afc89b921bca78a34019ca0d892222e6a6d20e44e3dee5aafb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/securityhub/aggregator_v2.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 16521, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a03c839e051f8724cea63883f22ab8d5ada5aa73c89bc433d15f2863c7d395a5", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v0", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|a03c839e051f8724cea63883f22ab8d5ada5aa73c89bc433d15f2863c7d395a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/s3/bucket_lifecycle_configuration_migrate_v0.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 16520, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7149b452d7cda8ed5d98314582940906324626e62fdb5c90d3ad93677ac82735", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7149b452d7cda8ed5d98314582940906324626e62fdb5c90d3ad93677ac82735"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/service/redshift/snapshot_copy.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 16513, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7df19489df05ff2cacd996c8cf180c68e05ad25592c2304581d51e93079e31d1", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|7df19489df05ff2cacd996c8cf180c68e05ad25592c2304581d51e93079e31d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/framework/with_noop_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC013", "level": "none", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 16550, "scanner": "repobility-threat-engine", "fingerprint": "75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d", "category": "path_traversal", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|75f22750f5eefefb3a3ce8f933bc32c82dff4c8e9ca3ec94aeac313553cfbd0d"}}}, {"ruleId": "SEC001", "level": "none", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 16542, "scanner": "repobility-threat-engine", "fingerprint": "66325dbb0ec377b6cef5d6b0a4d2b6009428534f7e609a78be714a714f086e42", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "Password                   = \"<redacted>\"", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|names/attr_consts_gen.go|14|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "names/attr_consts_gen.go"}, "region": {"startLine": 141}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 16549, "scanner": "repobility-threat-engine", "fingerprint": "cf87baf911033d045a28f354546bd08bd2639bf4b1369f04c4c25995a45c3e0d", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(ctx context.Context, opts interceptorOptions[ephemeral.OpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|136|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/provider/framework/region.go"}, "region": {"startLine": 136}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 16548, "scanner": "repobility-threat-engine", "fingerprint": "01ab62d6c22dc07cb48a603c205962335b669a3bbce30d36b1c80639b502d3b1", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(context.Context, interceptorOptions[ephemeral.OpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|82|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/provider/framework/intercept.go"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 16547, "scanner": "repobility-threat-engine", "fingerprint": "2c3bb1fd33439ead9c16955b6f1a37da8e40e922e9d822bcb8f7202fa4f7befd", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(ctx context.Context, request ephemeral.OpenRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|307|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/provider/framework/wrap.go"}, "region": {"startLine": 307}}}]}]}]}